VIRY.CZ

Prosim o zkontrolovani bratrova pc.
Nevim co s nim delal ale je strasne zpomaleny. Jakakoliv odezva je delsi jak tri minuty
Dekuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by s at 2017-03-20 14:23:54
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 203 GB (22%) free of 937 GB
Total RAM: 3557 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:24:50, on 20.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elex-tech\YAC\iSafeTray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\dinotify.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\IDT\WDM\beats.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\rundll32.exe
C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe
C:\Program Files\Birdjob\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Firefox\Firefox.exe
C:\Program Files\Birdjob\Application\chrome.exe
C:\Program Files\Birdjob\Application\chrome.exe
C:\Program Files\Birdjob\Application\chrome.exe
C:\Program Files\Birdjob\Application\chrome.exe
C:\Program Files\Birdjob\Application\chrome.exe
C:\Users\s\Downloads\RSIT.exe
C:\Program Files\trend micro\s.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=148 ... S_9VPGB79G
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=148 ... S_9VPGB79G
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=148 ... S_9VPGB79G
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.amisites.com/search/?type=ds ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.amisites.com/search/?type=ds ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=148 ... S_9VPGB79G
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - (no file)
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats.exe
O4 - HKLM\..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKCU\..\Run: [IEService] C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files\amuleCexx\ed2k.exe
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participaçoes Ltda - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 10503 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Traffic Exchange v2 - 1.job - C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe 1 36
C:\Windows\tasks\Traffic Exchange v2 - 2.job - C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe 1 37
C:\Windows\tasks\Traffic Exchange v2 - 3.job - C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe 1 38
C:\Windows\tasks\Traffic Exchange v209 - 1.job - C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe 1 60
C:\Windows\tasks\Traffic Exchange v209 - 2.job - C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe 1 61
C:\Windows\tasks\Traffic Exchange v209 - 3.job - C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe 1 62

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2012-04-24 1433692]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats.exe [2011-08-24 30208]
"InstallerLauncher"=C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe []
"MRT"=C:\Windows\system32\MRT.exe [2016-12-15 133430776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IEService"=C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe [2017-01-13 89600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
C:\Program Files\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe RGB Color]
C:\ProgramData\Adobe\color.vbs [2014-06-30 105]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeatsOSDApp]
C:\Program Files\IDT\WDM\beats.exe [2011-08-24 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2516296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\s\AppData\Roaming\Seznam.cz\szninstall.exe -c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\s\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTAgent.exe [2012-10-23 3108480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseDriver]
C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2013-12-10 2279712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap.dll [2013-12-10 982232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2017-01-19 2881824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2012-04-24 1433692]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2011-12-05 291096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe [2017-02-02 2143936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^kuba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1E4DD366-C5C1-11E6-B012-64006A5CFC35}"=C:\Users\3\AppData\Roaming\Qozokshinack\Chjlyfoduck.dll []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Windows\System32\WScript.exe" "%1" %*
.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1

======List of files/folders created in the last 1 month======

2017-03-20 14:23:55 ----D---- C:\Program Files\trend micro
2017-03-20 14:23:54 ----D---- C:\rsit
2017-03-20 13:19:04 ----D---- C:\ProgramData\SWCUTemp
2017-03-17 11:42:49 ----D---- C:\Program Files\WinSnare(4.3.3)
2017-03-15 17:20:56 ----D---- C:\Users\s\AppData\Roaming\SmartSteamEmu
2017-03-14 16:27:38 ----D---- C:\Users\s\AppData\Roaming\vlc
2017-03-13 08:27:51 ----D---- C:\Users\s\AppData\Roaming\Mount&Blade Warband
2017-03-07 09:54:08 ----D---- C:\Program Files\amulell
2017-03-06 16:02:09 ----D---- C:\Program Files\MK
2017-03-05 19:31:25 ----HD---- C:\$AV_ASW
2017-03-05 19:25:35 ----D---- C:\Users\s\AppData\Roaming\AVAST Software
2017-03-05 18:42:02 ----D---- C:\Program Files\AVAST Software
2017-03-04 18:39:53 ----D---- C:\Program Files\gamesdesktop
2017-03-04 18:36:56 ----D---- C:\Program Files\DiskP
2017-03-03 19:53:31 ----D---- C:\Users\s\AppData\Roaming\gplyra
2017-03-03 19:53:24 ----A---- C:\Users\s\AppData\Roaming\Installer.dat
2017-03-03 19:53:22 ----D---- C:\Program Files\CleanBrowser
2017-03-03 18:07:46 ----D---- C:\Program Files\bce00fed-6ac1-425f-917e-c9908a873bb41488560863
2017-03-03 18:07:34 ----D---- C:\Users\s\AppData\Roaming\Note-UP
2017-03-03 18:06:24 ----D---- C:\Program Files\Zrychleni Pocitace
2017-03-01 23:01:00 ----D---- C:\Program Files\GTA San Andreas
2017-03-01 18:06:45 ----D---- C:\Windows\IObit
2017-03-01 18:06:30 ----D---- C:\Users\s\AppData\Roaming\IObit
2017-03-01 18:05:04 ----D---- C:\ProgramData\vCore
2017-03-01 18:05:03 ----D---- C:\ProgramData\Microleaves
2017-03-01 18:04:54 ----D---- C:\Users\s\AppData\Roaming\win-svc
2017-03-01 18:01:43 ----D---- C:\Users\s\AppData\Roaming\Profiles
2017-03-01 18:01:42 ----D---- C:\Program Files\Prifuly
2017-03-01 18:01:16 ----D---- C:\Users\s\AppData\Roaming\Microleaves
2017-03-01 18:01:16 ----D---- C:\Program Files\reports
2017-03-01 18:01:16 ----A---- C:\Program Files\settings.dat
2017-03-01 15:40:09 ----D---- C:\Program Files\Explorer
2017-03-01 12:03:06 ----D---- C:\Users\s\AppData\Roaming\Kyubey
2017-02-28 13:55:12 ----D---- C:\Program Files\WinSnare(4.1.9)
2017-02-27 04:42:16 ----A---- C:\Windows\system32\drivers\iSafeKrnlBoot.sys
2017-02-24 01:07:01 ----D---- C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3}
2017-02-23 14:41:56 ----D---- C:\ProgramData\Apple
2017-02-23 14:41:52 ----AD---- C:\Program Files\Firefox
2017-02-23 14:41:48 ----D---- C:\Program Files\Birdjob
2017-02-23 12:25:38 ----D---- C:\Users\s\AppData\Roaming\aMule
2017-02-23 12:25:38 ----D---- C:\Program Files\amuleCexx
2017-02-22 13:21:30 ----D---- C:\Program Files\Cheat Engine 6.6
2017-02-22 13:08:09 ----D---- C:\Users\s\AppData\Roaming\The Creative Assembly
2017-02-21 12:34:47 ----D---- C:\Users\s\AppData\Roaming\WinSnare
2017-02-21 12:18:59 ----D---- C:\Users\s\AppData\Roaming\WinSAPSvc
2017-02-21 12:18:53 ----D---- C:\Program Files\MIO
2017-02-21 12:18:47 ----D---- C:\Windows\system32\{9571F033-E27D-48CC-917F-4DC705F1B23A}

======List of files/folders modified in the last 1 month======

2017-03-20 14:23:56 ----D---- C:\Windows\Temp
2017-03-20 14:23:55 ----D---- C:\Program Files
2017-03-20 14:21:49 ----A---- C:\Windows\system32\log.txt
2017-03-20 14:21:31 ----D---- C:\Windows\Prefetch
2017-03-20 14:20:31 ----D---- C:\Program Files\Opera
2017-03-20 14:18:32 ----SHD---- C:\System Volume Information
2017-03-20 13:59:42 ----D---- C:\Windows\System32
2017-03-20 13:59:42 ----D---- C:\Windows\inf
2017-03-20 13:59:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-20 13:55:49 ----D---- C:\Program Files\Hi-Rez Studios
2017-03-20 13:54:57 ----D---- C:\ProgramData\NVIDIA
2017-03-20 13:53:27 ----D---- C:\Windows\system32\config
2017-03-20 13:53:23 ----D---- C:\Windows\winsxs
2017-03-20 13:53:23 ----D---- C:\Windows\Tasks
2017-03-20 13:53:23 ----D---- C:\Windows\system32\wfp
2017-03-20 13:53:23 ----D---- C:\Windows\system32\wbem
2017-03-20 13:53:23 ----D---- C:\Windows\system32\Tasks
2017-03-20 13:53:23 ----D---- C:\Windows\system32\NDF
2017-03-20 13:53:23 ----D---- C:\Windows\system32\Macromed
2017-03-20 13:53:23 ----D---- C:\Windows\system32\DriverStore
2017-03-20 13:53:23 ----D---- C:\Windows\system32\drivers\etc
2017-03-20 13:53:23 ----D---- C:\Windows\system32\catroot2
2017-03-20 13:53:23 ----D---- C:\Windows
2017-03-20 13:53:23 ----AD---- C:\Windows\system32\drivers
2017-03-20 13:53:22 ----SHD---- C:\Windows\Installer
2017-03-20 13:53:22 ----D---- C:\Users\s\AppData\Roaming\uTorrent
2017-03-20 13:53:22 ----D---- C:\Users\s\AppData\Roaming\ProductData
2017-03-20 13:53:02 ----D---- C:\ProgramData\IObit
2017-03-20 13:53:02 ----D---- C:\ProgramData\DAEMON Tools Pro
2017-03-20 13:53:01 ----D---- C:\Program Files\Victotria II
2017-03-20 13:53:01 ----D---- C:\Program Files\Ubisoft
2017-03-20 13:53:01 ----D---- C:\Program Files\TeamSpeak 3 Client
2017-03-20 13:53:01 ----D---- C:\Program Files\TaleWorlds Entertainment
2017-03-20 13:53:00 ----D---- C:\Program Files\SteveHood
2017-03-20 13:53:00 ----D---- C:\Program Files\PhotoFiltre 7
2017-03-20 13:53:00 ----D---- C:\Program Files\Paradox Interactive
2017-03-20 13:53:00 ----D---- C:\Program Files\Minecraft
2017-03-20 13:52:59 ----D---- C:\Program Files\IDT
2017-03-20 13:52:59 ----D---- C:\Program Files\Drowotywervught
2017-03-20 13:52:59 ----D---- C:\Program Files\Common Files\Truecom
2017-03-20 13:52:59 ----D---- C:\Program Files\Common Files\Steam
2017-03-20 13:52:59 ----D---- C:\Program Files\Common Files
2017-03-20 13:52:59 ----D---- C:\Program Files\bilibili
2017-03-20 13:52:59 ----D---- C:\Program Files\BikaQRssReader
2017-03-20 13:52:59 ----D---- C:\Program Files (x86)
2017-03-20 13:52:54 ----D---- C:\Games
2017-03-20 13:52:31 ----D---- C:\Windows\registration
2017-03-20 13:52:08 ----RSD---- C:\Windows\assembly
2017-03-20 13:52:02 ----SD---- C:\Users\s\AppData\Roaming\Microsoft
2017-03-20 13:45:19 ----AHD---- C:\ProgramData
2017-03-20 13:45:15 ----D---- C:\ProgramData\AVAST Software
2017-03-20 13:44:47 ----D---- C:\Program Files\IObit
2017-03-20 13:13:35 ----D---- C:\Users\s\AppData\Roaming\DAEMON Tools Pro
2017-03-20 13:13:33 ----D---- C:\Windows\SoftwareDistribution
2017-03-20 13:13:33 ----D---- C:\Windows\Logs
2017-03-20 13:13:33 ----D---- C:\Windows\debug
2017-03-06 19:07:00 ----D---- C:\Users\s\AppData\Roaming\Adobe
2017-03-05 19:25:25 ----D---- C:\Temp
2017-03-05 18:14:09 ----D---- C:\Users\s\AppData\Roaming\Seznam.cz
2017-03-05 18:13:57 ----D---- C:\Program Files\Seznam.cz
2017-02-28 06:45:58 ----D---- C:\ProgramData\ProductData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2011-12-05 13592]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-03-01 466008]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2016-03-13 242240]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [2016-05-23 227776]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [2016-05-23 97912]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [2016-05-23 45032]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [2016-05-23 73232]
R1 iSafeNetFilter;YAC NDIS Driver; C:\Windows\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 59152]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-01-30 18048]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2011-12-05 347928]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2011-12-05 788248]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2011-09-19 91760]
R3 MEI;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECI.sys [2012-04-11 46080]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2013-11-28 162592]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2013-12-05 34080]
R3 STHDA;@%SystemRoot%\system32\stlang.dll,-10322; C:\Windows\system32\DRIVERS\stwrt.sys [2012-04-24 445952]
S1 httiyrgm;httiyrgm; \??\C:\Windows\system32\drivers\httiyrgm.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-08-29 271360]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BRDriver;BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [2014-08-29 64808]
S3 BRDriver_1_3_3_E02B25FC;BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys [2016-01-30 66824]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 ESEADriver2;ESEADriver2; \??\C:\Users\kuba\AppData\Local\Temp\ESEADriver2.sys []
S3 FairplayKD;FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys []
S3 iSafeKrnlBoot;YAC Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys [2016-05-23 50280]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 t_mouse.sys;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 5120]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 bilibili;bilibili; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ed2kidle;ed2k idle service; C:\Program Files\amuleCexx\ed2k.exe [2017-02-22 238592]
R2 Hecerry;Hecerry; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [2016-09-15 9728]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 423136]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-04-11 128280]
R2 iSafeService;YAC Service; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [2016-08-19 131024]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-04-11 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-04-11 277784]
R2 MSLN;Microsoft Sln Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 14658848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-12-19 664352]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2016-05-29 76152]
R2 STacSV;@%SystemRoot%\system32\stlang.dll,-10122; C:\Program Files\IDT\WDM\STacSV.exe [2012-04-24 299090]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 WinSAPSvc;WinSAPSvc; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 WinSnare;WinSnare; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 Apple_Cfg;Apple Config Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 FirefoxU;Update Service(FirefoxU); C:\Program Files\Firefox\bin\FirefoxUpdate.exe [2017-02-21 155136]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-01 153752]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-08-06 2909472]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-04-11 363800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14 270936]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S3 BEService;BattlEye Service; C:\Program Files\Common Files\BattlEye\BEService.exe [2016-01-23 1056288]
S3 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2016-01-29 363208]
S3 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2014-08-29 477960]
S3 EasyAntiCheat;EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [2017-01-13 395536]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-01 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-31 102912]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe []
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2016-05-15 5741064]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2017-01-19 1464096]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 Saophase;Saophase; C:\ProgramData\\Saophase\\Saophase.exe -f C:\ProgramData\\Saophase\\Saophase.dat -l -a []
S4 Viafresh;Viafresh; C:\ProgramData\\Viafresh\\Viafresh.exe [2015-09-17 441856]

-----------------EOF-----------------

Krasny den Vam preju


Otestujte na virustotal.com C:\ProgramData\Adobe\color.vbs a C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe - pokud uz byly soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte linky (odkazy) s vysledky analyzy.


V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan (Skenovani), pote na Clean (Cisteni)
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

Zdravim a dekuji za pomoc
1cast
https://virustotal.com/en/file/28f18811 ... 490027687/
https://virustotal.com/en/file/8b84ea60 ... 490027814/

Provedte jeste prosim krok s AdwCleanerem a pak se rozhodneme co dal.

Zdravim
Omlouvam se nechtel mi nabehnout pc.Uf konecne se mi to dnes podarilo.

# AdwCleaner v6.044 - Log vytvořen 20/03/2017 v 18:00:11
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-20.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X86)
# Uživatelské jméno : s - KUBA-PC
# Spuštěno z : C:\Users\s\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: Apple_Cfg
[-] Služba smazána: bilibili
[-] Služba smazána: MSLN
[-] Služba smazána: saophase


***** [ Složky ] *****

[-] Složka smazána: C:\Program Files\WinSnare(4.1.9)
[-] Složka smazána: C:\Program Files\WinSnare(4.3.3)
[-] Složka smazána: C:\Users\s\AppData\Local\tuto_monetize_120170124
[-] Složka smazána: C:\Users\s\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
[#] Složka smazána po restartu: C:\Users\s\AppData\Local\\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
[-] Složka smazána: C:\Users\s\AppData\Local\Birdjob
[#] Složka smazána po restartu: C:\Users\s\AppData\Roaming\Elex-tech
[-] Složka smazána: C:\Users\s\AppData\Roaming\Note-up
[-] Složka smazána: C:\Users\s\AppData\Roaming\gplyra
[-] Složka smazána: C:\Users\s\AppData\Roaming\WinSAPSvc
[-] Složka smazána: C:\Users\s\AppData\Roaming\Microleaves
[-] Složka smazána: C:\Users\s\AppData\Roaming\aMule
[-] Složka smazána: C:\Users\s\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\s\AppData\Roaming\win-svc
[#] Složka smazána po restartu: C:\Users\s\AppData\Roaming\Note-UP
[-] Složka smazána: C:\Users\s\AppData\Roaming\Kyubey
[-] Složka smazána: C:\Users\s\AppData\Roaming\Microsoft\Windows\start Menu\Programs\amuleC
[-] Složka smazána: C:\Users\s\Documents\PCSpeedUp
[-] Složka smazána: C:\ProgramData\Microleaves
[-] Složka smazána: C:\ProgramData\vCore
[-] Složka smazána: C:\ProgramData\WINTOOLL
[-] Složka smazána: C:\ProgramData\IObit\ASCDownloader
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Microleaves
[#] Složka smazána po restartu: C:\ProgramData\Application Data\vCore
[#] Složka smazána po restartu: C:\ProgramData\Application Data\WINTOOLL
[#] Složka smazána po restartu: C:\ProgramData\Application Data\IObit\ASCDownloader
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
[#] Složka smazána po restartu: C:\Program Files\Elex-tech
[-] Složka smazána: C:\Program Files\GAMESDESKTOP
[-] Složka smazána: C:\Program Files\Zrychleni Pocitace
[-] Složka smazána: C:\Program Files\CleanBrowser
[#] Složka smazána po restartu: C:\Program Files\Microleaves
[-] Složka smazána: C:\Program Files\DiskP
[-] Složka smazána: C:\Program Files\BikaQRssReader
[-] Složka smazána: C:\Program Files\amuleCexx
[-] Složka smazána: C:\Program Files\Birdjob
[-] Složka smazána: C:\Program Files\bilibili
[-] Složka smazána: C:\Program Files\amulell
[-] Složka smazána: C:\Windows\system32\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Program Files\Firefox
[#] Složka smazána po restartu: C:\Users\s\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Program Files\reports
[-] Složka smazána: C:\Program Files\Explorer
[-] Složka smazána: C:\Users\s\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\s\AppData\Local\Firefox


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\s\Desktop\Aliexpress.URL
[-] Soubor smazán: C:\Users\s\Desktop\Video Box - Download any video online.url
[-] Soubor smazán: C:\TOSTACK
[-] Soubor smazán: C:\Windows\system32\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán: C:\Windows\system32\drivers\iSafeNetFilter.sys
[-] Soubor smazán: C:\Users\s\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\s\AppData\Roaming\InstallationConfiguration.xml
[-] Soubor smazán: C:\Program Files\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\ProgramData\APPLE\APPLE APPLICATION SUPPORT\SUPPORT.DLL


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel\Launch Stainless Steel.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\State of Decay YOSE - Day One Edition\Play State of Decay YOSE - Day One Edition.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Kane & Lynch - Dead Men\Play Kane & Lynch - Dead Men.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hry\The Elder Scrolls V Skyrim\The Elder Scrolls V Skyrim.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hry\Civilization V - Brave New World\Civilization V - Brave New World.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Homefront\Homefront.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk
[-] Zástupce vyléčen: C:\Users\s\AppData\Roaming\Microsoft\Windows\start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\s\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera Internet Browser.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Milimili
[-] Úloha smazána: BikaQ_FetchAndUpgrade_CanBeDel


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnl
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlBoot
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlKit
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlMon
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlR3
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeNetFilter
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\iSafeService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\isafekrnl
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlboot
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlkit
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlmon
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlr3
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\isafenetfilter
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\services\isafeservice
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Elex-tech
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\InterSect Alliance
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1732726701-269562743-775657971-1012\Products\E4DFFE2B890D5484D965ED57EB3B9531
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1732726701-269562743-775657971-1012\Products\3CADD814C61E2C745BEFF4CBBAE0010D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
[-] Data obnovena: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Main [Search Page]
[#] Data obnovena po restartu: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data obnovena: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[#] Data obnovena po restartu: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data obnovena: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[#] Data obnovena po restartu: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[#] Data obnovena po restartu: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data obnovena po restartu: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[#] Data obnovena po restartu: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Klíč smazán: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data obnovena po restartu: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Data obnovena po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amisites.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSnare]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost [WinSnare]
[-] Klíč smazán: HKCU\SOFTWARE\Classes\ChromeHTML


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18683 Bajty] - [20/02/2017 14:31:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [12973 Bajty] - [20/03/2017 18:00:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [17356 Bajty] - [20/02/2017 14:22:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [15487 Bajty] - [20/03/2017 17:38:51]
C:\AdwCleaner\AdwCleaner[S2].txt - [15450 Bajty] - [20/03/2017 17:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [13269 Bajty] ##########

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

Zdravim
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by s (administrator) on KUBA-PC (22-03-2017 14:51:47)
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available Profiles: s)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Tencent Inc.) C:\Users\s\AppData\Local\Temp\hpACE3.tmp\QQBrowser.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Kyubey.exe) C:\Users\s\AppData\Roaming\Kyubey\Kyubey.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
(Microleaves LTD) C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
(Microleaves LTD) C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
(Microleaves LTD) C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
(Microleaves LTD) C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
() C:\Program Files\Firefox\bin\FirefoxUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats.exe
(Microsoft Corporation) C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_25_0_0_127_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1433692 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats.exe [30208 2011-08-24] (Hewlett-Packard )
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1732726701-269562743-775657971-1012\...\Run: [IEService] => C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe [89600 2017-01-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\d98xhjsa: C:\Program Files\Nzsyeradom Monitor\local32spl.dll [283136 2016-12-22] ()
ShellExecuteHooks: No Name - {1E4DD366-C5C1-11E6-B012-64006A5CFC35} - C:\Users\3\AppData\Roaming\Qozokshinack\Chjlyfoduck.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Users\kubaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-20]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
Startup: C:\Users\kubaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2015-12-04]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 85.132.180.62
Tcpip\..\Interfaces\{C59B3122-B807-4B33-8088-306510F3ED4A}: [DhcpNameServer] 85.132.180.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1732726701-269562743-775657971-1012\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=1273&r=2014/03/24&hid=11953858726242532879&lg=EN&cc=CZ&unqvl=50
SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {79B42868-76A4-4D41-A161-DD320FA61180} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-16] (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-16] (Oracle Corporation)
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files\RelevantKnowledge\firefox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-04-11] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-04-11] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\s\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1056288 2016-01-23] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-29] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-29] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [395536 2017-01-13] (EasyAntiCheat Ltd)
R2 FirefoxDL; C:\Users\s\AppData\Local\Temp\hpACE3.tmp\QQBrowser.exe [131640 2017-03-21] (Tencent Inc.) <==== ATTENTION
R2 FirefoxU; C:\Program Files\Firefox\bin\FirefoxUpdate.exe [103936 2017-03-20] () [File not signed]
R2 Hecerry; C:\Program Files\Drowotywervught\cksControls.dll [180736 2016-12-22] () [File not signed]
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [423136 2011-12-08] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-04-11] ()
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-04-11] (Intel Corporation)
R2 Kyubey; C:\Users\s\AppData\Roaming\Kyubey\Kyubey.exe [116736 2017-03-22] (Kyubey.exe) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-06] (IObit)
S3 npggsvc; C:\Windows\system32\GameMon.des [5741064 2016-05-15] (INCA Internet Co., Ltd.)
U2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-05-29] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [299090 2012-04-24] (IDT, Inc.)
S4 Viafresh; C:\ProgramData\\Viafresh\\Viafresh.exe [441856 2015-09-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\s\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-21] (Windows) [File not signed]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2014-08-29] () [File not signed]
S3 BRDriver; C:\ProgramData\BitRaider\BRDriver.sys [64808 2014-08-29] (BitRaider)
S3 BRDriver_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys [66824 2016-01-30] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2016-03-13] (DT Soft Ltd)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2011-12-05] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [347928 2011-12-05] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [788248 2011-12-05] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2014-01-30] () [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2012-04-11] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [12528 2016-11-23] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2014-03-01] (Duplex Secure Ltd.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ESEADriver2; \??\C:\Users\kuba\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 httiyrgm; \??\C:\Windows\system32\drivers\httiyrgm.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U2 WinSnare; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: HpSvc -> no filepath.
NETSVC: GmSvc -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-22 14:51 - 2017-03-22 14:52 - 00018155 _____ C:\Users\s\Desktop\FRST.txt
2017-03-22 14:51 - 2017-03-22 14:51 - 00000000 ____D C:\FRST
2017-03-22 14:50 - 2017-03-22 14:50 - 01766912 _____ (Farbar) C:\Users\s\Desktop\FRST.exe
2017-03-22 14:48 - 2017-03-22 14:48 - 00015327 _____ C:\Users\s\Desktop\LM.bat
2017-03-22 14:40 - 2017-03-22 14:48 - 00029696 _____ C:\Users\s\AppData\Local\MSGBOX.EXE
2017-03-22 14:39 - 2017-03-22 14:41 - 00112640 _____ (forum.viry.cz) C:\Users\s\Desktop\FRSTLauncher.exe
2017-03-22 13:28 - 2017-03-22 13:28 - 00000000 ____D C:\Program Files\Firefox
2017-03-22 13:26 - 2017-03-22 13:26 - 00000000 ____D C:\Program Files\58D26D7E_jumpeasy
2017-03-22 13:26 - 2017-03-22 13:26 - 00000000 ____D C:\Program Files\58D26D6F_jumpeasy
2017-03-22 13:19 - 2017-03-22 13:29 - 00000000 ____D C:\Windows\system32\extensions
2017-03-22 13:19 - 2017-03-22 13:28 - 00001843 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-22 13:19 - 2017-03-22 13:19 - 00000000 ____D C:\Program Files\Bepat
2017-03-22 11:50 - 2017-03-22 11:50 - 00000000 ____D C:\Users\s\AppData\Roaming\Kyubey
2017-03-22 11:41 - 2017-03-22 13:56 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-22 11:41 - 2017-03-22 13:28 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-22 11:41 - 2017-03-22 11:41 - 00000000 ____D C:\Program Files\n1
2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Windows\system32\{82D33A6B-D655-45BA-8E60-AF0661A9601F}
2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Users\s\AppData\Roaming\WinSAPSvc
2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Program Files\d98xhjsa
2017-03-20 18:20 - 2016-05-19 07:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-03-20 17:59 - 2017-02-11 16:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-20 17:59 - 2017-02-11 16:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-20 17:59 - 2017-02-11 16:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-20 17:59 - 2017-02-10 17:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-20 17:59 - 2017-02-10 17:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-20 17:59 - 2017-02-09 17:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-20 17:59 - 2017-02-09 17:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-20 17:59 - 2017-02-09 17:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-20 17:59 - 2017-02-09 17:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-20 17:59 - 2017-02-09 17:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-20 17:59 - 2017-02-09 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-20 17:59 - 2017-02-09 16:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-20 17:59 - 2017-02-09 16:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-20 17:59 - 2017-02-09 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-20 17:59 - 2017-02-09 16:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-20 17:59 - 2017-02-09 16:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-20 17:59 - 2017-02-09 16:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-20 17:59 - 2017-02-09 16:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-20 17:59 - 2017-02-09 16:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-20 17:59 - 2017-02-09 16:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-20 17:59 - 2017-02-09 16:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-20 17:59 - 2017-02-09 16:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-20 17:59 - 2017-02-09 16:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-20 17:59 - 2017-02-09 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-20 17:59 - 2017-02-09 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-20 17:59 - 2017-02-09 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-20 17:59 - 2017-02-06 17:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-20 17:59 - 2017-01-13 18:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-20 17:59 - 2017-01-13 18:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-20 17:59 - 2017-01-11 18:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-20 17:59 - 2017-01-11 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-20 17:59 - 2017-01-06 18:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-20 17:57 - 2017-02-23 00:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-20 17:57 - 2017-02-23 00:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-20 17:57 - 2017-02-18 15:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-20 17:57 - 2017-02-18 15:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-20 17:57 - 2016-12-31 16:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-20 17:57 - 2016-12-31 16:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-20 17:57 - 2016-12-31 16:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-20 17:57 - 2016-12-31 16:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-20 17:57 - 2016-12-31 16:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-20 17:34 - 2017-03-20 17:35 - 04031440 _____ C:\Users\s\Desktop\adwcleaner_6.044.exe
2017-03-20 14:23 - 2017-03-20 14:24 - 00000000 ____D C:\rsit
2017-03-20 14:23 - 2017-03-20 14:24 - 00000000 ____D C:\Program Files\trend micro
2017-03-20 14:23 - 2017-03-20 14:23 - 01222144 _____ C:\Users\s\Downloads\RSITx64(1).exe
2017-03-20 14:23 - 2017-03-20 14:23 - 01107968 _____ C:\Users\s\Downloads\RSIT.exe
2017-03-20 14:22 - 2017-03-20 14:23 - 01222144 _____ C:\Users\s\Downloads\RSITx64.exe
2017-03-20 13:19 - 2017-03-20 13:19 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-16 15:12 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\Documents\Freedom Fighters
2017-03-15 17:20 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\AppData\Roaming\SmartSteamEmu
2017-03-14 16:27 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\AppData\Roaming\vlc
2017-03-13 08:34 - 2017-03-14 17:46 - 00000000 ____D C:\Users\s\Documents\Mount&Blade Warband Savegames
2017-03-13 08:27 - 2017-03-13 21:15 - 00000000 ____D C:\Users\s\Documents\Mount&Blade Warband
2017-03-13 08:27 - 2017-03-13 11:39 - 00000000 ____D C:\Users\s\AppData\Roaming\Mount&Blade Warband
2017-03-12 12:45 - 2017-03-12 12:45 - 00000221 _____ C:\Users\s\Desktop\Mount & Blade Warband.url
2017-03-12 12:44 - 2017-03-12 12:44 - 00000221 _____ C:\Users\s\Desktop\Empire Total War.url
2017-03-11 08:37 - 2017-03-11 08:37 - 00000000 ____D C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vietcong 2
2017-03-06 16:02 - 2017-03-13 09:55 - 00000000 ____D C:\Program Files\MK
2017-03-05 19:31 - 2017-03-05 19:31 - 00000000 ___HD C:\$AV_ASW
2017-03-05 19:25 - 2017-03-05 19:25 - 00000000 ____D C:\Users\s\AppData\Roaming\AVAST Software
2017-03-05 18:42 - 2017-03-05 19:26 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-05 18:38 - 2017-03-20 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-03 19:53 - 2017-03-03 19:53 - 00000334 _____ C:\Users\s\Desktop\Booking.com.url
2017-03-03 18:07 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\bce00fed-6ac1-425f-917e-c9908a873bb41488560863
2017-03-03 18:05 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\AppData\Local\FindIp
2017-03-01 23:15 - 2017-03-01 23:15 - 00000000 ____D C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-03-01 23:01 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\GTA San Andreas
2017-03-01 18:06 - 2017-03-04 16:01 - 00000000 ____D C:\Users\s\AppData\Roaming\IObit
2017-03-01 18:06 - 2017-03-01 18:06 - 00000000 ____D C:\Windows\IObit
2017-03-01 18:01 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\Prifuly
2017-03-01 18:01 - 2017-03-05 20:26 - 00000000 ____D C:\Users\s\AppData\Local\Ugerlygregock
2017-02-26 20:41 - 2017-02-26 20:41 - 00000917 _____ C:\Users\s\Desktop\script – zástupce.lnk
2017-02-26 20:41 - 2017-02-26 20:41 - 00000905 _____ C:\Users\s\Desktop\main.scm – zástupce.lnk
2017-02-26 18:25 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\Documents\GTA San Andreas User Files
2017-02-26 18:25 - 2017-02-26 18:25 - 00000000 ____D C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-24 01:07 - 2017-02-24 01:07 - 00000000 ____D C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3}
2017-02-23 14:41 - 2017-02-23 14:41 - 00000000 ____D C:\ProgramData\Apple
2017-02-22 13:21 - 2017-02-22 13:21 - 00001005 _____ C:\Users\s\Desktop\Cheat Engine.lnk
2017-02-22 13:21 - 2017-02-22 13:21 - 00000000 ____D C:\Users\s\Documents\My Cheat Tables
2017-02-22 13:21 - 2017-02-22 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-02-22 13:21 - 2017-02-22 13:21 - 00000000 ____D C:\Program Files\Cheat Engine 6.6
2017-02-22 13:08 - 2017-03-13 06:58 - 00000000 ____D C:\Users\s\AppData\Roaming\The Creative Assembly
2017-02-21 12:18 - 2017-03-20 13:53 - 00000000 ____D C:\Program Files\MIO
2017-02-21 12:18 - 2017-02-21 12:18 - 00000000 ____D C:\Windows\system32\{9571F033-E27D-48CC-917F-4DC705F1B23A}
2017-02-20 14:20 - 2017-03-20 18:54 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-22 14:52 - 2017-02-16 09:50 - 00000312 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
2017-03-22 14:52 - 2017-02-16 09:50 - 00000312 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
2017-03-22 14:52 - 2017-02-16 09:50 - 00000312 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
2017-03-22 14:52 - 2017-02-16 09:50 - 00000302 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-03-22 14:52 - 2017-01-27 12:47 - 00000302 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-03-22 14:52 - 2017-01-27 12:47 - 00000302 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-03-22 14:44 - 2009-07-14 05:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-22 14:44 - 2009-07-14 05:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-22 14:12 - 2015-12-10 14:34 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-22 14:12 - 2015-12-10 14:34 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-22 14:12 - 2014-01-12 11:11 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-22 13:32 - 2010-11-21 02:16 - 00681234 _____ C:\Windows\system32\perfh005.dat
2017-03-22 13:32 - 2010-11-21 02:16 - 00148068 _____ C:\Windows\system32\perfc005.dat
2017-03-22 13:32 - 2010-11-20 22:01 - 01622020 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-22 13:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-03-22 13:28 - 2016-06-04 17:09 - 00000000 ____D C:\Program Files\Hi-Rez Studios
2017-03-22 13:28 - 2016-05-14 13:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-03-22 13:28 - 2015-12-01 23:36 - 00001848 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-22 13:28 - 2014-01-12 11:10 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-22 13:28 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-22 13:18 - 2009-07-14 05:33 - 00571008 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-22 13:16 - 2015-04-16 02:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-22 13:16 - 2015-04-16 02:26 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-22 13:16 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-22 12:56 - 2014-06-22 22:27 - 00000000 ____D C:\Program Files\Opera
2017-03-22 11:47 - 2017-01-03 23:04 - 00000000 ____D C:\Users\s\AppData\Local\NVIDIA
2017-03-22 11:40 - 2016-12-22 00:55 - 00000000 ____D C:\Program Files\Drowotywervught
2017-03-21 05:59 - 2015-02-27 02:31 - 00000000 ____D C:\ProgramData\ProductData
2017-03-21 05:58 - 2009-07-14 05:53 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-21 05:57 - 2014-04-10 21:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-20 19:19 - 2015-02-01 03:24 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-20 19:19 - 2015-02-01 03:24 - 00000000 ____D C:\Windows\system32\MRT
2017-03-20 19:18 - 2014-04-10 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-20 19:17 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-20 18:06 - 2015-02-27 02:31 - 00000000 ____D C:\ProgramData\IObit
2017-03-20 17:59 - 2017-02-11 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel
2017-03-20 17:59 - 2017-01-27 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Homefront
2017-03-20 17:59 - 2016-12-29 19:55 - 00000956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-20 17:38 - 2017-01-18 17:13 - 00000000 ____D C:\Users\s\AppData\LocalLow\Mozilla
2017-03-20 13:55 - 2017-01-03 23:04 - 00000000 ____D C:\Users\s
2017-03-20 13:53 - 2017-01-26 06:30 - 00000000 ____D C:\Users\s\AppData\Local\Microsoft Windows
2017-03-20 13:53 - 2017-01-08 20:22 - 00000000 ____D C:\Program Files\Victotria II
2017-03-20 13:53 - 2017-01-07 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-03-20 13:53 - 2017-01-07 14:58 - 00000000 ____D C:\Program Files\Minecraft
2017-03-20 13:53 - 2017-01-03 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\ProductData
2017-03-20 13:53 - 2017-01-03 23:12 - 00000000 ____D C:\Users\s\AppData\Roaming\uTorrent
2017-03-20 13:53 - 2017-01-03 22:48 - 00000000 ____D C:\Users\me
2017-03-20 13:53 - 2016-12-08 18:34 - 00000000 ____D C:\Program Files\TaleWorlds Entertainment
2017-03-20 13:53 - 2016-11-03 17:50 - 00000000 ____D C:\Program Files\Paradox Interactive
2017-03-20 13:53 - 2016-08-04 07:34 - 00000000 ____D C:\Program Files\SteveHood
2017-03-20 13:53 - 2016-03-27 12:31 - 00000000 ____D C:\Program Files\Ubisoft
2017-03-20 13:53 - 2016-02-11 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-03-20 13:53 - 2015-12-30 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-03-20 13:53 - 2015-08-01 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM Enemy Within
2017-03-20 13:53 - 2015-07-07 22:16 - 00000000 ____D C:\Program Files\PhotoFiltre 7
2017-03-20 13:53 - 2015-06-04 18:19 - 00000000 ____D C:\Users\kubaa
2017-03-20 13:53 - 2015-04-03 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2017-03-20 13:53 - 2015-02-09 20:26 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-20 13:53 - 2015-02-02 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty 4 - Modern Warfare
2017-03-20 13:53 - 2014-09-17 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-03-20 13:53 - 2014-09-17 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-03-20 13:53 - 2014-09-12 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable III
2017-03-20 13:53 - 2014-06-30 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7554
2017-03-20 13:53 - 2014-01-24 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repacky od tomi2k9
2017-03-20 13:53 - 2014-01-12 13:24 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2017-03-20 13:53 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-20 13:52 - 2016-12-22 00:39 - 00000000 ____D C:\Program Files\Common Files\Truecom
2017-03-20 13:52 - 2014-02-13 21:08 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-03-20 13:52 - 2014-01-12 11:01 - 00000000 ____D C:\Program Files\IDT
2017-03-20 13:52 - 2010-11-21 02:25 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-20 13:52 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)
2017-03-20 13:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2017-03-20 13:45 - 2017-01-12 15:42 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-20 13:45 - 2017-01-12 15:42 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-20 13:45 - 2017-01-03 23:09 - 00000000 ____D C:\Users\s\AppData\Local\Google
2017-03-20 13:45 - 2014-01-12 11:17 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-20 13:44 - 2015-02-27 02:31 - 00000000 ____D C:\Program Files\IObit
2017-03-20 13:13 - 2017-01-03 23:08 - 00000000 ____D C:\Users\s\AppData\Roaming\DAEMON Tools Pro
2017-03-13 08:34 - 2017-01-06 21:38 - 00044018 _____ C:\Program Files\metadata
2017-03-06 19:07 - 2017-01-03 23:08 - 00000000 ____D C:\Users\s\AppData\Roaming\Adobe
2017-03-05 19:25 - 2013-08-19 18:18 - 00000000 ____D C:\Temp
2017-03-05 18:14 - 2017-01-03 23:08 - 00000000 ____D C:\Users\s\AppData\Roaming\Seznam.cz
2017-03-05 18:13 - 2015-05-20 16:02 - 00000000 ____D C:\Program Files\Seznam.cz
2017-02-23 21:06 - 2017-01-03 23:08 - 00001651 _____ C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 13:17 - 2015-12-30 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2017-02-22 06:01 - 2016-09-08 19:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-20 14:33 - 2015-01-30 18:38 - 00001374 __RSH C:\ProgramData\ntuser.pol
2017-02-20 14:30 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-20 14:20 - 2015-12-30 09:45 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-20 00:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing

==================== Files in the root of some directories =======

2017-01-06 21:38 - 2017-03-13 08:34 - 0044018 _____ () C:\Program Files\metadata
2015-12-16 22:27 - 2015-12-16 22:27 - 2360956 _____ () C:\Program Files\Common Files\1xxnaodt.exe
2015-11-26 22:27 - 2015-11-26 22:27 - 3828696 _____ () C:\Program Files\Common Files\2qprdj5r.exe
2015-11-22 09:41 - 2015-11-22 09:42 - 2954093 _____ () C:\Program Files\Common Files\3womdxag.exe
2015-12-19 22:27 - 2015-12-19 22:27 - 2360186 _____ () C:\Program Files\Common Files\3zccem2c.exe
2015-12-01 22:27 - 2015-12-01 22:27 - 3828852 _____ () C:\Program Files\Common Files\44nn0132.exe
2015-12-05 22:27 - 2015-12-05 22:27 - 3797351 _____ () C:\Program Files\Common Files\4buyq1go.exe
2015-12-15 22:27 - 2015-12-15 22:27 - 2357200 _____ () C:\Program Files\Common Files\5inzu34z.exe
2015-12-13 22:27 - 2015-12-13 22:27 - 2658175 _____ () C:\Program Files\Common Files\5zoueghr.exe
2015-12-14 22:27 - 2015-12-14 22:27 - 2344178 _____ () C:\Program Files\Common Files\a4clk2oc.exe
2015-12-21 22:27 - 2015-12-21 22:27 - 2370530 _____ () C:\Program Files\Common Files\a5j3zwi2.exe
2015-12-02 22:27 - 2015-12-02 22:27 - 3796917 _____ () C:\Program Files\Common Files\ak4plgox.exe
2015-11-23 22:27 - 2015-11-23 22:27 - 2830301 _____ () C:\Program Files\Common Files\box245sl.exe
2015-12-12 22:27 - 2015-12-12 22:27 - 2658167 _____ () C:\Program Files\Common Files\ccjjwkjc.exe
2015-10-06 05:34 - 2015-10-06 05:34 - 4875861 _____ () C:\Program Files\Common Files\cwal4sh3.exe
2015-12-04 00:18 - 2015-12-04 00:18 - 3797358 _____ () C:\Program Files\Common Files\dxkrp20l.exe
2015-11-29 22:44 - 2015-11-29 22:44 - 3828691 _____ () C:\Program Files\Common Files\edtopeeq.exe
2015-11-17 22:27 - 2015-11-17 22:27 - 2804975 _____ () C:\Program Files\Common Files\femfic1x.exe
2015-11-19 22:27 - 2015-11-19 22:27 - 2954094 _____ () C:\Program Files\Common Files\fqbgdyeo.exe
2015-12-09 22:27 - 2015-12-09 22:27 - 2666306 _____ () C:\Program Files\Common Files\fzzyt2bh.exe
2015-11-15 22:27 - 2015-11-15 22:27 - 2813314 _____ () C:\Program Files\Common Files\hmh0dy0z.exe
2015-11-22 03:02 - 2015-11-22 03:02 - 2954096 _____ () C:\Program Files\Common Files\i1u2btob.exe
2015-09-20 20:24 - 2015-09-20 20:24 - 4875861 _____ () C:\Program Files\Common Files\i24oo3wc.exe
2015-12-07 22:27 - 2015-12-07 22:27 - 2672328 _____ () C:\Program Files\Common Files\ifl2esnr.exe
2015-11-27 22:45 - 2015-11-27 22:45 - 3828691 _____ () C:\Program Files\Common Files\il01xa0m.exe
2015-12-10 22:27 - 2015-12-10 22:27 - 2658176 _____ () C:\Program Files\Common Files\in0uxazu.exe
2015-11-16 22:27 - 2015-11-16 22:27 - 2811610 _____ () C:\Program Files\Common Files\iw1zjmpz.exe
2015-11-25 22:27 - 2015-11-25 22:27 - 3029488 _____ () C:\Program Files\Common Files\k54sj0z3.exe
2015-12-24 22:27 - 2015-12-24 22:27 - 2280563 _____ () C:\Program Files\Common Files\kpb1vrfk.exe
2015-12-06 22:27 - 2015-12-06 22:27 - 3797353 _____ () C:\Program Files\Common Files\miiyzbya.exe
2015-12-08 22:27 - 2015-12-08 22:27 - 2666308 _____ () C:\Program Files\Common Files\n34r25yh.exe
2015-11-24 22:27 - 2015-11-24 22:27 - 3029495 _____ () C:\Program Files\Common Files\n3keeb2a.exe
2015-12-04 22:27 - 2015-12-04 22:27 - 3797349 _____ () C:\Program Files\Common Files\odfxo124.exe
2015-12-22 23:10 - 2015-12-22 23:10 - 2371566 _____ () C:\Program Files\Common Files\p3es1xpf.exe
2015-12-19 00:50 - 2015-12-19 00:50 - 2361145 _____ () C:\Program Files\Common Files\pasitm4z.exe
2015-12-23 22:28 - 2015-12-23 22:28 - 2401163 _____ () C:\Program Files\Common Files\pc0jthwx.exe
2015-12-20 22:35 - 2015-12-20 22:35 - 2369679 _____ () C:\Program Files\Common Files\pmjuazab.exe
2015-12-11 22:27 - 2015-12-11 22:27 - 2658173 _____ () C:\Program Files\Common Files\q1vg24p3.exe
2015-11-23 00:33 - 2015-11-23 00:33 - 2954095 _____ () C:\Program Files\Common Files\qczf4sn2.exe
2015-12-25 22:55 - 2015-12-25 22:55 - 2284164 _____ () C:\Program Files\Common Files\qjfzthfz.exe
2015-12-19 01:01 - 2015-12-19 01:01 - 2361145 _____ () C:\Program Files\Common Files\tmtgesrj.exe
2015-11-14 22:27 - 2015-11-14 22:27 - 2813323 _____ () C:\Program Files\Common Files\ukyjy3fb.exe
2015-11-21 03:05 - 2015-11-21 03:05 - 2954095 _____ () C:\Program Files\Common Files\um4n1huw.exe
2015-11-30 22:27 - 2015-11-30 22:27 - 3828859 _____ () C:\Program Files\Common Files\vzqvrxtq.exe
2015-11-13 22:27 - 2015-11-13 22:27 - 2813317 _____ () C:\Program Files\Common Files\wz1uh45r.exe
2015-11-28 22:27 - 2015-11-28 22:27 - 3828698 _____ () C:\Program Files\Common Files\xe1jd04g.exe
2015-12-26 22:27 - 2015-12-26 22:27 - 2289402 _____ () C:\Program Files\Common Files\xirvjvof.exe
2015-11-18 22:27 - 2015-11-18 22:27 - 2789085 _____ () C:\Program Files\Common Files\xjwhbx45.exe
2017-03-22 14:40 - 2017-03-22 14:48 - 0029696 _____ () C:\Users\s\AppData\Local\MSGBOX.EXE
2015-12-28 13:39 - 2015-12-28 13:39 - 0270037 _____ () C:\ProgramData\1451306107.bdinstall.bin

Some files in TEMP:
====================
2015-11-08 15:04 - 2015-11-08 15:04 - 25104376 _____ (ArenaNet) C:\Users\kubaa\AppData\Local\Temp\Gw2.exe
2017-01-13 22:42 - 2016-09-15 21:41 - 0037376 _____ (Microsoft) C:\Users\s\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2017-01-13 22:42 - 2016-09-15 21:14 - 0020992 _____ (Microsoft) C:\Users\s\AppData\Local\Temp\HiRezLauncherControls.dll
2017-01-12 14:18 - 2017-01-12 14:18 - 26883792 _____ () C:\Users\s\AppData\Local\Temp\ins4691.tmp.exe
2017-01-13 12:29 - 2017-02-15 13:10 - 26652368 _____ () C:\Users\s\AppData\Local\Temp\inst12.exe
2017-01-06 21:38 - 2017-01-06 21:38 - 1055936 _____ (Adobe) C:\Users\s\AppData\Local\Temp\install_flash_player_13_plugin.exe
2017-01-09 22:55 - 2017-01-09 22:55 - 0145184 _____ (Microsoft Corporation) C:\Users\s\AppData\Local\Temp\ose00001.exe
2017-02-05 16:59 - 2017-02-05 16:59 - 0534528 _____ () C:\Users\s\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
2017-01-05 13:56 - 2017-01-05 13:56 - 0361472 _____ (update) C:\Users\s\AppData\Local\Temp\~ctA550.tmp.dll
2017-01-05 12:50 - 2017-01-05 12:50 - 0361472 _____ (update) C:\Users\s\AppData\Local\Temp\~ctCD58.tmp.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-14 01:02

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by s (22-03-2017 14:52:28)
Running from C:\Users\s\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-01-12 09:40:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1732726701-269562743-775657971-500 - Administrator - Disabled)
Guest (S-1-5-21-1732726701-269562743-775657971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1732726701-269562743-775657971-1002 - Limited - Enabled)
s (S-1-5-21-1732726701-269562743-775657971-1012 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1732726701-269562743-775657971-1012\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aktualizace NVIDIA 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
FEAR (HKLM\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
HiPatch (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
How to Survive - Storm Warning Edition (HKLM\...\How to Survive - Storm Warning Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Cheat Engine 6.6 (HKLM\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6395.0 - IDT)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{852F940A-BE93-4DF9-98E5-6F5FA7AFF3EE}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Medieval II - Total War (HKLM\...\Medieval II - Total War_is1) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 42.0 (x86 cs) (HKLM\...\Mozilla Firefox 42.0 (x86 cs)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need For Speed Hot Pursuit version 1.0.5.0 (HKLM\...\Need For Speed Hot Pursuit_is1) (Version: 1.0.5.0 - Mr DJ)
Need For Speed Most Wanted Black Edition version 1.3.0.0 (HKLM\...\Need For Speed Most Wanted Black Edition_is1) (Version: 1.3.0.0 - Mr DJ)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Opera Stable 43.0.2442.991 (HKLM\...\Opera 43.0.2442.991) (Version: 43.0.2442.991 - Opera Software)
Ovládací panel NVIDIA 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG5100 series (HKLM\...\Registrace uživatele zařízení Canon MG5100 series) (Version: - )
SafeFinder (HKLM\...\{E996E64D-A15F-4D94-AA63-43EEB0E505D8}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Saints Row - The Third (HKLM\...\1430740694_is1) (Version: 2.0.0.4 - GOG.com)
Serif DrawPlus X8 (HKLM\...\{FDD0A667-77A7-4A0D-B8B7-50E332E0FA74}) (Version: 14.0.0.19 - Serif (Europe) Ltd)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sniper Elite 3 (HKLM\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Splinter Cell Conviction version 1.0.0.0 (HKLM\...\Splinter Cell Conviction_is1) (Version: 1.0.0.0 - Mr DJ)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
State of Decay YOSE - Day One Edition (HKLM\...\State of Decay YOSE - Day One Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Stellaris_is1) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls Online (HKLM\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Saboteur (HKLM\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Sims 4 (HKLM\...\The Sims 4_is1) (Version: - )
The Walking Dead Epizody 1-5 verze 1.0 (HKLM\...\{65BE85A8-13BB-4B4A-B1AF-EC6054292C00}_is1) (Version: 1.0 - Telltale Games)
The Walking Dead Season 2 version 1.0 (HKLM\...\The Walking Dead Season 2_is1) (Version: 1.0 - GMT-MAX.ORG) <==== ATTENTION
Tomb Raider GOTY version 1.1.748.0 (HKLM\...\Tomb Raider GOTY_is1) (Version: 1.1.748.0 - Mr DJ)
Traffic Exchange (Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Tropico 5 (HKLM\...\{25FE50A5-A5D4-4438-8D22-7F12E9977067}) (Version: 1.9 - SteveHood)
trotux - Uninstall (HKLM\...\{EFE9A494-A287-4E99-81B0-A8284303BEE3}) (Version: - ) <==== ATTENTION
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateAdmin (HKLM\...\{57FC95C5-B741-469C-8607-B39CEC423824}) (Version: 2.0.2103 - DownloadAdmin) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Warface Launcher (Beta) (HKLM\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSnare (HKLM\...\{DE621DA6-398E-4F4C-BD45-454F0272A7AF}) (Version: 4.1.9 - WinSnare) <==== ATTENTION
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07F007D7-44B5-4EE9-93DF-AB707F8AD8F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {1673290A-FFB2-41B1-9DC8-3259048A3D6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-01] (Google Inc.)
Task: {3424F9BA-A84F-4B2D-ABCA-C59B033E27C8} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {34706D85-BBEA-4C4F-A81E-6B88CF74AAC3} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {44CA2046-3960-4751-B93B-6158A8BF0906} - System32\Tasks\Uninstaller_SkipUac_kuba => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {54D96F59-6092-491A-B021-E294F5D41975} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\kuba\AppData\Roaming\Melesta\CODEXi\Steam" <==== ATTENTION
Task: {64EFB5CA-5CDF-47A9-B710-0CDDB0CF3575} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {6B1156DF-0882-410E-B159-A2D7D59F7F75} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {79507F5C-331D-47B7-9DDD-B4992845AD2B} - System32\Tasks\mcleaner => C:\Users\kuba\AppData\Roaming\CEA8.tmp.exe <==== ATTENTION
Task: {A0A0B2E4-C725-4FDE-9E96-8477C3E08D89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-01] (Google Inc.)
Task: {A3700F35-4D33-4E36-B8E9-1F50786A7BA3} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {A4BF0AEE-74B6-4D0E-8B2F-B27FA5EB161A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-22] (Adobe Systems Incorporated)
Task: {C5857DB7-13F4-4325-B361-7A3AB30FC350} - System32\Tasks\ComputerZLite => C:\Program Files\LdsLite\LdsLite.exe <==== ATTENTION
Task: {C7294865-ADB3-49DB-9734-CE2A0A94DCE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C8A7D18C-47AB-42C4-993B-1DA77BF4407A} - System32\Tasks\Clajely Host => C:\Program Files\Drowotywervught\shuherk.exe [2016-12-22] (Glarysoft Ltd)
Task: {C951F9AA-12FC-441D-A1ED-854DDA475224} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2017-03-22] ()
Task: {CC22BD35-267B-4439-A28D-C1923556F45C} - System32\Tasks\j51abpvc => C:\Program Files\Common Files\w2ecjrr2\550eeab1wabfi.exe <==== ATTENTION
Task: {D2501168-6CE2-4C49-A2F2-A28EAA08088C} - \downloacyi -> No File <==== ATTENTION
Task: {D9D40B84-9EE9-4392-9201-2058C43FB767} - System32\Tasks\2fmnhjgx => C:\Program Files\Common Files\conpe5wq\9a14123gtm2o0.exe <==== ATTENTION
Task: {DF6B2F93-1B55-4220-8A47-C8AEB3042D03} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {E01AB26A-B7CD-4475-A405-E6B5AA46B23C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-22] (Adobe Systems Incorporated)
Task: {E0723D5F-2D98-42C2-BB95-01284CB5C9E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {E3CF25F6-052F-4FD2-AC82-6A72A4A87F50} - System32\Tasks\Opera scheduled Autoupdate 1403472431 => C:\Program Files\Opera\launcher.exe [2017-02-20] (Opera Software)
Task: {E72BB526-C224-4204-B13E-B8D4BE4BBD00} - System32\Tasks\yuv4ciiq => C:\Program Files\Common Files\51dvgjxr\c1c50jpdgke4x.exe <==== ATTENTION
Task: {FCCD97CE-2C77-4A80-B458-DD72F655C26D} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2017-02-07 14:40 - 2016-05-23 03:37 - 00065696 ____N () C:\Program Files\Elex-tech\YAC\zlib1.dll
2016-12-22 00:55 - 2016-12-22 00:55 - 00283136 ____H () C:\Program Files\Nzsyeradom Monitor\local32spl.dll
2017-03-22 11:40 - 2017-03-21 11:01 - 00112128 _____ () C:\Users\s\AppData\Local\Temp\hpACE3.tmp\QQBrowserFrame.dll
2016-12-22 00:55 - 2016-12-22 00:55 - 00180736 _____ () c:\program files\drowotywervught\ckscontrols.dll
2014-02-16 09:18 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-01-12 11:07 - 2012-04-11 05:10 - 00128280 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-01-19 15:50 - 2016-05-29 11:08 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-03-22 13:28 - 2017-03-20 09:42 - 00103936 _____ () C:\Program Files\Firefox\bin\FirefoxUpdate.exe
2014-01-12 11:28 - 2013-12-19 19:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-02-07 14:40 - 2016-05-23 03:37 - 00179200 ____N () C:\Program Files\Elex-tech\YAC\libpng.dll
2016-03-13 13:56 - 2016-03-13 13:56 - 00002560 _____ () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
2014-01-12 11:07 - 2012-04-11 05:13 - 01198872 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [346]
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x86.sys [68562]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1176354]
AlternateDataStreams: C:\Users\3:Heroes & Generals [38]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [346]
AlternateDataStreams: C:\Users\3\AppData\Roaming:NT2 [346]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [346]
AlternateDataStreams: C:\ProgramData\Data aplikací:NT [40]
AlternateDataStreams: C:\ProgramData\Data aplikací:NT2 [346]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-12-22 00:44 - 00000959 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 .psf
0.0.0.0 psf
127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1732726701-269562743-775657971-1012\Control Panel\Desktop\\Wallpaper -> C:\Users\s\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 85.132.180.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^kuba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
MSCONFIG\startupreg: 4StoryPrePatch => C:\Program Files\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
MSCONFIG\startupreg: Adobe RGB Color => C:\ProgramData\Adobe\color.vbs
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: cz.seznam.software.autoupdate => "C:\Users\s\AppData\Roaming\Seznam.cz\szninstall.exe" -c
MSCONFIG\startupreg: cz.seznam.software.szndesktop => "C:\Users\s\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MouseDriver => TiltWheelMouse.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: seznam-listicka-distribuce => "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{74449505-4E67-4A2F-BB6A-F8C074D39A73}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FCE62D27-D9C5-4951-AAC9-FAF2FBFA0B83}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{321EDBF0-966E-4645-AEA9-D7FBD875FF6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C7A582B-F76F-4E0D-AB9F-A835C0613442}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{88F8F296-0C0D-4231-A807-DB81CEBC39A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD22B655-345C-4A68-8426-41AB111B6941}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2ACC8132-595E-428F-A3C2-B30E6F7978AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3E22AFCD-7CD1-4CC6-AD4B-EEA642272C98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D22184C-0F00-4155-B25C-ED0F4D44BC61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3956772A-24CE-408B-BE42-F2D7939E8C32}C:\program files\call of duty - world at war\codwaw.exe] => (Block) C:\program files\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{0F191F7D-1AE9-46DD-8E60-08D3F260A126}C:\program files\call of duty - world at war\codwaw.exe] => (Block) C:\program files\call of duty - world at war\codwaw.exe
FirewallRules: [TCP Query User{CC29DA9D-F351-49FF-B7C2-B1406493130D}C:\program files\call of duty - world at war\codwaw.exe] => (Block) C:\program files\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{1173410C-8F37-46DB-B1F6-D4900C18CF9A}C:\program files\call of duty - world at war\codwaw.exe] => (Block) C:\program files\call of duty - world at war\codwaw.exe
FirewallRules: [{9EE945E8-95F8-4E2D-93B9-F877DD284896}] => (Allow) LPort=80
FirewallRules: [{0EA2047A-AC15-41F8-ADF0-1D24A3CA88FC}] => (Allow) LPort=443
FirewallRules: [{27480D6D-F796-4881-8E12-0FC027A1DEFE}] => (Allow) LPort=20010
FirewallRules: [{A440F035-5910-4FB8-B9B2-B8394A0C4B5D}] => (Allow) LPort=3478
FirewallRules: [{8F956054-649B-4B5E-A5F4-6927E498128E}] => (Allow) LPort=7850
FirewallRules: [{6663A261-E40D-4855-89BD-7FAA32A7FF6E}] => (Allow) LPort=7852
FirewallRules: [{56320A42-A64A-4DAC-AC5C-C71B969B1D72}] => (Allow) LPort=7853
FirewallRules: [{034C959B-9AD1-4A36-A392-46C94287A865}] => (Allow) LPort=27022
FirewallRules: [{5D44D053-7055-49E1-8518-FF17567EFFDB}] => (Allow) LPort=6881
FirewallRules: [{A9DFAD9F-C654-4C86-A7BC-5839D6D516C8}] => (Allow) LPort=33333
FirewallRules: [{00DC5F49-6AF9-4978-9F9D-FDCEB327C12B}] => (Allow) LPort=20443
FirewallRules: [{512B0444-B1BD-4326-B3FB-231833F077C3}] => (Allow) LPort=8090
FirewallRules: [{8B85F6F7-A48A-40D6-8E56-2F6D77E652D6}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{0007119E-8B14-4F99-BCD5-489060108CDA}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{6F6301F4-78A2-4BA7-8A7D-A9639EA3B735}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{AB36C587-B153-47CB-973C-9FBEFAD22BF9}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{D4230777-A227-4D0A-BE21-788B39250A17}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{59BFC6A3-A4F0-4928-8CCC-2BE63AD51214}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A8D357AD-6C45-4774-A678-618D8B0DA13E}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{E38C99E0-8F3A-44BF-BDEF-3D5FA5734BA7}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{050528B6-9624-4A77-A46E-37CDE1722C8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{86FA192D-418C-4548-A8CF-1E6DA38728C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{193E5A9F-F55D-4051-A80D-C7112E91FBA8}] => (Allow) LPort=56290
FirewallRules: [{4C7E3B38-272A-4371-A2F6-173452C17158}] => (Allow) LPort=56290
FirewallRules: [{CAE30620-98C0-4A0D-A47D-D778D4DB0DD4}] => (Allow) LPort=56290
FirewallRules: [{DEB3AFEB-B09E-4472-8C36-C15B3D79CA3A}] => (Allow) LPort=56290
FirewallRules: [TCP Query User{51A5E0DB-A4F2-4ED4-9AAB-E308119101D7}C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{0E1A0B48-0043-4C10-B27D-CFBBE9999CAF}C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{ED7415FF-DF0B-48E8-BBD5-D835A683A671}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0B867C4B-43A7-46F9-838C-85B79E524359}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4CFE82CD-6CFE-47C7-A9EC-4A88AA7ED080}] => (Allow) C:\Program Files\Sierra\FEAR\FEAR.exe
FirewallRules: [{7156EB73-AC6E-49AA-BE1C-323C5ADF6BC5}] => (Allow) C:\Program Files\Sierra\FEAR\FEAR.exe
FirewallRules: [{7DD1C79E-DE91-4B3A-99BE-F6EFB3C93575}] => (Allow) C:\Program Files\Sierra\FEAR\FEARMP.exe
FirewallRules: [{32828ED9-BEA4-41B2-B32C-58956ECD015C}] => (Allow) C:\Program Files\Sierra\FEAR\FEARMP.exe
FirewallRules: [{B2A221D3-CD4F-462D-B188-011F2FBA6CDC}] => (Allow) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{0D3506B0-3073-499A-9FED-BE3289E90252}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B572848-B0FD-429B-AF33-D2C391617252}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3E39F3AB-13D3-498B-8DF9-48850F8EF666}] => (Allow) C:\Users\3\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{A9A2355C-4588-46E6-A77F-C7D7AD8CF948}] => (Allow) C:\Users\3\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{0E801571-0F52-4715-8ECA-502618E87978}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{513C8BDE-8D0C-4AEC-83BA-C403496C8CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{D51EE150-563C-4680-A7F6-E31F3E7D948E}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6FEDEE53-6F3D-43D5-89AC-0A07E5208D6D}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D81B87BE-13D9-42CB-8784-115E9EF59E7A}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{14659358-F18B-4AA2-94D3-D5F1CAAE2583}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{8AFE9B71-487C-419C-9073-EB8302E4E632}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{05936A38-7D4F-4F2B-A1BF-953E995729DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C1CCE121-9EF3-41FA-A040-624A7B353D4A}] => (Allow) C:\Program Files\Mr DJ\Crusader Kings II\CK2game.exe
FirewallRules: [{B62F6250-C2A4-4B25-93BA-22AF69F0CBFB}] => (Allow) C:\Program Files\Mr DJ\Crusader Kings II\CK2game.exe
FirewallRules: [{89D50E75-2F4B-43B3-A4A0-CA726CC8FE93}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC1E8992-9752-4255-9233-05875B1ADF03}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{FCA94500-EE88-47C5-877F-3210CBD940D8}] => (Allow) C:\Program Files\Mr DJ\Deus Ex Human Revolution Directors Cut\DXHRDC.exe
FirewallRules: [{F1E1154C-F5D6-4F46-BE93-EFDEDC9DA512}] => (Allow) C:\Program Files\Mr DJ\Deus Ex Human Revolution Directors Cut\DXHRDC.exe
FirewallRules: [{0E9B5110-F583-4CBF-8864-C470DC1AEDD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{E98D7951-52C4-4FA2-AE81-EDE87F28E696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{0917399B-AD5B-49A5-98E1-9DFA20996FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{A118A8E0-6679-489B-BE29-52CA739CA31C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{358CF433-BF02-4CFC-A18F-F4FABDE1A9B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VillagersAndHeroes\AMysticalLandSAC\VillagersAndHeroes.exe
FirewallRules: [{C69D3390-6E30-457F-AD8C-743AB2847EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VillagersAndHeroes\AMysticalLandSAC\VillagersAndHeroes.exe
FirewallRules: [{556B1637-A9B4-4CC5-BFE1-F24425277224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{C4A9BD8E-FAEF-438B-A0BD-9B83103C88CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{8C3DFDF1-86E3-4977-B866-4F7BE0FC6748}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{567A6DAB-E3CE-4AFE-ADAA-051296FCAE3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{81579E67-FD5D-456A-A3E8-EC55ED37D884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{86D1451D-197C-43DD-A52F-D2367D9FBAC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D9832B6B-1191-4038-904F-5B1BC1464169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{20E74C9B-3818-4F8D-96AC-C356ECD0BEFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [TCP Query User{869D2670-716D-4FE3-869E-E54F85FE9A62}C:\program files\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe] => (Allow) C:\program files\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{582A6BBC-180A-4553-9DBA-BA272FE6674F}C:\program files\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe] => (Allow) C:\program files\bethesda softworks\dishonored - game of the year edition\binaries\win32\dishonored.exe
FirewallRules: [{362CD370-8231-48C9-A5F5-0DAC8CFC894F}] => (Allow) C:\Program Files\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{F887B2C6-B74C-40B9-94B2-B7789DB365DA}] => (Allow) C:\Program Files\Mr DJ\Need For Speed Hot Pursuit\NFS11.exe
FirewallRules: [{369341E8-11E1-478C-A9BF-7371FD73A88B}] => (Allow) C:\Program Files\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [{E3B3C42C-2E0B-4012-A042-04984D998567}] => (Allow) C:\Program Files\Mr DJ\Need For Speed Hot Pursuit\ConfigTool.exe
FirewallRules: [{DAA67301-27D4-404D-93A3-737D85CA43D9}] => (Allow) C:\Program Files\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{332F0FD4-4CB6-4E1F-9D55-3DEE72788573}] => (Allow) C:\Program Files\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{E698C08B-648D-4A6B-A064-BBD1302BE43F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A148C8AE-7C84-4C7F-A3C9-98B8D6183C8B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F98BD3F-6AAF-407D-A249-F12D30B3878C}] => (Allow) C:\Users\3\AppData\Local\Temp\00025054\inst_buychannel_07.exe
FirewallRules: [{246A24D5-D84C-4F62-9BDF-9FED533C48AB}] => (Allow) C:\Users\3\AppData\Local\Temp\00025054\inst_buychannel_07.exe
FirewallRules: [{08AB898D-B442-4A3C-87F6-71636DA161CE}] => (Allow) C:\Program Files\LuDaShi\Utils\Down.exe
FirewallRules: [{A8E058E0-4A19-4401-8349-DF564A5ED0CA}] => (Allow) C:\Program Files\LuDaShi\Utils\Down.exe
FirewallRules: [{63AC0553-46FA-4AF5-9189-482D5B8A78FE}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{AD96D9C0-4421-41D3-BE48-DBECDCC5DACF}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{654EDC0D-A850-49AF-B807-240BA889C2B0}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{AD47F883-E7D9-48A6-B4B9-175EA7BF2DDB}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{FFB34406-DF61-4272-A175-424ACD70C9C6}] => (Allow) C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{08B9BEF6-2EEB-4779-839C-46EEF484B20E}] => (Allow) C:\Program Files\LuDaShi\softmgr\SoftMgrInst.exe
FirewallRules: [{CEED008C-B4FD-46AD-ADCF-32AE3F4DEA8E}] => (Allow) C:\Program Files\LuDaShi\softmgr\SoftMgrInst.exe
FirewallRules: [{636E9636-26B5-45B6-B464-484148B52755}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\360se.exe
FirewallRules: [{D20754EC-A6CA-4614-A21A-8E16FFDB335E}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\360se.exe
FirewallRules: [{7E6D9E1D-01E1-415E-9C47-D8E7A6E1D07D}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\7.1.1.601\installer\seup.exe
FirewallRules: [{75872E73-5F5A-4F4B-949A-CF1CEA751A5B}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\7.1.1.601\installer\seup.exe
FirewallRules: [TCP Query User{62F488BE-ED3E-4E60-A3E2-100B20583926}C:\gog games\saints row 3\saintsrowthethird_dx11.exe] => (Block) C:\gog games\saints row 3\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{EB815391-62A2-4525-BEFE-AAF0772C91EC}C:\gog games\saints row 3\saintsrowthethird_dx11.exe] => (Block) C:\gog games\saints row 3\saintsrowthethird_dx11.exe
FirewallRules: [{FAF0BC01-7B48-41A5-8BB2-25EFE1A6B948}] => (Allow) C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27071B0C-2EE1-4790-A92B-176391172FA5}] => (Allow) C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D0C375F1-0F4A-45DD-A6A6-375F40FA424D}] => (Allow) C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40C1F99E-60A8-4670-A678-7AC9EB1CF48F}] => (Allow) C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5AA127B8-6E8C-4E53-A869-500FDDC7D393}] => (Allow) C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{93F1CE5B-7E26-46FC-87B9-12A56575BEC8}] => (Allow) C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9783DCB3-287F-40F9-BBB0-A6CBF8A02A8D}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0B676C1E-634B-451B-AB48-311362082B60}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F14BFCF6-E5E0-494E-A4A1-7FF79D3D4C1C}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
FirewallRules: [UDP Query User{D607BE8F-4DD5-45C3-8284-BC4869D16826}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
FirewallRules: [{27F7F50E-AE21-4C49-8B1E-1C32D13846A6}] => (Allow) C:\Program Files\Mr DJ\Splinter Cell Conviction\play-TCSCC.exe
FirewallRules: [{27250E11-B1CE-4740-A46F-6C9073F85D21}] => (Allow) C:\Program Files\Mr DJ\Splinter Cell Conviction\play-TCSCC.exe
FirewallRules: [TCP Query User{DF7CB311-D32C-4C40-A280-DCC58F346641}C:\program files\mr dj\splinter cell conviction\src\system\conviction_game.exe] => (Block) C:\program files\mr dj\splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [UDP Query User{1481AB86-9B10-4D53-AA10-20CDFD2C537A}C:\program files\mr dj\splinter cell conviction\src\system\conviction_game.exe] => (Block) C:\program files\mr dj\splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [{BE709FDC-B629-42CE-AE04-2D5CB314947E}] => (Allow) C:\Program Files\Mr DJ\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{A9B3D357-1119-4FD7-AF36-FBB28B8E7EE1}] => (Allow) C:\Program Files\Mr DJ\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [TCP Query User{A8285C46-40DE-4BC5-80EF-919DD7B0C948}C:\program files\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files\r.g. mechanics\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{217F9626-738C-4BF2-972E-E31B97EC87F5}C:\program files\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files\r.g. mechanics\far cry 3\bin\farcry3.exe
FirewallRules: [{FBDEF342-CB7A-4B2F-B51A-860ED9E1642C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{7C59109E-9880-4F16-9346-FF51A08C7C9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{9521B69C-19B4-4F66-B20A-F1DC25643F03}] => (Allow) C:\Games\Homefront\Binaries\HOMEFRONT.exe
FirewallRules: [{544D91C6-6EBC-416E-A201-9C0EE73DC921}] => (Allow) C:\Games\Homefront\Binaries\HOMEFRONT.exe
FirewallRules: [{27A5A574-0005-4A20-AC0A-90F8E6D76416}] => (Allow) C:\Program Files\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{44392E1D-F9C4-4823-A216-6A196B22A600}] => (Allow) C:\Program Files\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{4E24A76F-C8AB-459D-8274-0927F87F0896}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{BAC7A4E1-C547-4BE2-AA4C-7C78D1B1CD87}] => (Allow) C:\Program Files\Opera\43.0.2442.806\opera.exe
FirewallRules: [{949309F8-0EE0-46B6-AD0B-087963D4F824}] => (Allow) C:\Program Files\MIO\loader\st31000524as_9vpgb79g.exe
FirewallRules: [{B0818C44-5A4C-4D2A-9C83-9C072665A9B0}] => (Allow) C:\Program Files\MIO\loader\st31000524as_9vpgb79g.exe
FirewallRules: [{8C39AA90-3E4C-4949-B7CB-07D42E5DF005}] => (Allow) C:\Program Files\Birdjob\Application\chrome.exe
FirewallRules: [{C7083160-5D28-4E4E-9421-7182172FA361}] => (Allow) C:\Program Files\Opera\43.0.2442.991\opera.exe
FirewallRules: [{FE42F232-9550-42E4-AA63-3B03827CB1F6}] => (Allow) C:\Program Files\MIO\loader\st31000524as_9vpgb79g.exe
FirewallRules: [{FC041C6F-FA9B-4009-A6DA-A140DDF2A918}] => (Allow) C:\Program Files\MIO\loader\st31000524as_9vpgb79g.exe
FirewallRules: [{C3162CCF-042C-4E3B-AD68-46F7B0115559}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{F4F9AE61-5C58-4366-A02D-373A6233E594}] => (Allow) C:\Program Files\Firefox\Firefox.exe

==================== Restore Points =========================

28-02-2017 14:55:32 Naplánovaný kontrolní bod
02-03-2017 03:00:20 Windows Update
06-03-2017 14:03:34 Removed WinSnare
08-03-2017 17:18:35 Installed Tom Clancy's Rainbow Six Vegas 2
08-03-2017 17:38:51 Nainstalováno rozhraní DirectX
12-03-2017 12:57:38 Removed BikaQ Rss
13-03-2017 08:29:40 Nainstalováno rozhraní DirectX
18-03-2017 20:36:05 Removed deskapp
19-03-2017 22:46:44 Installed Zkušební verze produktu Microsoft Office Professional 2010
20-03-2017 14:35:40 Removed WinSnare
20-03-2017 17:48:13 Windows Update
20-03-2017 19:16:53 Windows Update
22-03-2017 12:57:29 Windows Update

==================== Faulty Device Manager Devices =============

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2017 01:29:10 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/22/2017 01:29:10 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/22/2017 01:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/22/2017 01:19:54 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/22/2017 01:19:54 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/22/2017 01:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/22/2017 11:55:55 AM) (Source: MsiInstaller) (EventID: 10005) (User: kuba-PC)
Description: Product: WinSnare -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2761. The arguments are: , ,

Error: (03/22/2017 11:55:51 AM) (Source: MsiInstaller) (EventID: 1041) (User: kuba-PC)
Description: Nepodařilo se zahájit transakci Instalační služby systému Windows C:\Program Files\Drowotywervught\_ALLOWDEL_b2bb\bikaQ.msi. Při zahajování transakce došlo k chybě 1618.

Error: (03/22/2017 11:55:51 AM) (Source: MsiInstaller) (EventID: 1041) (User: kuba-PC)
Description: Nepodařilo se zahájit transakci Instalační služby systému Windows C:\Program Files\Drowotywervught\_ALLOWDEL_b2bb\WinSnare.msi. Při zahajování transakce došlo k chybě 1618.

Error: (03/22/2017 11:41:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/22/2017 02:58:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.

Error: (03/22/2017 02:58:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Server přestala během spouštění reagovat.

Error: (03/22/2017 02:56:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.

Error: (03/22/2017 02:56:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Server přestala během spouštění reagovat.

Error: (03/22/2017 02:54:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.

Error: (03/22/2017 02:54:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Server přestala během spouštění reagovat.

Error: (03/22/2017 02:52:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.

Error: (03/22/2017 02:52:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Server přestala během spouštění reagovat.

Error: (03/22/2017 02:50:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.

Error: (03/22/2017 02:50:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Server přestala během spouštění reagovat.


CodeIntegrity:
===================================
Date: 2017-03-20 17:26:55.801
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.754
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-20 17:26:55.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-13 00:40:28.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-13 00:40:28.062
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\smaz\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 3557.4 MB
Available physical RAM: 2338.85 MB
Total Virtual: 31555.72 MB
Available Virtual: 30111.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.85 GB) (Free:182.96 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.47 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6FF49CA9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)

==================== End of Addition.txt ============================

Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U121. Verze Javy, ktere v PC mate nainstalovane:

• Java 7 Update 60
• Java 8 Update 45

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe
  CMD: dir "C:\Users\s\AppData\Local\Microsoft Windows"
  HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
  HKU\S-1-5-18\...\Run: [] => [X]
  HKLM\...\Providers\d98xhjsa: C:\Program Files\Nzsyeradom Monitor\local32spl.dll [283136 2016-12-22] ()
  ShellExecuteHooks: No Name - {1E4DD366-C5C1-11E6-B012-64006A5CFC35} - C:\Users\3\AppData\Roaming\Qozokshinack\Chjlyfoduck.dll -> No File
  ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
  ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
  ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
  Startup: C:\Users\kubaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-20]
  ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
  SearchScopes: HKLM -> DefaultScope value is missing
  SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... FWZjQ,,&q={searchTerms}
  SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
  SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=1273&r=2014/03/24&hid=11953858726242532879&lg=EN&cc=CZ&unqvl=50
  SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... VPGB79G&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {79B42868-76A4-4D41-A161-DD320FA61180} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
  SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... FWZjQ,,&q={searchTerms}
  FF HKLM\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files\RelevantKnowledge\firefox => not found
  C:\Program Files\RelevantKnowledge
  R2 FirefoxDL; C:\Users\s\AppData\Local\Temp\hpACE3.tmp\QQBrowser.exe [131640 2017-03-21] (Tencent Inc.) <==== ATTENTION
  R2 FirefoxU; C:\Program Files\Firefox\bin\FirefoxUpdate.exe [103936 2017-03-20] () [File not signed]
  R2 Hecerry; C:\Program Files\Drowotywervught\cksControls.dll [180736 2016-12-22] () [File not signed]
  R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
  R2 Kyubey; C:\Users\s\AppData\Roaming\Kyubey\Kyubey.exe [116736 2017-03-22] (Kyubey.exe) [File not signed]
  S4 Viafresh; C:\ProgramData\\Viafresh\\Viafresh.exe [441856 2015-09-17] () [File not signed]
  R2 WinSAPSvc; C:\Users\s\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-21] (Windows) [File not signed]
  S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
  R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
  R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
  R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
  R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
  R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
  
  S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
  S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
  S3 ESEADriver2; \??\C:\Users\kuba\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
  S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
  S1 httiyrgm; \??\C:\Windows\system32\drivers\httiyrgm.sys [X]
  S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
  U2 WinSnare; no ImagePath
  S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
  NETSVC: HpSvc -> no filepath.
  NETSVC: GmSvc -> no filepath.
  2017-03-22 13:28 - 2017-03-22 13:28 - 00000000 ____D C:\Program Files\Firefox
  2017-03-22 13:26 - 2017-03-22 13:26 - 00000000 ____D C:\Program Files\58D26D7E_jumpeasy
  2017-03-22 13:26 - 2017-03-22 13:26 - 00000000 ____D C:\Program Files\58D26D6F_jumpeasy
  2017-03-22 13:19 - 2017-03-22 13:29 - 00000000 ____D C:\Windows\system32\extensions
  2017-03-22 13:19 - 2017-03-22 13:19 - 00000000 ____D C:\Program Files\Bepat
  2017-03-22 11:50 - 2017-03-22 11:50 - 00000000 ____D C:\Users\s\AppData\Roaming\Kyubey
  2017-03-22 11:41 - 2017-03-22 13:56 - 00000000 _____ C:\Users\Public\Documents\report.dat
  2017-03-22 11:41 - 2017-03-22 13:28 - 00000000 _____ C:\Users\Public\Documents\temp.dat
  2017-03-22 11:41 - 2017-03-22 11:41 - 00000000 ____D C:\Program Files\n1
  2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Windows\system32\{82D33A6B-D655-45BA-8E60-AF0661A9601F}
  2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Users\s\AppData\Roaming\WinSAPSvc
  2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Program Files\d98xhjsa
  2017-03-20 18:20 - 2016-05-19 07:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
  2017-03-20 17:34 - 2017-03-20 17:35 - 04031440 _____ C:\Users\s\Desktop\adwcleaner_6.044.exe
  2017-03-20 14:23 - 2017-03-20 14:24 - 00000000 ____D C:\rsit
  2017-03-20 14:23 - 2017-03-20 14:24 - 00000000 ____D C:\Program Files\trend micro
  2017-03-20 14:23 - 2017-03-20 14:23 - 01222144 _____ C:\Users\s\Downloads\RSITx64(1).exe
  2017-03-20 14:23 - 2017-03-20 14:23 - 01107968 _____ C:\Users\s\Downloads\RSIT.exe
  2017-03-20 14:22 - 2017-03-20 14:23 - 01222144 _____ C:\Users\s\Downloads\RSITx64.exe
  2017-03-03 18:07 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\bce00fed-6ac1-425f-917e-c9908a873bb41488560863
  2017-03-03 18:05 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\AppData\Local\FindIp
  2017-03-01 18:01 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\Prifuly
  2017-03-01 18:01 - 2017-03-05 20:26 - 00000000 ____D C:\Users\s\AppData\Local\Ugerlygregock
  Folder: C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3}
  2017-03-22 11:40 - 2016-12-22 00:55 - 00000000 ____D C:\Program Files\Drowotywervught
  2017-03-20 13:45 - 2017-01-12 15:42 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
  2017-03-20 13:45 - 2017-01-12 15:42 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
  File: C:\Program Files\Common Files\1xxnaodt.exe
  File: C:\Program Files\Common Files\2qprdj5r.exe
  2017-01-06 21:38 - 2017-03-13 08:34 - 0044018 _____ () C:\Program Files\metadata
  2015-12-16 22:27 - 2015-12-16 22:27 - 2360956 _____ () C:\Program Files\Common Files\1xxnaodt.exe
  2015-11-26 22:27 - 2015-11-26 22:27 - 3828696 _____ () C:\Program Files\Common Files\2qprdj5r.exe
  2015-11-22 09:41 - 2015-11-22 09:42 - 2954093 _____ () C:\Program Files\Common Files\3womdxag.exe
  2015-12-19 22:27 - 2015-12-19 22:27 - 2360186 _____ () C:\Program Files\Common Files\3zccem2c.exe
  2015-12-01 22:27 - 2015-12-01 22:27 - 3828852 _____ () C:\Program Files\Common Files\44nn0132.exe
  2015-12-05 22:27 - 2015-12-05 22:27 - 3797351 _____ () C:\Program Files\Common Files\4buyq1go.exe
  2015-12-15 22:27 - 2015-12-15 22:27 - 2357200 _____ () C:\Program Files\Common Files\5inzu34z.exe
  2015-12-13 22:27 - 2015-12-13 22:27 - 2658175 _____ () C:\Program Files\Common Files\5zoueghr.exe
  2015-12-14 22:27 - 2015-12-14 22:27 - 2344178 _____ () C:\Program Files\Common Files\a4clk2oc.exe
  2015-12-21 22:27 - 2015-12-21 22:27 - 2370530 _____ () C:\Program Files\Common Files\a5j3zwi2.exe
  2015-12-02 22:27 - 2015-12-02 22:27 - 3796917 _____ () C:\Program Files\Common Files\ak4plgox.exe
  2015-11-23 22:27 - 2015-11-23 22:27 - 2830301 _____ () C:\Program Files\Common Files\box245sl.exe
  2015-12-12 22:27 - 2015-12-12 22:27 - 2658167 _____ () C:\Program Files\Common Files\ccjjwkjc.exe
  2015-10-06 05:34 - 2015-10-06 05:34 - 4875861 _____ () C:\Program Files\Common Files\cwal4sh3.exe
  2015-12-04 00:18 - 2015-12-04 00:18 - 3797358 _____ () C:\Program Files\Common Files\dxkrp20l.exe
  2015-11-29 22:44 - 2015-11-29 22:44 - 3828691 _____ () C:\Program Files\Common Files\edtopeeq.exe
  2015-11-17 22:27 - 2015-11-17 22:27 - 2804975 _____ () C:\Program Files\Common Files\femfic1x.exe
  2015-11-19 22:27 - 2015-11-19 22:27 - 2954094 _____ () C:\Program Files\Common Files\fqbgdyeo.exe
  2015-12-09 22:27 - 2015-12-09 22:27 - 2666306 _____ () C:\Program Files\Common Files\fzzyt2bh.exe
  2015-11-15 22:27 - 2015-11-15 22:27 - 2813314 _____ () C:\Program Files\Common Files\hmh0dy0z.exe
  2015-11-22 03:02 - 2015-11-22 03:02 - 2954096 _____ () C:\Program Files\Common Files\i1u2btob.exe
  2015-09-20 20:24 - 2015-09-20 20:24 - 4875861 _____ () C:\Program Files\Common Files\i24oo3wc.exe
  2015-12-07 22:27 - 2015-12-07 22:27 - 2672328 _____ () C:\Program Files\Common Files\ifl2esnr.exe
  2015-11-27 22:45 - 2015-11-27 22:45 - 3828691 _____ () C:\Program Files\Common Files\il01xa0m.exe
  2015-12-10 22:27 - 2015-12-10 22:27 - 2658176 _____ () C:\Program Files\Common Files\in0uxazu.exe
  2015-11-16 22:27 - 2015-11-16 22:27 - 2811610 _____ () C:\Program Files\Common Files\iw1zjmpz.exe
  2015-11-25 22:27 - 2015-11-25 22:27 - 3029488 _____ () C:\Program Files\Common Files\k54sj0z3.exe
  2015-12-24 22:27 - 2015-12-24 22:27 - 2280563 _____ () C:\Program Files\Common Files\kpb1vrfk.exe
  2015-12-06 22:27 - 2015-12-06 22:27 - 3797353 _____ () C:\Program Files\Common Files\miiyzbya.exe
  2015-12-08 22:27 - 2015-12-08 22:27 - 2666308 _____ () C:\Program Files\Common Files\n34r25yh.exe
  2015-11-24 22:27 - 2015-11-24 22:27 - 3029495 _____ () C:\Program Files\Common Files\n3keeb2a.exe
  2015-12-04 22:27 - 2015-12-04 22:27 - 3797349 _____ () C:\Program Files\Common Files\odfxo124.exe
  2015-12-22 23:10 - 2015-12-22 23:10 - 2371566 _____ () C:\Program Files\Common Files\p3es1xpf.exe
  2015-12-19 00:50 - 2015-12-19 00:50 - 2361145 _____ () C:\Program Files\Common Files\pasitm4z.exe
  2015-12-23 22:28 - 2015-12-23 22:28 - 2401163 _____ () C:\Program Files\Common Files\pc0jthwx.exe
  2015-12-20 22:35 - 2015-12-20 22:35 - 2369679 _____ () C:\Program Files\Common Files\pmjuazab.exe
  2015-12-11 22:27 - 2015-12-11 22:27 - 2658173 _____ () C:\Program Files\Common Files\q1vg24p3.exe
  2015-11-23 00:33 - 2015-11-23 00:33 - 2954095 _____ () C:\Program Files\Common Files\qczf4sn2.exe
  2015-12-25 22:55 - 2015-12-25 22:55 - 2284164 _____ () C:\Program Files\Common Files\qjfzthfz.exe
  2015-12-19 01:01 - 2015-12-19 01:01 - 2361145 _____ () C:\Program Files\Common Files\tmtgesrj.exe
  2015-11-14 22:27 - 2015-11-14 22:27 - 2813323 _____ () C:\Program Files\Common Files\ukyjy3fb.exe
  2015-11-21 03:05 - 2015-11-21 03:05 - 2954095 _____ () C:\Program Files\Common Files\um4n1huw.exe
  2015-11-30 22:27 - 2015-11-30 22:27 - 3828859 _____ () C:\Program Files\Common Files\vzqvrxtq.exe
  2015-11-13 22:27 - 2015-11-13 22:27 - 2813317 _____ () C:\Program Files\Common Files\wz1uh45r.exe
  2015-11-28 22:27 - 2015-11-28 22:27 - 3828698 _____ () C:\Program Files\Common Files\xe1jd04g.exe
  2015-12-26 22:27 - 2015-12-26 22:27 - 2289402 _____ () C:\Program Files\Common Files\xirvjvof.exe
  2015-11-18 22:27 - 2015-11-18 22:27 - 2789085 _____ () C:\Program Files\Common Files\xjwhbx45.exe
  Task: {3424F9BA-A84F-4B2D-ABCA-C59B033E27C8} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
  Task: {34706D85-BBEA-4C4F-A81E-6B88CF74AAC3} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
  Task: {54D96F59-6092-491A-B021-E294F5D41975} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\kuba\AppData\Roaming\Melesta\CODEXi\Steam" <==== ATTENTION
  Task: {64EFB5CA-5CDF-47A9-B710-0CDDB0CF3575} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
  Task: {6B1156DF-0882-410E-B159-A2D7D59F7F75} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
  Task: {79507F5C-331D-47B7-9DDD-B4992845AD2B} - System32\Tasks\mcleaner => C:\Users\kuba\AppData\Roaming\CEA8.tmp.exe <==== ATTENTION
  Task: {C5857DB7-13F4-4325-B361-7A3AB30FC350} - System32\Tasks\ComputerZLite => C:\Program Files\LdsLite\LdsLite.exe <==== ATTENTION
  C:\Program Files\LdsLite
  Task: {C8A7D18C-47AB-42C4-993B-1DA77BF4407A} - System32\Tasks\Clajely Host => C:\Program Files\Drowotywervught\shuherk.exe [2016-12-22] (Glarysoft Ltd)
  Task: {C951F9AA-12FC-441D-A1ED-854DDA475224} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2017-03-22] ()
  C:\Program Files\MIO
  Task: {CC22BD35-267B-4439-A28D-C1923556F45C} - System32\Tasks\j51abpvc => C:\Program Files\Common Files\w2ecjrr2\550eeab1wabfi.exe <==== ATTENTION
  Task: {D2501168-6CE2-4C49-A2F2-A28EAA08088C} - \downloacyi -> No File <==== ATTENTION
  Task: {D9D40B84-9EE9-4392-9201-2058C43FB767} - System32\Tasks\2fmnhjgx => C:\Program Files\Common Files\conpe5wq\9a14123gtm2o0.exe <==== ATTENTION
  Task: {DF6B2F93-1B55-4220-8A47-C8AEB3042D03} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
  Task: {E72BB526-C224-4204-B13E-B8D4BE4BBD00} - System32\Tasks\yuv4ciiq => C:\Program Files\Common Files\51dvgjxr\c1c50jpdgke4x.exe <==== ATTENTION
  Task: {FCCD97CE-2C77-4A80-B458-DD72F655C26D} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
  Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
  Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
  Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
  Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
  Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
  Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
  WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
  AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x86.sys [68562]
  AlternateDataStreams: C:\Windows\system32\drivers:x86 [1176354]
  FirewallRules: [{4F98BD3F-6AAF-407D-A249-F12D30B3878C}] => (Allow) C:\Users\3\AppData\Local\Temp\00025054\inst_buychannel_07.exe
  FirewallRules: [{246A24D5-D84C-4F62-9BDF-9FED533C48AB}] => (Allow) C:\Users\3\AppData\Local\Temp\00025054\inst_buychannel_07.exe
  FirewallRules: [{08AB898D-B442-4A3C-87F6-71636DA161CE}] => (Allow) C:\Program Files\LuDaShi\Utils\Down.exe
  FirewallRules: [{A8E058E0-4A19-4401-8349-DF564A5ED0CA}] => (Allow) C:\Program Files\LuDaShi\Utils\Down.exe
  FirewallRules: [{63AC0553-46FA-4AF5-9189-482D5B8A78FE}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
  FirewallRules: [{AD96D9C0-4421-41D3-BE48-DBECDCC5DACF}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
  FirewallRules: [{654EDC0D-A850-49AF-B807-240BA889C2B0}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
  FirewallRules: [{AD47F883-E7D9-48A6-B4B9-175EA7BF2DDB}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
  FirewallRules: [{FFB34406-DF61-4272-A175-424ACD70C9C6}] => (Allow) C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe
  FirewallRules: [{08B9BEF6-2EEB-4779-839C-46EEF484B20E}] => (Allow) C:\Program Files\LuDaShi\softmgr\SoftMgrInst.exe
  FirewallRules: [{CEED008C-B4FD-46AD-ADCF-32AE3F4DEA8E}] => (Allow) C:\Program Files\LuDaShi\softmgr\SoftMgrInst.exe
  FirewallRules: [{636E9636-26B5-45B6-B464-484148B52755}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\360se.exe
  FirewallRules: [{D20754EC-A6CA-4614-A21A-8E16FFDB335E}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\360se.exe
  FirewallRules: [{7E6D9E1D-01E1-415E-9C47-D8E7A6E1D07D}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\7.1.1.601\installer\seup.exe
  FirewallRules: [{75872E73-5F5A-4F4B-949A-CF1CEA751A5B}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\7.1.1.601\installer\seup.exe
  C:\Program Files\LuDaShi
  FirewallRules: [{C3162CCF-042C-4E3B-AD68-46F7B0115559}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe
  FirewallRules: [{F4F9AE61-5C58-4366-A02D-373A6233E594}] => (Allow) C:\Program Files\Firefox\Firefox.exe
  CMD: dir "C:\Windows\Inf" /AD
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by s (22-03-2017 17:21:39) Run:1
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available Profiles: s)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe
CMD: dir "C:\Users\s\AppData\Local\Microsoft Windows"
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\d98xhjsa: C:\Program Files\Nzsyeradom Monitor\local32spl.dll [283136 2016-12-22] ()
ShellExecuteHooks: No Name - {1E4DD366-C5C1-11E6-B012-64006A5CFC35} - C:\Users\3\AppData\Roaming\Qozokshinack\Chjlyfoduck.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\kubaa\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Users\kubaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-09-20]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... FWZjQ,,&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=1273&r=2014/03/24&hid=11953858726242532879&lg=EN&cc=CZ&unqvl=50
SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/? ... VPGB79G&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {79B42868-76A4-4D41-A161-DD320FA61180} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1732726701-269562743-775657971-1012 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... FWZjQ,,&q={searchTerms}
FF HKLM\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files\RelevantKnowledge\firefox => not found
C:\Program Files\RelevantKnowledge
R2 FirefoxDL; C:\Users\s\AppData\Local\Temp\hpACE3.tmp\QQBrowser.exe [131640 2017-03-21] (Tencent Inc.) <==== ATTENTION
R2 FirefoxU; C:\Program Files\Firefox\bin\FirefoxUpdate.exe [103936 2017-03-20] () [File not signed]
R2 Hecerry; C:\Program Files\Drowotywervught\cksControls.dll [180736 2016-12-22] () [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participaçoes Ltda)
R2 Kyubey; C:\Users\s\AppData\Roaming\Kyubey\Kyubey.exe [116736 2017-03-22] (Kyubey.exe) [File not signed]
S4 Viafresh; C:\ProgramData\\Viafresh\\Viafresh.exe [441856 2015-09-17] () [File not signed]
R2 WinSAPSvc; C:\Users\s\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-21] (Windows) [File not signed]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participaçoes Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participaçoes Ltda)

S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ESEADriver2; \??\C:\Users\kuba\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 httiyrgm; \??\C:\Windows\system32\drivers\httiyrgm.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
U2 WinSnare; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
NETSVC: HpSvc -> no filepath.
NETSVC: GmSvc -> no filepath.
2017-03-22 13:28 - 2017-03-22 13:28 - 00000000 ____D C:\Program Files\Firefox
2017-03-22 13:26 - 2017-03-22 13:26 - 00000000 ____D C:\Program Files\58D26D7E_jumpeasy
2017-03-22 13:26 - 2017-03-22 13:26 - 00000000 ____D C:\Program Files\58D26D6F_jumpeasy
2017-03-22 13:19 - 2017-03-22 13:29 - 00000000 ____D C:\Windows\system32\extensions
2017-03-22 13:19 - 2017-03-22 13:19 - 00000000 ____D C:\Program Files\Bepat
2017-03-22 11:50 - 2017-03-22 11:50 - 00000000 ____D C:\Users\s\AppData\Roaming\Kyubey
2017-03-22 11:41 - 2017-03-22 13:56 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-22 11:41 - 2017-03-22 13:28 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-22 11:41 - 2017-03-22 11:41 - 00000000 ____D C:\Program Files\n1
2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Windows\system32\{82D33A6B-D655-45BA-8E60-AF0661A9601F}
2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Users\s\AppData\Roaming\WinSAPSvc
2017-03-22 11:40 - 2017-03-22 11:40 - 00000000 ____D C:\Program Files\d98xhjsa
2017-03-20 18:20 - 2016-05-19 07:42 - 00059152 _____ (Elex do Brasil Participaçoes Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-03-20 17:34 - 2017-03-20 17:35 - 04031440 _____ C:\Users\s\Desktop\adwcleaner_6.044.exe
2017-03-20 14:23 - 2017-03-20 14:24 - 00000000 ____D C:\rsit
2017-03-20 14:23 - 2017-03-20 14:24 - 00000000 ____D C:\Program Files\trend micro
2017-03-20 14:23 - 2017-03-20 14:23 - 01222144 _____ C:\Users\s\Downloads\RSITx64(1).exe
2017-03-20 14:23 - 2017-03-20 14:23 - 01107968 _____ C:\Users\s\Downloads\RSIT.exe
2017-03-20 14:22 - 2017-03-20 14:23 - 01222144 _____ C:\Users\s\Downloads\RSITx64.exe
2017-03-03 18:07 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\bce00fed-6ac1-425f-917e-c9908a873bb41488560863
2017-03-03 18:05 - 2017-03-20 13:52 - 00000000 ____D C:\Users\s\AppData\Local\FindIp
2017-03-01 18:01 - 2017-03-20 13:52 - 00000000 ____D C:\Program Files\Prifuly
2017-03-01 18:01 - 2017-03-05 20:26 - 00000000 ____D C:\Users\s\AppData\Local\Ugerlygregock
Folder: C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3}
2017-03-22 11:40 - 2016-12-22 00:55 - 00000000 ____D C:\Program Files\Drowotywervught
2017-03-20 13:45 - 2017-01-12 15:42 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-20 13:45 - 2017-01-12 15:42 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
File: C:\Program Files\Common Files\1xxnaodt.exe
File: C:\Program Files\Common Files\2qprdj5r.exe
2017-01-06 21:38 - 2017-03-13 08:34 - 0044018 _____ () C:\Program Files\metadata
2015-12-16 22:27 - 2015-12-16 22:27 - 2360956 _____ () C:\Program Files\Common Files\1xxnaodt.exe
2015-11-26 22:27 - 2015-11-26 22:27 - 3828696 _____ () C:\Program Files\Common Files\2qprdj5r.exe
2015-11-22 09:41 - 2015-11-22 09:42 - 2954093 _____ () C:\Program Files\Common Files\3womdxag.exe
2015-12-19 22:27 - 2015-12-19 22:27 - 2360186 _____ () C:\Program Files\Common Files\3zccem2c.exe
2015-12-01 22:27 - 2015-12-01 22:27 - 3828852 _____ () C:\Program Files\Common Files\44nn0132.exe
2015-12-05 22:27 - 2015-12-05 22:27 - 3797351 _____ () C:\Program Files\Common Files\4buyq1go.exe
2015-12-15 22:27 - 2015-12-15 22:27 - 2357200 _____ () C:\Program Files\Common Files\5inzu34z.exe
2015-12-13 22:27 - 2015-12-13 22:27 - 2658175 _____ () C:\Program Files\Common Files\5zoueghr.exe
2015-12-14 22:27 - 2015-12-14 22:27 - 2344178 _____ () C:\Program Files\Common Files\a4clk2oc.exe
2015-12-21 22:27 - 2015-12-21 22:27 - 2370530 _____ () C:\Program Files\Common Files\a5j3zwi2.exe
2015-12-02 22:27 - 2015-12-02 22:27 - 3796917 _____ () C:\Program Files\Common Files\ak4plgox.exe
2015-11-23 22:27 - 2015-11-23 22:27 - 2830301 _____ () C:\Program Files\Common Files\box245sl.exe
2015-12-12 22:27 - 2015-12-12 22:27 - 2658167 _____ () C:\Program Files\Common Files\ccjjwkjc.exe
2015-10-06 05:34 - 2015-10-06 05:34 - 4875861 _____ () C:\Program Files\Common Files\cwal4sh3.exe
2015-12-04 00:18 - 2015-12-04 00:18 - 3797358 _____ () C:\Program Files\Common Files\dxkrp20l.exe
2015-11-29 22:44 - 2015-11-29 22:44 - 3828691 _____ () C:\Program Files\Common Files\edtopeeq.exe
2015-11-17 22:27 - 2015-11-17 22:27 - 2804975 _____ () C:\Program Files\Common Files\femfic1x.exe
2015-11-19 22:27 - 2015-11-19 22:27 - 2954094 _____ () C:\Program Files\Common Files\fqbgdyeo.exe
2015-12-09 22:27 - 2015-12-09 22:27 - 2666306 _____ () C:\Program Files\Common Files\fzzyt2bh.exe
2015-11-15 22:27 - 2015-11-15 22:27 - 2813314 _____ () C:\Program Files\Common Files\hmh0dy0z.exe
2015-11-22 03:02 - 2015-11-22 03:02 - 2954096 _____ () C:\Program Files\Common Files\i1u2btob.exe
2015-09-20 20:24 - 2015-09-20 20:24 - 4875861 _____ () C:\Program Files\Common Files\i24oo3wc.exe
2015-12-07 22:27 - 2015-12-07 22:27 - 2672328 _____ () C:\Program Files\Common Files\ifl2esnr.exe
2015-11-27 22:45 - 2015-11-27 22:45 - 3828691 _____ () C:\Program Files\Common Files\il01xa0m.exe
2015-12-10 22:27 - 2015-12-10 22:27 - 2658176 _____ () C:\Program Files\Common Files\in0uxazu.exe
2015-11-16 22:27 - 2015-11-16 22:27 - 2811610 _____ () C:\Program Files\Common Files\iw1zjmpz.exe
2015-11-25 22:27 - 2015-11-25 22:27 - 3029488 _____ () C:\Program Files\Common Files\k54sj0z3.exe
2015-12-24 22:27 - 2015-12-24 22:27 - 2280563 _____ () C:\Program Files\Common Files\kpb1vrfk.exe
2015-12-06 22:27 - 2015-12-06 22:27 - 3797353 _____ () C:\Program Files\Common Files\miiyzbya.exe
2015-12-08 22:27 - 2015-12-08 22:27 - 2666308 _____ () C:\Program Files\Common Files\n34r25yh.exe
2015-11-24 22:27 - 2015-11-24 22:27 - 3029495 _____ () C:\Program Files\Common Files\n3keeb2a.exe
2015-12-04 22:27 - 2015-12-04 22:27 - 3797349 _____ () C:\Program Files\Common Files\odfxo124.exe
2015-12-22 23:10 - 2015-12-22 23:10 - 2371566 _____ () C:\Program Files\Common Files\p3es1xpf.exe
2015-12-19 00:50 - 2015-12-19 00:50 - 2361145 _____ () C:\Program Files\Common Files\pasitm4z.exe
2015-12-23 22:28 - 2015-12-23 22:28 - 2401163 _____ () C:\Program Files\Common Files\pc0jthwx.exe
2015-12-20 22:35 - 2015-12-20 22:35 - 2369679 _____ () C:\Program Files\Common Files\pmjuazab.exe
2015-12-11 22:27 - 2015-12-11 22:27 - 2658173 _____ () C:\Program Files\Common Files\q1vg24p3.exe
2015-11-23 00:33 - 2015-11-23 00:33 - 2954095 _____ () C:\Program Files\Common Files\qczf4sn2.exe
2015-12-25 22:55 - 2015-12-25 22:55 - 2284164 _____ () C:\Program Files\Common Files\qjfzthfz.exe
2015-12-19 01:01 - 2015-12-19 01:01 - 2361145 _____ () C:\Program Files\Common Files\tmtgesrj.exe
2015-11-14 22:27 - 2015-11-14 22:27 - 2813323 _____ () C:\Program Files\Common Files\ukyjy3fb.exe
2015-11-21 03:05 - 2015-11-21 03:05 - 2954095 _____ () C:\Program Files\Common Files\um4n1huw.exe
2015-11-30 22:27 - 2015-11-30 22:27 - 3828859 _____ () C:\Program Files\Common Files\vzqvrxtq.exe
2015-11-13 22:27 - 2015-11-13 22:27 - 2813317 _____ () C:\Program Files\Common Files\wz1uh45r.exe
2015-11-28 22:27 - 2015-11-28 22:27 - 3828698 _____ () C:\Program Files\Common Files\xe1jd04g.exe
2015-12-26 22:27 - 2015-12-26 22:27 - 2289402 _____ () C:\Program Files\Common Files\xirvjvof.exe
2015-11-18 22:27 - 2015-11-18 22:27 - 2789085 _____ () C:\Program Files\Common Files\xjwhbx45.exe
Task: {3424F9BA-A84F-4B2D-ABCA-C59B033E27C8} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {34706D85-BBEA-4C4F-A81E-6B88CF74AAC3} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {54D96F59-6092-491A-B021-E294F5D41975} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\kuba\AppData\Roaming\Melesta\CODEXi\Steam" <==== ATTENTION
Task: {64EFB5CA-5CDF-47A9-B710-0CDDB0CF3575} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {6B1156DF-0882-410E-B159-A2D7D59F7F75} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {79507F5C-331D-47B7-9DDD-B4992845AD2B} - System32\Tasks\mcleaner => C:\Users\kuba\AppData\Roaming\CEA8.tmp.exe <==== ATTENTION
Task: {C5857DB7-13F4-4325-B361-7A3AB30FC350} - System32\Tasks\ComputerZLite => C:\Program Files\LdsLite\LdsLite.exe <==== ATTENTION
C:\Program Files\LdsLite
Task: {C8A7D18C-47AB-42C4-993B-1DA77BF4407A} - System32\Tasks\Clajely Host => C:\Program Files\Drowotywervught\shuherk.exe [2016-12-22] (Glarysoft Ltd)
Task: {C951F9AA-12FC-441D-A1ED-854DDA475224} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2017-03-22] ()
C:\Program Files\MIO
Task: {CC22BD35-267B-4439-A28D-C1923556F45C} - System32\Tasks\j51abpvc => C:\Program Files\Common Files\w2ecjrr2\550eeab1wabfi.exe <==== ATTENTION
Task: {D2501168-6CE2-4C49-A2F2-A28EAA08088C} - \downloacyi -> No File <==== ATTENTION
Task: {D9D40B84-9EE9-4392-9201-2058C43FB767} - System32\Tasks\2fmnhjgx => C:\Program Files\Common Files\conpe5wq\9a14123gtm2o0.exe <==== ATTENTION
Task: {DF6B2F93-1B55-4220-8A47-C8AEB3042D03} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {E72BB526-C224-4204-B13E-B8D4BE4BBD00} - System32\Tasks\yuv4ciiq => C:\Program Files\Common Files\51dvgjxr\c1c50jpdgke4x.exe <==== ATTENTION
Task: {FCCD97CE-2C77-4A80-B458-DD72F655C26D} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x86.sys [68562]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1176354]
FirewallRules: [{4F98BD3F-6AAF-407D-A249-F12D30B3878C}] => (Allow) C:\Users\3\AppData\Local\Temp\00025054\inst_buychannel_07.exe
FirewallRules: [{246A24D5-D84C-4F62-9BDF-9FED533C48AB}] => (Allow) C:\Users\3\AppData\Local\Temp\00025054\inst_buychannel_07.exe
FirewallRules: [{08AB898D-B442-4A3C-87F6-71636DA161CE}] => (Allow) C:\Program Files\LuDaShi\Utils\Down.exe
FirewallRules: [{A8E058E0-4A19-4401-8349-DF564A5ED0CA}] => (Allow) C:\Program Files\LuDaShi\Utils\Down.exe
FirewallRules: [{63AC0553-46FA-4AF5-9189-482D5B8A78FE}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{AD96D9C0-4421-41D3-BE48-DBECDCC5DACF}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{654EDC0D-A850-49AF-B807-240BA889C2B0}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{AD47F883-E7D9-48A6-B4B9-175EA7BF2DDB}] => (Allow) C:\Program Files\LuDaShi\ComputerZTray.exe
FirewallRules: [{FFB34406-DF61-4272-A175-424ACD70C9C6}] => (Allow) C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{08B9BEF6-2EEB-4779-839C-46EEF484B20E}] => (Allow) C:\Program Files\LuDaShi\softmgr\SoftMgrInst.exe
FirewallRules: [{CEED008C-B4FD-46AD-ADCF-32AE3F4DEA8E}] => (Allow) C:\Program Files\LuDaShi\softmgr\SoftMgrInst.exe
FirewallRules: [{636E9636-26B5-45B6-B464-484148B52755}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\360se.exe
FirewallRules: [{D20754EC-A6CA-4614-A21A-8E16FFDB335E}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\360se.exe
FirewallRules: [{7E6D9E1D-01E1-415E-9C47-D8E7A6E1D07D}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\7.1.1.601\installer\seup.exe
FirewallRules: [{75872E73-5F5A-4F4B-949A-CF1CEA751A5B}] => (Allow) C:\Users\3\AppData\Roaming\360se6\Application\7.1.1.601\installer\seup.exe
C:\Program Files\LuDaShi
FirewallRules: [{C3162CCF-042C-4E3B-AD68-46F7B0115559}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{F4F9AE61-5C58-4366-A02D-373A6233E594}] => (Allow) C:\Program Files\Firefox\Firefox.exe
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe ========================

File not signed
MD5: B4431F314BAECF805B793D97C9F011D4
Creation and modification date: 2017-01-26 06:30 - 2017-01-13 16:47
Size: 0089600
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: taskhostex_502.exe
Original Name: taskhostex_502.exe
Product: Microsoft Windows Operation System
Description: Host Process for Windows Tasks
File Version: 6.3.9600.17415
Product Version: 6.3.9600.17415
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======


========= dir "C:\Users\s\AppData\Local\Microsoft Windows" =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\Users\s\AppData\Local\Microsoft Windows

20.03.2017 13:53 <DIR> .
20.03.2017 13:53 <DIR> ..
13.01.2017 16:47 89˙600 taskhost.exe
14.01.2017 20:26 274 taskhost.exe.config
Soubor…: 2, Bajt…: 89˙874
Adres ý…: 2, Volněch bajt…: 189˙082˙882˙048

========= End of CMD: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\d98xhjsa => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order d98xhjsa => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{1E4DD366-C5C1-11E6-B012-64006A5CFC35} => value removed successfully.
HKCR\CLSID\{1E4DD366-C5C1-11E6-B012-64006A5CFC35} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Users\kubaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk => moved successfully
C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key could not remove, key could be protected
HKCR\CLSID\ielnksrch => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key could not remove, key could be protected
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key could not remove, key could be protected
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key could not remove, key could be protected
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79B42868-76A4-4D41-A161-DD320FA61180} => key could not remove, key could be protected
HKCR\CLSID\{79B42868-76A4-4D41-A161-DD320FA61180} => key not found.
HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key could not remove, key could be protected
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} => value removed successfully.
"C:\Program Files\RelevantKnowledge" => not found.
FirefoxDL => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\FirefoxDL => key removed successfully.
FirefoxDL => service removed successfully.
HKLM\System\CurrentControlSet\Services\FirefoxU => key removed successfully.
FirefoxU => service removed successfully.
Hecerry => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Hecerry => key removed successfully.
Hecerry => service removed successfully.
iSafeService => Unable to stop service.
HKLM\System\CurrentControlSet\Services\iSafeService => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Kyubey => key removed successfully.
Kyubey => service removed successfully.
HKLM\System\CurrentControlSet\Services\Viafresh => key removed successfully.
Viafresh => service removed successfully.
WinSAPSvc => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\WinSAPSvc => key removed successfully.
WinSAPSvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\MozillaMaintenance => key removed successfully.
MozillaMaintenance => service removed successfully.
iSafeKrnl => Unable to stop service.
HKLM\System\CurrentControlSet\Services\iSafeKrnl => key could not remove, key could be protected
iSafeKrnlKit => Unable to stop service.
HKLM\System\CurrentControlSet\Services\iSafeKrnlKit => key could not remove, key could be protected
iSafeKrnlMon => Unable to stop service.
HKLM\System\CurrentControlSet\Services\iSafeKrnlMon => key removed successfully.
iSafeKrnlMon => service removed successfully.
iSafeKrnlR3 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\iSafeKrnlR3 => key could not remove, key could be protected
iSafeNetFilter => Unable to stop service.
HKLM\System\CurrentControlSet\Services\iSafeNetFilter => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\t_mouse.sys => key removed successfully.
t_mouse.sys => service removed successfully.
HKLM\System\CurrentControlSet\Services\EagleXNt => key removed successfully.
EagleXNt => service removed successfully.
HKLM\System\CurrentControlSet\Services\ESEADriver2 => key removed successfully.
ESEADriver2 => service removed successfully.
HKLM\System\CurrentControlSet\Services\FairplayKD => key removed successfully.
FairplayKD => service removed successfully.
HKLM\System\CurrentControlSet\Services\httiyrgm => key removed successfully.
httiyrgm => service removed successfully.
HKLM\System\CurrentControlSet\Services\iSafeKrnlBoot => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WinSnare => key removed successfully.
WinSnare => service removed successfully.
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully.
xhunter1 => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs HpSvc => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs GmSvc => value removed successfully.
C:\Program Files\Firefox => moved successfully
C:\Program Files\58D26D7E_jumpeasy => moved successfully
C:\Program Files\58D26D6F_jumpeasy => moved successfully
C:\Windows\system32\extensions => moved successfully
C:\Program Files\Bepat => moved successfully
C:\Users\s\AppData\Roaming\Kyubey => moved successfully
C:\Users\Public\Documents\report.dat => moved successfully
C:\Users\Public\Documents\temp.dat => moved successfully
C:\Program Files\n1 => moved successfully
C:\Windows\system32\{82D33A6B-D655-45BA-8E60-AF0661A9601F} => moved successfully
C:\Users\s\AppData\Roaming\WinSAPSvc => moved successfully
C:\Program Files\d98xhjsa => moved successfully
C:\Windows\system32\Drivers\iSafeNetFilter.sys => moved successfully
C:\Users\s\Desktop\adwcleaner_6.044.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\s\Downloads\RSITx64(1).exe => moved successfully
C:\Users\s\Downloads\RSIT.exe => moved successfully
C:\Users\s\Downloads\RSITx64.exe => moved successfully
C:\Program Files\bce00fed-6ac1-425f-917e-c9908a873bb41488560863 => moved successfully
C:\Users\s\AppData\Local\FindIp => moved successfully
C:\Program Files\Prifuly => moved successfully
C:\Users\s\AppData\Local\Ugerlygregock => moved successfully

========================= Folder: C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3} ========================

2017-02-24 01:07 - 2017-02-28 06:44 - 0000000 ____D () C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3}\_ALLOWDEL_6qm
2017-02-24 01:07 - 2017-02-24 01:07 - 1359189 _____ () C:\Windows\system32\{F18D63B5-F945-4736-825F-70129CBFE9C3}\_ALLOWDEL_6qm\co.tmp

====== End of Folder: ======

C:\Program Files\Drowotywervught => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.

========================= File: C:\Program Files\Common Files\1xxnaodt.exe ========================

File not signed
MD5: 0BE0B5CACA05E4120746A07B9EC8CA84
Creation and modification date: 2015-12-16 22:27 - 2015-12-16 22:27
Size: 2360956
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.0
Product Version:
Copyright: © 2015

====== End of File: ======


========================= File: C:\Program Files\Common Files\2qprdj5r.exe ========================

File not signed
MD5: 80CDFA83C5B5F7793B9A4B346EB92AD9
Creation and modification date: 2015-11-26 22:27 - 2015-11-26 22:27
Size: 3828696
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\Program Files\metadata => moved successfully
C:\Program Files\Common Files\1xxnaodt.exe => moved successfully
C:\Program Files\Common Files\2qprdj5r.exe => moved successfully
C:\Program Files\Common Files\3womdxag.exe => moved successfully
C:\Program Files\Common Files\3zccem2c.exe => moved successfully
C:\Program Files\Common Files\44nn0132.exe => moved successfully
C:\Program Files\Common Files\4buyq1go.exe => moved successfully
C:\Program Files\Common Files\5inzu34z.exe => moved successfully
C:\Program Files\Common Files\5zoueghr.exe => moved successfully
C:\Program Files\Common Files\a4clk2oc.exe => moved successfully
C:\Program Files\Common Files\a5j3zwi2.exe => moved successfully
C:\Program Files\Common Files\ak4plgox.exe => moved successfully
C:\Program Files\Common Files\box245sl.exe => moved successfully
C:\Program Files\Common Files\ccjjwkjc.exe => moved successfully
C:\Program Files\Common Files\cwal4sh3.exe => moved successfully
C:\Program Files\Common Files\dxkrp20l.exe => moved successfully
C:\Program Files\Common Files\edtopeeq.exe => moved successfully
C:\Program Files\Common Files\femfic1x.exe => moved successfully
C:\Program Files\Common Files\fqbgdyeo.exe => moved successfully
C:\Program Files\Common Files\fzzyt2bh.exe => moved successfully
C:\Program Files\Common Files\hmh0dy0z.exe => moved successfully
C:\Program Files\Common Files\i1u2btob.exe => moved successfully
C:\Program Files\Common Files\i24oo3wc.exe => moved successfully
C:\Program Files\Common Files\ifl2esnr.exe => moved successfully
C:\Program Files\Common Files\il01xa0m.exe => moved successfully
C:\Program Files\Common Files\in0uxazu.exe => moved successfully
C:\Program Files\Common Files\iw1zjmpz.exe => moved successfully
C:\Program Files\Common Files\k54sj0z3.exe => moved successfully
C:\Program Files\Common Files\kpb1vrfk.exe => moved successfully
C:\Program Files\Common Files\miiyzbya.exe => moved successfully
C:\Program Files\Common Files\n34r25yh.exe => moved successfully
C:\Program Files\Common Files\n3keeb2a.exe => moved successfully
C:\Program Files\Common Files\odfxo124.exe => moved successfully
C:\Program Files\Common Files\p3es1xpf.exe => moved successfully
C:\Program Files\Common Files\pasitm4z.exe => moved successfully
C:\Program Files\Common Files\pc0jthwx.exe => moved successfully
C:\Program Files\Common Files\pmjuazab.exe => moved successfully
C:\Program Files\Common Files\q1vg24p3.exe => moved successfully
C:\Program Files\Common Files\qczf4sn2.exe => moved successfully
C:\Program Files\Common Files\qjfzthfz.exe => moved successfully
C:\Program Files\Common Files\tmtgesrj.exe => moved successfully
C:\Program Files\Common Files\ukyjy3fb.exe => moved successfully
C:\Program Files\Common Files\um4n1huw.exe => moved successfully
C:\Program Files\Common Files\vzqvrxtq.exe => moved successfully
C:\Program Files\Common Files\wz1uh45r.exe => moved successfully
C:\Program Files\Common Files\xe1jd04g.exe => moved successfully
C:\Program Files\Common Files\xirvjvof.exe => moved successfully
C:\Program Files\Common Files\xjwhbx45.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3424F9BA-A84F-4B2D-ABCA-C59B033E27C8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3424F9BA-A84F-4B2D-ABCA-C59B033E27C8} => key removed successfully.
C:\Windows\System32\Tasks\Traffic Exchange v209 - 3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34706D85-BBEA-4C4F-A81E-6B88CF74AAC3} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34706D85-BBEA-4C4F-A81E-6B88CF74AAC3} => key removed successfully.
C:\Windows\System32\Tasks\Traffic Exchange v2 - 2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54D96F59-6092-491A-B021-E294F5D41975} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54D96F59-6092-491A-B021-E294F5D41975} => key removed successfully.
C:\Windows\System32\Tasks\Steam_x64-S-2-106-91 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64EFB5CA-5CDF-47A9-B710-0CDDB0CF3575} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64EFB5CA-5CDF-47A9-B710-0CDDB0CF3575} => key removed successfully.
C:\Windows\System32\Tasks\Traffic Exchange v2 - 1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B1156DF-0882-410E-B159-A2D7D59F7F75} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B1156DF-0882-410E-B159-A2D7D59F7F75} => key removed successfully.
C:\Windows\System32\Tasks\Traffic Exchange v209 - 2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79507F5C-331D-47B7-9DDD-B4992845AD2B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79507F5C-331D-47B7-9DDD-B4992845AD2B} => key removed successfully.
C:\Windows\System32\Tasks\mcleaner => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mcleaner => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5857DB7-13F4-4325-B361-7A3AB30FC350} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5857DB7-13F4-4325-B361-7A3AB30FC350} => key removed successfully.
C:\Windows\System32\Tasks\ComputerZLite => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ComputerZLite => key removed successfully.
"C:\Program Files\LdsLite" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8A7D18C-47AB-42C4-993B-1DA77BF4407A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8A7D18C-47AB-42C4-993B-1DA77BF4407A} => key removed successfully.
C:\Windows\System32\Tasks\Clajely Host => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clajely Host => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C951F9AA-12FC-441D-A1ED-854DDA475224} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C951F9AA-12FC-441D-A1ED-854DDA475224} => key removed successfully.
C:\Windows\System32\Tasks\Milimili => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key removed successfully.
C:\Program Files\MIO => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC22BD35-267B-4439-A28D-C1923556F45C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC22BD35-267B-4439-A28D-C1923556F45C} => key removed successfully.
C:\Windows\System32\Tasks\j51abpvc => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\j51abpvc => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2501168-6CE2-4C49-A2F2-A28EAA08088C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2501168-6CE2-4C49-A2F2-A28EAA08088C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\downloacyi => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9D40B84-9EE9-4392-9201-2058C43FB767} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D40B84-9EE9-4392-9201-2058C43FB767} => key removed successfully.
C:\Windows\System32\Tasks\2fmnhjgx => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2fmnhjgx => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF6B2F93-1B55-4220-8A47-C8AEB3042D03} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF6B2F93-1B55-4220-8A47-C8AEB3042D03} => key removed successfully.
C:\Windows\System32\Tasks\Traffic Exchange v2 - 3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E72BB526-C224-4204-B13E-B8D4BE4BBD00} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72BB526-C224-4204-B13E-B8D4BE4BBD00} => key removed successfully.
C:\Windows\System32\Tasks\yuv4ciiq => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\yuv4ciiq => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCCD97CE-2C77-4A80-B458-DD72F655C26D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCCD97CE-2C77-4A80-B458-DD72F655C26D} => key removed successfully.
C:\Windows\System32\Tasks\Traffic Exchange v209 - 1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => key removed successfully.
C:\Windows\Tasks\Traffic Exchange v2 - 1.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v2 - 2.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v2 - 3.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v209 - 1.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v209 - 2.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v209 - 3.job => moved successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully.
C:\Windows\system32\drivers => ":ucdrv-x86.sys" ADS removed successfully..
C:\Windows\system32\drivers => ":x86" ADS removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F98BD3F-6AAF-407D-A249-F12D30B3878C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{246A24D5-D84C-4F62-9BDF-9FED533C48AB} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08AB898D-B442-4A3C-87F6-71636DA161CE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8E058E0-4A19-4401-8349-DF564A5ED0CA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63AC0553-46FA-4AF5-9189-482D5B8A78FE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD96D9C0-4421-41D3-BE48-DBECDCC5DACF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{654EDC0D-A850-49AF-B807-240BA889C2B0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD47F883-E7D9-48A6-B4B9-175EA7BF2DDB} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFB34406-DF61-4272-A175-424ACD70C9C6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08B9BEF6-2EEB-4779-839C-46EEF484B20E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CEED008C-B4FD-46AD-ADCF-32AE3F4DEA8E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{636E9636-26B5-45B6-B464-484148B52755} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D20754EC-A6CA-4614-A21A-8E16FFDB335E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E6D9E1D-01E1-415E-9C47-D8E7A6E1D07D} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75872E73-5F5A-4F4B-949A-CF1CEA751A5B} => value removed successfully.
"C:\Program Files\LuDaShi" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3162CCF-042C-4E3B-AD68-46F7B0115559} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4F9AE61-5C58-4366-A02D-373A6233E594} => value removed successfully.

========= dir "C:\Windows\Inf" /AD =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\Windows\Inf

22.03.2017 13:32 <DIR> .
22.03.2017 13:32 <DIR> ..
21.11.2010 02:16 <DIR> .NET CLR Data
21.11.2010 02:16 <DIR> .NET CLR Networking
12.01.2014 11:17 <DIR> .NET CLR Networking 4.0.0.0
21.11.2010 02:16 <DIR> .NET Data Provider for Oracle
21.11.2010 02:16 <DIR> .NET Data Provider for SqlServer
12.01.2014 11:19 <DIR> .NET Memory Cache 4.0
21.11.2010 02:16 <DIR> .NETFramework
15.12.2016 06:32 <DIR> ASP.NET
17.04.2014 09:57 <DIR> ASP.NET_1.1.4322
19.09.2014 08:32 <DIR> ASP.NET_4.0.30319
15.12.2016 06:32 <DIR> aspnet_state
21.11.2010 02:16 <DIR> BITS
21.11.2010 02:16 <DIR> cs-CZ
21.11.2010 02:16 <DIR> en-US
21.11.2010 02:16 <DIR> ESENT
21.11.2010 02:16 <DIR> MSDTC
21.11.2010 02:16 <DIR> MSDTC Bridge 3.0.0.0
19.09.2014 08:33 <DIR> MSDTC Bridge 4.0.0.0
17.02.2015 22:50 <DIR> Outlook
21.11.2010 02:16 <DIR> PERFLIB
21.11.2010 02:16 <DIR> PNRPSvc
21.11.2010 02:16 <DIR> rdyboost
21.11.2010 02:16 <DIR> RemoteAccess
21.11.2010 02:16 <DIR> ServiceModelEndpoint 3.0.0.0
21.11.2010 02:16 <DIR> ServiceModelOperation 3.0.0.0
21.11.2010 02:16 <DIR> ServiceModelService 3.0.0.0
21.11.2010 02:16 <DIR> SMSvcHost 3.0.0.0
19.09.2014 08:33 <DIR> SMSvcHost 4.0.0.0
21.11.2010 02:16 <DIR> TAPISRV
21.11.2010 02:16 <DIR> TermService
21.11.2010 02:16 <DIR> UGatherer
21.11.2010 02:16 <DIR> UGTHRSVC
21.11.2010 02:16 <DIR> usbhub
21.11.2010 02:16 <DIR> Windows Workflow Foundation 3.0.0.0
19.09.2014 08:33 <DIR> Windows Workflow Foundation 4.0.0.0
22.03.2017 13:32 <DIR> WmiApRpl
21.11.2010 02:16 <DIR> wsearchidxpi
Soubor…: 0, Bajt…: 0
Adres ý…: 39, Volněch bajt…: 189˙066˙039˙296

========= End of CMD: =========


========= dir "C:\PROGRA~1" =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\PROGRA~1

22.03.2017 17:27 <DIR> .
22.03.2017 17:27 <DIR> ..
08.09.2016 19:30 <DIR> Adobe
05.03.2017 19:26 <DIR> AVAST Software
10.04.2016 20:19 <DIR> AVG
02.02.2017 13:07 <DIR> Bethesda Softworks
16.02.2014 09:16 <DIR> Canon
22.02.2017 13:21 <DIR> Cheat Engine 6.6
27.12.2015 18:12 <DIR> ChromeEnhancer
22.03.2017 17:27 <DIR> Common Files
13.03.2016 14:01 <DIR> DAEMON Tools Pro
25.06.2016 16:22 <DIR> DivX
22.03.2017 13:16 <DIR> DVD Maker
07.02.2017 14:39 <DIR> Elex-tech
08.02.2017 20:43 <DIR> Europa.Universalis.IV.v1.19.2.Inclu.ALL.DLC
21.08.2016 15:06 <DIR> GameforgeLive
26.12.2016 19:14 <DIR> GMT-MAX.ORG
01.02.2017 14:58 <DIR> Google
20.03.2017 13:52 <DIR> GTA San Andreas
22.03.2017 13:28 <DIR> Hi-Rez Studios
20.03.2017 13:52 <DIR> IDT
12.01.2014 11:07 <DIR> Intel
31.01.2015 23:56 <DIR> Internet Explorer
20.03.2017 13:44 <DIR> IObit
16.06.2015 20:45 <DIR> Java
16.02.2017 09:50 <DIR> Microleaves
25.03.2016 13:54 <DIR> Microsoft
24.04.2014 19:59 <DIR> Microsoft Chart Controls
24.01.2014 23:45 <DIR> Microsoft Games for Windows - LIVE
12.01.2017 14:17 <DIR> Microsoft Office
21.03.2017 05:57 <DIR> Microsoft Silverlight
22.12.2016 00:37 <DIR> Microsoft Studios
12.01.2017 14:17 <DIR> Microsoft Visual Studio
12.01.2017 14:17 <DIR> Microsoft Visual Studio 8
12.01.2017 14:17 <DIR> Microsoft Works
10.11.2015 15:03 <DIR> Microsoft XNA
12.01.2017 14:17 <DIR> Microsoft.NET
20.03.2017 13:53 <DIR> Minecraft
13.03.2017 09:55 <DIR> MK
12.01.2017 14:17 <DIR> MSBuild
27.12.2015 12:45 <DIR> NortonInstaller
27.01.2017 19:23 <DIR> NVIDIA Corporation
22.12.2016 00:55 <DIR> Nzsyeradom Monitor
18.05.2014 14:38 <DIR> OpenAL
22.03.2017 12:56 <DIR> Opera
05.02.2017 17:01 <DIR> Origin
25.06.2016 16:33 <DIR> paint.net
20.03.2017 13:53 <DIR> Paradox Interactive
20.03.2017 13:53 <DIR> PhotoFiltre 7
31.03.2016 18:29 <DIR> Pluto TV
09.05.2015 22:12 <DIR> Realtek
14.07.2009 05:52 <DIR> Reference Assemblies
27.12.2015 17:41 <DIR> saafeweB
13.10.2016 23:04 <DIR> Serif
05.03.2017 18:13 <DIR> Seznam.cz
25.06.2016 16:35 <DIR> Skype
20.03.2017 13:53 <DIR> SteveHood
20.03.2017 13:53 <DIR> TaleWorlds Entertainment
20.03.2017 13:53 <DIR> TeamSpeak 3 Client
21.08.2014 18:06 <DIR> thechineseroom
20.03.2017 13:53 <DIR> Ubisoft
22.12.2016 00:58 <DIR> UCBrowser
20.03.2017 13:53 <DIR> Victotria II
20.06.2016 08:26 <DIR> VideoLAN
25.06.2016 16:31 <DIR> VS Revo Group
01.02.2015 02:20 <DIR> Windows Defender
21.11.2010 02:16 <DIR> Windows Mail
13.10.2016 02:24 <DIR> Windows Media Player
12.01.2014 10:40 <DIR> Windows NT
21.11.2010 02:16 <DIR> Windows Photo Viewer
20.11.2010 22:33 <DIR> Windows Portable Devices
21.11.2010 02:16 <DIR> Windows Sidebar
14.01.2014 01:49 <DIR> WinRAR
01.08.2014 21:01 <DIR> Xiph.Org
Soubor…: 0, Bajt…: 0
Adres ý…: 74, Volněch bajt…: 189˙066˙039˙296

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\PROGRA~2

20.03.2017 13:52 <DIR> .
20.03.2017 13:52 <DIR> ..
18.08.2013 09:56 <DIR> Adobe
27.01.2013 08:30 <DIR> Aero Enabler
08.01.2013 15:13 <DIR> AMD
27.12.2015 17:35 <DIR> BrowseToSave
20.03.2017 13:52 <DIR> CoD RconTool
11.10.2013 17:28 <DIR> Common Files
24.12.2012 21:19 <DIR> Conduit
17.06.2013 18:12 <DIR> Creative
20.03.2017 13:52 <DIR> Cyberlink
24.09.2014 14:19 <DIR> DAEMON Tools Pro
13.08.2013 18:47 <DIR> directx
20.01.2013 15:38 <DIR> Dxtory Software
13.11.2013 19:36 <DIR> EZDownloader
29.12.2012 19:07 <DIR> FilesFrog Update Checker
25.08.2013 12:26 <DIR> Firefly Studios
02.10.2013 14:46 <DIR> Free Media Player
30.12.2012 19:10 <DIR> FreeTime
23.09.2013 19:03 <DIR> GameforgeLive
15.02.2013 21:38 <DIR> Game_Maker8
24.01.2013 17:10 <DIR> GOG.com
16.12.2013 05:45 <DIR> Google
20.03.2017 13:52 <DIR> GTA San Andreas
22.11.2012 16:11 <DIR> Hewlett-Packard
17.04.2013 20:52 <DIR> Hi-Rez Studios
22.11.2012 16:10 <DIR> HP Games
07.09.2012 09:19 <DIR> Intel
29.12.2012 19:23 <DIR> Intelore
13.12.2013 22:11 <DIR> Internet Explorer
20.03.2017 13:52 <DIR> Java
07.12.2013 13:21 <DIR> LogMeIn Hamachi
27.12.2015 17:31 <DIR> MagniPic
26.12.2012 22:34 <DIR> MegaDev
26.03.2013 14:23 <DIR> Microsoft
05.11.2013 14:28 <DIR> Microsoft Application Virtualization Client
06.04.2013 10:47 <DIR> Microsoft Chart Controls
12.04.2013 19:27 <DIR> Microsoft Games for Windows - LIVE
06.11.2013 02:45 <DIR> Microsoft Silverlight
03.04.2013 22:18 <DIR> Microsoft WSE
11.02.2011 21:25 <DIR> Microsoft.NET
02.10.2013 14:46 <DIR> Minibar
02.10.2013 14:39 <DIR> MKV Player
11.03.2013 20:08 <DIR> Movie Maker 2.6
02.10.2013 14:45 <DIR> Movies Toolbar
20.03.2017 13:52 <DIR> Mozilla Firefox
24.12.2012 22:35 <DIR> Mozilla Maintenance Service
27.12.2015 17:29 <DIR> Mp3Tube Toolbar
14.07.2009 06:32 <DIR> MSBuild
14.05.2013 12:58 <DIR> MSXML 4.0
15.12.2013 16:48 <DIR> NVIDIA Corporation
22.11.2012 16:01 <DIR> Online Services
02.11.2013 13:15 <DIR> OpenAL
27.12.2015 17:29 <DIR> Optimizer Pro
03.01.2014 16:44 <DIR> Origin
26.01.2013 22:23 <DIR> Pando Networks
25.12.2013 14:11 <DIR> PasswordBox
10.01.2013 22:51 <DIR> PhotoFiltre 7
15.02.2013 16:06 <DIR> QuickTime
04.01.2013 19:46 <DIR> Red Sky
14.07.2009 06:32 <DIR> Reference Assemblies
27.12.2015 17:27 <DIR> RelevantKnowledge
07.12.2013 20:59 <DIR> SearchNewTab
29.12.2012 19:07 <DIR> Seznam.cz
19.08.2013 18:18 <DIR> Shmehao.com
27.12.2015 17:22 <DIR> Sk-Enhancer
20.03.2017 13:52 <DIR> Skype
25.02.2013 16:00 <DIR> SoftwareUpdater
11.03.2013 20:34 <DIR> Sony
27.12.2015 17:22 <DIR> ss helper
27.12.2015 17:22 <DIR> Ss.Helper
20.03.2017 13:52 <DIR> Steam
11.10.2013 17:27 <DIR> Steinberg
13.11.2013 19:36 <DIR> surrf ande KEep
07.12.2013 20:59 <DIR> suurf aNid keep
07.09.2012 09:30 <DIR> SymSilent
24.03.2013 17:18 <DIR> SystemRequirementsLab
20.03.2017 13:52 <DIR> Tor
04.01.2013 21:56 <DIR> TuneUp Utilities 2013
20.03.2017 13:52 <DIR> Ubisoft
24.12.2012 21:19 <DIR> uTorrent
24.12.2012 21:19 <DIR> uTorrentControl_v2
07.03.2013 19:36 <DIR> VS Revo Group
25.06.2016 16:15 <DIR> Wanadoo Edition
27.12.2015 19:45 <DIR> WebSearch
11.07.2013 02:27 <DIR> Windows Defender
18.12.2012 14:06 <DIR> Windows Mail
13.12.2013 22:11 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
18.12.2012 14:06 <DIR> Windows Photo Viewer
21.11.2010 04:31 <DIR> Windows Portable Devices
18.12.2012 14:06 <DIR> Windows Sidebar
24.12.2012 18:30 <DIR> WinRAR
29.12.2012 19:31 <DIR> WinRAR Password Cracker
27.12.2015 19:47 <DIR> WxDownload
20.03.2017 13:52 <DIR> wxDownload Fast
20.03.2017 13:52 <DIR> Yontoo
07.03.2013 19:35 <DIR> Your Uninstaller! 7
21.09.2015 19:04 <DIR> YoutubeAdblocker
31.01.2013 14:25 <DIR> Zemi Interactive
28.09.2013 15:01 <DIR> Zen Studios
27.12.2015 19:45 <DIR> ZoomEx
26.08.2013 08:31 <DIR> Zrychleni Pocitace
Soubor…: 0, Bajt…: 0
Adres ý…: 103, Volněch bajt…: 189˙066˙022˙912

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\PROGRA~3

13.07.2015 16:44 <DIR> .mono
28.12.2015 13:39 270˙037 1451306107.bdinstall.bin
08.09.2016 19:32 <DIR> adobe
22.12.2016 01:17 <DIR> Age of Empires 3
08.07.2014 15:28 <DIR> ALI213
23.02.2017 14:41 <DIR> Apple
20.03.2017 13:45 <DIR> AVAST Software
10.04.2016 20:19 <DIR> Avg
03.03.2016 13:57 <DIR> Battle.net
27.12.2015 12:59 <DIR> BDLogging
29.01.2016 14:37 <DIR> BitRaider
18.03.2014 21:36 <DIR> Blizzard Entertainment
02.08.2014 18:20 <DIR> CanonIJ
16.02.2014 09:16 <DIR> CanonIJMSetup
02.12.2016 09:18 <DIR> CanonIJPLM
16.02.2014 09:16 <DIR> CanonIJWSpt
20.03.2017 13:53 <DIR> DAEMON Tools Pro
25.06.2016 16:22 <DIR> DivX
15.01.2014 18:01 <DIR> EA Core
27.06.2016 14:00 <DIR> Elder Scrolls Online
18.09.2014 20:45 <DIR> Electronic Arts
15.10.2014 15:31 <DIR> Firefly Studios
29.12.2015 11:48 <DIR> GFACE
25.08.2014 22:20 <DIR> Glyph
04.06.2016 20:04 <DIR> Hi-Rez Studios
06.06.2014 18:51 <DIR> Hunter
20.01.2017 17:09 <DIR> ie8
30.12.2015 09:17 <DIR> InstallMate
12.01.2014 11:07 <DIR> Intel
20.03.2017 18:06 <DIR> IObit
20.09.2014 23:30 <DIR> Iron Sky
28.01.2014 08:12 <DIR> McAfee
22.03.2017 13:01 <DIR> Microsoft Help
17.01.2016 20:07 <DIR> Microsoft Toolkit
03.01.2016 10:51 <DIR> MTA San Andreas All
27.12.2015 12:44 <DIR> Norton
28.07.2014 23:52 <DIR> NortonInstaller
22.03.2017 13:28 <DIR> NVIDIA
12.01.2014 11:46 <DIR> NVIDIA Corporation
16.06.2015 20:45 <DIR> Oracle
17.02.2017 19:50 <DIR> Orbit
05.02.2017 17:01 <DIR> Origin
15.04.2015 13:34 <DIR> Package Cache
25.06.2014 14:49 <DIR> PlayFirst
09.05.2014 16:44 <DIR> PMB Files
21.03.2017 05:59 <DIR> ProductData
18.01.2014 19:36 <DIR> RELOADED
15.05.2016 19:23 <DIR> REVOLT
25.03.2015 23:15 <DIR> Riot Games
13.04.2016 06:30 <DIR> saafeweB
04.12.2015 00:58 <DIR> SkidRow
25.06.2016 16:35 <DIR> Skype
18.01.2014 01:06 <DIR> Solidshield
26.08.2015 08:05 <DIR> SonicFocus
15.01.2017 13:48 <DIR> Steam
12.01.2014 11:10 <DIR> Sun
20.03.2017 13:19 <DIR> SWCUTemp
20.01.2017 17:11 <DIR> ttff
14.01.2017 20:29 <DIR> Ubisoft
05.10.2015 22:38 <DIR> Viafresh
20.09.2015 19:09 <DIR> Viafreshs
16.02.2014 09:34 <DIR> VS Revo Group
19.01.2014 11:32 <DIR> WarThunder
27.02.2015 02:33 <DIR> {BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Soubor…: 1, Bajt…: 270˙037
Adres ý…: 63, Volněch bajt…: 189˙066˙018˙816

========= End of CMD: =========


========= dir "%localappdata%" =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\Users\s\AppData\Local

22.03.2017 17:27 <DIR> .
22.03.2017 17:27 <DIR> ..
13.01.2017 13:50 <DIR> 0
13.01.2017 13:50 <DIR> 1
08.02.2017 13:41 <DIR> 2
08.02.2017 13:41 <DIR> 3
08.02.2017 13:41 <DIR> 4
08.02.2017 13:41 <DIR> 5
05.02.2017 15:51 <DIR> Adobe
13.01.2017 21:04 <DIR> CEF
13.01.2017 21:04 <DIR> Chromium
19.03.2017 20:58 <DIR> Diagnostics
12.01.2017 19:13 166˙968 GDIPFONTCACHEV1.DAT
20.03.2017 13:45 <DIR> Google
13.01.2017 23:20 <DIR> gslauncher
13.01.2017 23:19 <DIR> gslaunchershell
13.01.2017 22:41 <DIR> HirezLauncherUI
01.02.2017 14:52 <DIR> Macromedia
20.03.2017 13:45 <DIR> Microsoft
01.02.2015 03:05 <DIR> Microsoft Help
20.03.2017 13:53 <DIR> Microsoft Windows
22.03.2017 14:48 29˙696 MSGBOX.EXE
22.03.2017 11:47 <DIR> NVIDIA
03.01.2017 23:05 <DIR> NVIDIA Corporation
04.01.2017 12:49 <DIR> Opera Software
03.01.2017 23:43 <DIR> Programs
22.01.2017 18:30 <DIR> PunkBuster
29.01.2017 15:56 <DIR> Rockstar Games
27.01.2017 16:07 <DIR> Setup Integrity Check
13.01.2017 21:08 <DIR> Steam
14.01.2017 20:29 <DIR> storage
22.03.2017 17:26 <DIR> Temp
02.02.2017 13:12 <DIR> VirtualStore
Soubor…: 2, Bajt…: 196˙664
Adres ý…: 31, Volněch bajt…: 189˙066˙018˙816

========= End of CMD: =========


========= dir "%appdata%" =========

Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je 66FE-6EC7.

Věpis adres ýe C:\Users\s\AppData\Roaming

22.03.2017 17:27 <DIR> .
22.03.2017 17:27 <DIR> ..
13.01.2017 20:35 <DIR> .minecraft
13.01.2017 23:24 <DIR> .mono
06.03.2017 19:07 <DIR> Adobe
20.01.2017 17:10 <DIR> aehad
05.03.2017 19:25 <DIR> AVAST Software
03.01.2017 23:45 <DIR> Battle.net
20.03.2017 13:13 <DIR> DAEMON Tools Pro
07.02.2017 14:39 <DIR> Elex-tech
25.01.2017 07:13 <DIR> How to Survive - Storm Warning Edition
03.01.2017 23:08 <DIR> Identities
04.03.2017 16:01 <DIR> IObit
07.01.2017 15:01 <DIR> java
19.02.2017 22:57 <DIR> Kalypso Media
13.01.2017 22:53 <DIR> Macromedia
21.11.2010 02:25 <DIR> Media Center Programs
13.03.2017 11:39 <DIR> Mount&Blade Warband
18.01.2017 17:13 <DIR> Mozilla
27.01.2017 22:17 <DIR> NVIDIA
04.01.2017 12:49 <DIR> Opera Software
20.03.2017 13:53 <DIR> ProductData
01.03.2017 18:01 <DIR> Profiles
05.03.2017 18:14 <DIR> Seznam.cz
20.03.2017 13:52 <DIR> SmartSteamEmu
08.02.2017 20:36 <DIR> Steam
13.03.2017 06:58 <DIR> The Creative Assembly
19.02.2017 22:58 <DIR> Tropico 5
20.03.2017 13:53 <DIR> uTorrent
20.03.2017 13:52 <DIR> vlc
07.01.2017 15:45 <DIR> WinRAR
Soubor…: 0, Bajt…: 0
Adres ý…: 31, Volněch bajt…: 189˙066˙014˙720

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5384362 B
Java, Flash, Steam htmlcache => 353418104 B
Windows/system/drivers => 28418525 B
Edge => 0 B
Chrome => 164864 B
Firefox => 0 B
Opera => 497565504 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 6572 B
Public => 0 B
ProgramData => 0 B
systemprofile => 381249344 B
LocalService => 66228 B
NetworkService => 68042 B
kubaa => 1987206809 B
me => 10338065 B
s => 5225155290 B

RecycleBin => 113184 B
EmptyTemp: => 7.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-03-2017 17:41:50)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully.
HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key could not remove, key could be protected
HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79B42868-76A4-4D41-A161-DD320FA61180} => key could not remove, key could be protected
HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\iSafeService => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\iSafeKrnl => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\iSafeKrnlKit => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\iSafeKrnlR3 => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\iSafeNetFilter => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\iSafeKrnlBoot => key could not remove, key could be protected

==== End of Fixlog 17:41:52 ====

Znacna cast malwaru se drzi zuby nehty a nekolik jsem jich pri tvorbe fixlistu prehledl, takze si na Vas vyzkousim, jak si s touto haveti poradi ruzne antimalwarove nastroje.

• Nainstalujte MBAM 2.2 http://www.bleepingcomputer.com/downloa ... i-malware/
• na konci instalace zruste zatrzitko u volby Povolit bezplatnou zkusebni verzi Malwarebytes Anti-Malware Premium
• aktualizujte virovou databazi
• na zalozce Sken vyberte moznost Sken hrozeb a spustte sken (vezme cca 30 minut)
• do pristi odpovedi vlozte log s nalezy - dopredu nic nemazte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 23.3.2017
Čas skenování: 6:14
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2017.03.23.04
Databáze rootkitů: v2017.03.11.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: s

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 431545
Uplynulý čas: 1 hod, 1 min, 24 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
Spyware.PasswordStealer, C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe, 2560, , [88e807c6a10795a17f656ecdcc34956b]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 30
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [0b658e3f228654e224d4d7f361a1a15f],
PUP.Optional.SecureWeb, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [d49cd3fa50589e98270be5e4fb070bf5],
PUP.Optional.SecureWeb, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [d49cd3fa50589e98270be5e4fb070bf5],
Adware.Elex, HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}, , [333d55782682181e0c34f83c18e8a15f],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\mtSaophase, , [6b0585484c5ca0966f64aa409d667e82],
Adware.ChinAd, HKLM\SOFTWARE\QiLu Inc., , [046c5e6ff8b0290d1edaefcd689901ff],
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\IOBIT\ASC, , [3040c30a990f96a0f62fef3951b1c33d],
PUP.Optional.Ludashi, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ComputerZ_CN.exe, , [c7a9c30acbdd03330ddc9dee9d63837d],
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, , [75fb2ba21c8c330366c06710956b41bf],
PUP.Optional.TornTV.OL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Torntv, , [8fe12f9e4365d363d328097d55abc33d],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV20.09-nv, , [2f410fbe7236b680c2f158416e95cb35],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV20.09-nv-ie, , [bcb4715ccddb85b100b30693b35053ad],
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV17.05-nv, , [650b9f2e8622d1658e5d51486d96cc34],
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV17.05-nv-ie, , [036d973600a87cbaba31475270934bb5],
PUP.Optional.Sense, HKU\S-1-5-18\SOFTWARE\Sense-nv, , [de9289442c7c8fa7081afab634cf1de3],
PUP.Optional.Sense, HKU\S-1-5-18\SOFTWARE\Sense-nv-ie, , [6a06a72608a0ce68859d78383cc754ac],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\TotalPlusHD-3.1V31.10, , [d29e9b326c3c62d407fb009d6e950ff1],
PUP.Optional.Cinema, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\CinemaP-1.9cV20.09-nv-ie, , [80f0bb124464f640bdf6d4c5a16244bc],
PUP.Optional.CrossBrowse, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\CrossBrowser, , [30406c61ecbc3bfb89898d0fa063fc04],
PUP.Optional.HighDefAction, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\HighDefAction, , [195704c9cddb65d115181c870cf75ba5],
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\mtVaiafineco, , [1759d4f97a2e77bf5e9dde0bd52e1ce4],
PUP.Optional.YorkNewCin, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\YorkNewCin, , [d898a02d84241d1916b2204c9072bb45],
PUP.Optional.CrossRider, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [a9c7d4f97236e84e709b108d58ab43bd],
PUP.Optional.CinemaPlus, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\ARENAHD, , [db955c71a404d16531b40990aa59ec14],
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [97d9a8254b5d0036ac7202a003008b75],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [cfa19934208879bd0c75aed9ee1502fe],
PUP.Optional.Linkury, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [ff714e7fccdce55130f1effae51edb25],
Adware.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1011\SOFTWARE\mtHotfresh, , [f57b86476e3ac76f30781cb405fbd729],
PUP.Optional.Linkury, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [ef814a83891faf87ae73c42532d1b14f],
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [c8a8c805e0c8d363b1249fc3897813ed],

Hodnoty registru: 20
Spyware.PasswordStealer, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IEService, C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe, , [88e807c6a10795a17f656ecdcc34956b]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, Crossbrowse, , [e68ae1ece1c756e0b066d4c829da936d]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, , [1c547f4ea70153e395814c50e71cf30d]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, Crossbrowse, , [541c08c5872196a0bf57e9b3df247987]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|Contact, contact@online.io, , [313f636ab2f64aecb0d6d789b9479f61]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|URLInfoAbout, http://traffic.io/, , [75fb2ba21c8c330366c06710956b41bf]
PUP.Optional.CrossBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B2A221D3-CD4F-462D-B188-011F2FBA6CDC}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|, , [0d637657594ff93da1ca2db6669d55ab]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRest&co=CZ&userid=f0fb9083-b5af-37e2-0d93-0252e2f1ff47&searchtype=sc&installDate=25.10.2015&barcodeid=50066888&channelid=888, , [73fd5578634546f0c4f51acfe51e22de]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\ENVIRONMENT|SNF, C:\ProgramData\Vaiafinecos\snp.sc, , [c0b054797b2dbb7b5e5a4b9e0df622de]
PUP.Optional.CinemaPlus, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\ARENAHD|value, 1, , [db955c71a404d16531b40990aa59ec14]
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, , [97d9a8254b5d0036ac7202a003008b75]
PUP.Optional.PCTuner, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\HIGHDEFACTION|value, 1, , [016f537aedbbdf57f5bd7d2f30d36997]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [e38d309d9c0cd0663949780fa063fe02]
PUP.Optional.Linkury, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [ff714e7fccdce55130f1effae51edb25]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}, , [7bf539949b0df145f43ba54634cf7888]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}, , [fe72e0ed95139f976ec200eb04ff0df3]
PUP.Optional.Linkury, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [ef814a83891faf87ae73c42532d1b14f]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3Cq1g4YMsnRObs7OERP6AE8c7BemoJQt0O9CA1pTTPTeGBCksfhLEAq3P9h_jCbvleheDRtbDbyND6-B6XvZHtMJeo5TrhYVn0urvBCQWay9LYylOvj6FVrA-JMYmcHgS7wmDw4KBDMldkdqN_E3gAFWZjQ,,&q={searchTerms}, , [066a94391d8b270f08277972fe0546ba]
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, startpageing123, , [c8a8c805e0c8d363b1249fc3897813ed]
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1732726701-269562743-775657971-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.startpageing123.com/search/? ... earchTerms}, , [97d9527baefae25402d3ca982fd220e0]

Data registru: 3
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}),,[264aac21d1d7df571f7a72cbdd27fc04]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}),,[660a804d7f294de90495e15ca4609e62]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1732726701-269562743-775657971-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1VzsRiM5U0nqvNh4aIOg10UWXyx-Iy5t3h6xKRe29rIsSBuEfiSFh-MDt1D2ft4CXDqxYM6I3Z8UJwN_W6eRm3YRsRWj_0oql6gxR4czwexO8NDgkE48KyY2XNepeM78wyT1wGc0CY-08HBYW734C45lzQGEw,,&q={searchTerms}),,[90e07c51d9cfb680cecc44f96f95966a]

Složky: 147
Adware.Elex.Generic, C:\Program Files\Nzsyeradom Monitor, , [57196f5eeabec571b4a0c1eb817f8779],
Adware.Elex.Generic, C:\Users\s\AppData\Roaming\aehad, , [df91ede08820a195103e6865c53b0df3],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.Amonetize, C:\Users\kubaa\AppData\Local\10859, , [aac624a9c5e342f4ace12743e919966a],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.OffersWizard, C:\Program Files\Common Files\Config, , [462a07c65c4c40f6d8a55a5113f06e92],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\CertificateTransparency, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Crashpad, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\databases, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\data_reduction_proxy_leveldb, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension Rules, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension State, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\Temp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\Paths, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\Origins, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GCM Store, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GPUCache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIcons, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIconsOld, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Policy, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\Database, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\ScriptCache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\ScriptCache\index-dir, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\databases-incognito, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\GPUCache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\EVWhitelist, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\FileTypePolicies, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\OriginTrials, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\PepperFlash, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache\GPUCache, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\SwiftShader, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\SwReporter, , [c9a72f9eaff957df889707bed52b17e9],
PUP.Optional.UCBrowser, C:\Program Files\UCBrowser, , [2f415f6ea206cc6ab8cf9294c73b2ad6],
PUP.Optional.UCBrowser, C:\Program Files\UCBrowser\Application, , [2f415f6ea206cc6ab8cf9294c73b2ad6],
PUP.Optional.UCBrowser, C:\Program Files\UCBrowser\Security, , [2f415f6ea206cc6ab8cf9294c73b2ad6],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader, , [b7b98449f9afcd69b6b07fabfe04f709],
PUP.Optional.ChromeEnhancer, C:\Program Files\ChromeEnhancer, , [73fd20ad8f194ee8b6ba17ca4eb418e8],
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse, , [1c543a93377171c5ccbcaf33a35fa65a],
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse, , [1c543a93377171c5ccbcaf33a35fa65a],
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [1c543a93377171c5ccbcaf33a35fa65a],
PUP.Optional.CrossBrowse, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [1c543a93377171c5ccbcaf33a35fa65a],
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse, , [dc94f6d79b0dd660097f34ae38ca09f7],
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse\Crossbrowse, , [dc94f6d79b0dd660097f34ae38ca09f7],
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [dc94f6d79b0dd660097f34ae38ca09f7],
PUP.Optional.CrossBrowse, C:\Users\Guest\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [dc94f6d79b0dd660097f34ae38ca09f7],
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse, , [f878e2eb5a4ea88e0f79499903ff18e8],
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse\Crossbrowse, , [f878e2eb5a4ea88e0f79499903ff18e8],
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [f878e2eb5a4ea88e0f79499903ff18e8],
PUP.Optional.CrossBrowse, C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [f878e2eb5a4ea88e0f79499903ff18e8],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle, , [5b15b21b4b5d152148df539a2cd618e8],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0, , [5b15b21b4b5d152148df539a2cd618e8],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Roaming\Opera Software\Opera Stable\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle, , [e48cba13fbad9a9ced3700f35fa358a8],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Roaming\Opera Software\Opera Stable\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0, , [e48cba13fbad9a9ced3700f35fa358a8],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\icons, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\icons\actions, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\api, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\popupResource, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\SearchProtect, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\SearchProtect\rep, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\UI, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\UI\rep, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Alphalab, , [a5cb6b6285231e18688080d131d3d62a],
PUP.Optional.Linkury.Generic, C:\ProgramData\Viafreshs, , [e48c6d6018909a9c2bca34eed72bc33d],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik, , [c1af24a9b1f767cf22c5740654adcd33],

Soubory: 588
Spyware.PasswordStealer, C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe, , [88e807c6a10795a17f656ecdcc34956b],
PUP.Optional.MultiPlug, C:\Program Files\saafeweB\W.tlb, , [0b658e3f228654e224d4d7f361a1a15f],
PUP.Optional.Midie, C:\Windows\System32\config\systemprofile\AppData\Roaming\moses.exe, , [195727a6cade65d13543c4481fe334cc],
Adware.Elex, C:\Users\s\AppData\Local\1\wintool.exe, , [cba54786317788aeb244d70abb4521df],
Adware.Elex, C:\Users\s\AppData\Local\3\Downloader_ie8.exe, , [b0c0a7262583db5b3e6da9a95ca5b24e],
Adware.Elex, C:\Users\s\AppData\Local\3\yacqq.exe, , [9fd169642583f640cca0e3eb47b945bb],
Adware.Elex, C:\Users\s\AppData\Local\5\Downloader_ie8.exe, , [a2ceffcef2b691a5b8f30949a859fd03],
Adware.Elex, C:\Users\s\AppData\Local\5\yacqq.exe, , [40305a733276a6900468e7e7e11fb54b],
Trojan.Downloader, C:\ProgramData\adobe\explorer.exe, , [1d53b81522860e28f91e1bf216ebb34d],
RiskWare.BitCoinMiner, C:\ProgramData\adobe\rundll32.exe, , [acc48548773141f55081c7274ab6ab55],
Adware.Elex, C:\ProgramData\ie8\Downloader_ie8.exe, , [026ecd00268256e0acffe66ce1209868],
PUP.Optional.WizeSearch, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feeilhmlfcpfchpbgoknoeefdkbgionj_0.localstorage, , [511fb11c1e8a9f97e5309abbd32dae52],
Adware.Elex.Generic, C:\Program Files\Nzsyeradom Monitor\local32spl.dll.ini, , [57196f5eeabec571b4a0c1eb817f8779],
Adware.Elex.Generic, C:\Program Files\Nzsyeradom Monitor\local32spl.dll, , [57196f5eeabec571b4a0c1eb817f8779],
Adware.Elex.Generic, C:\Users\s\AppData\Roaming\aehad\UvConverter.exe, , [df91ede08820a195103e6865c53b0df3],
Adware.Elex.Generic, C:\Users\s\AppData\Roaming\aehad\main, , [df91ede08820a195103e6865c53b0df3],
Adware.Elex.Generic, C:\Users\s\AppData\Roaming\aehad\UniKeyNT.exe, , [df91ede08820a195103e6865c53b0df3],
PUP.Optional.Linkury.Generic, C:\Windows\System32\config\systemprofile\AppData\Roaming\agent.dat, , [85eb02cbefb90f27d0fef2f256aa7d83],
PUP.Optional.Linkury, C:\Windows\System32\config\systemprofile\AppData\Roaming\md.xml, , [2749ddf0b3f59a9c0f2429c49c64a45c],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Online.io EULA.url, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Online.io Privacy.url, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.ini, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.OnlineIO, C:\Program Files\Microleaves\Traffic Exchange\Uninstall Traffic Exchange.lnk, , [6f01a7262e7a5ed8aff73c53fa07b14f],
PUP.Optional.Amonetize, C:\Users\kubaa\AppData\Local\10859\Updater.xml, , [aac624a9c5e342f4ace12743e919966a],
PUP.Optional.Amonetize, C:\Users\kubaa\AppData\Local\10859\status.cfg, , [aac624a9c5e342f4ace12743e919966a],
Backdoor.Messa, C:\ProgramData\adobe\winlogon.exe, , [8be5428b55535bdbadde8be05aa85aa6],
PUP.Optional.YesSearches, C:\Users\kubaa\AppData\Roaming\Mozilla\Firefox\Profiles\0iqnj02z.default\searchplugins\findit.xml, , [3b35b31a792fbc7a8f8e4ab5669c8f71],
PUP.Optional.Midie, C:\Windows\System32\config\systemprofile\AppData\Roaming\Moses.dat, , [f8783994dbcd2511f1a7cd36e81b59a7],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [313f07c6a701d561cbf0bb4abe456898],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [abc5a32ac0e8ca6c0caf46bfe32001ff],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [bbb55479bfe97fb74c6f11f4946f649c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [cea21eaf7137b77fdbe0ec195da613ed],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [c1af8449f1b770c64972d431fb08a55b],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [91df408d614784b2a61549bc986bbd43],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [c7a986475256c96d0cb0e5207e859b65],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [c0b0e3eafaae70c64b710bfa51b23bc5],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [d49ccb02911771c5f9c312f3e1223ec2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [82eed1fc4e5a7bbb3488a065758e2cd4],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [462ae6e7c0e8d75f7d3ff70e3dc6966a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [056b3e8f4068b97deeceeb1a0ff4649c],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [561ae3eafeaa072f9b224eb7c34053ad],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [6e02824b1b8d47eff9c416efff043dc3],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [bfb17558efb938fe8f2ee02546bd7b85],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [2848f1dc02a68da927960ef74cb720e0],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [81efd8f5fcac56e0e8d58b7ac73c21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [f47cd0fd1f893303328bd72e3ac9629e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage, , [6a063b921c8c15217a8bd82e6c9728d8],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal, , [066ae4e9d9cfff377e8743c33fc41be5],
Trojan.Agent, C:\ProgramData\adobe\conhost.exe, , [0a667a53f8b0b97d3ab6afbf4ab94eb2],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk, , [acc427a6fdabdb5bd338f7a521e2db25],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [b3bdebe2a3059d99f43656544ab9758b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [27491eaf476173c3e941793108fb7d83],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [8fe1f5d806a289ad3dedcfdb3cc702fe],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [125e1fae6e3a320402286b3fbc470ef2],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\lsdb.js, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\background.html, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\content.js, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\DJSs.js, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihecdmkdbidbaceiknlbajmmomnpeee\1.1\manifest.json, , [93dd8a43c5e3f83e7fab466431d2a957],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\lsdb.js, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\background.html, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\content.js, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\MVXl.js, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkandnmeoelnplgpbcdjdjmcahdbfpi\2.1\newtab.html, , [5a160bc23b6dbe78a486901a0df633cd],
PUP.Optional.OffersWizard, C:\Program Files\Common Files\Config\ver.xml, , [462a07c65c4c40f6d8a55a5113f06e92],
PUP.Optional.BestPriceNinja, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [e68aca033e6a90a604d400d911f2738d],
PUP.Optional.BestPriceNinja, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [1d53a9242187ce68c41471681ce738c8],
PUP.Optional.Smeazymo, C:\Users\kubaa\AppData\Local\Runlux.exe.config, , [254bba138c1c0531093ac2250df60ef2],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\First Run, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Local State, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cookies, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cookies-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Current Session, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Current Tabs, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Favicons, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Favicons-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Google Profile Picture.png, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Google Profile.ico, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\History, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\History-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Login Data, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Login Data-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Network Action Predictor, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Network Action Predictor-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Network Persistent State, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Origin Bound Certs, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Origin Bound Certs-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Preferences, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\QuotaManager, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\QuotaManager-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\README, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Secure Preferences, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Shortcuts, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Shortcuts-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Top Sites, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Top Sites-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\TransportSecurity, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Visited Links, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Web Data, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Web Data-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\data_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\data_1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\data_2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\data_3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000002, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000003, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000004, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000005, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000006, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000007, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000008, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000009, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00000a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00000b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00000c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00000d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00000e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000010, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000012, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000013, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000014, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000015, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000016, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000017, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000018, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000019, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00001a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00001b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00001c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00001d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00001e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00001f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000020, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000021, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000023, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000024, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000025, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000027, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000028, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000029, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00002a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00002b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00002c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00002e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00002f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000030, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000031, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000032, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000033, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000034, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000035, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000036, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000037, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000038, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00003a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00003b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00003e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00003f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000041, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000042, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000043, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000044, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000045, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000046, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000047, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000048, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000049, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00004a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00004b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00004c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00004d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00004e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00004f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000050, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000051, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000053, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000054, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000055, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000056, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000057, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000058, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000059, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00005a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00005b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00005c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00005d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00005e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00005f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000060, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000061, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000062, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000063, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000064, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000065, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000067, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000068, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000069, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00006a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00006b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00006c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00006d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00006e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00006f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000070, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000071, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000072, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000073, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000074, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000075, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000076, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000077, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000078, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000079, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000011, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000026, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00003d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000052, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000066, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00007a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00008f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00007b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00007c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00007d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00007e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00007f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000080, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000081, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000082, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000083, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000084, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000085, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000086, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000087, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000088, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000089, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00008a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00008b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00008c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00008e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000090, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000091, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000092, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000093, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000094, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000095, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000096, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_000098, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00009a, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00009b, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00009c, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00009d, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00009e, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_00009f, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a4, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a5, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a6, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a7, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a8, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000a9, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000aa, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000ab, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000ac, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000ad, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000ae, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000af, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000b0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000b1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000b2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000b3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\f_0000b4, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Cache\index, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\databases\Databases.db, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\databases\Databases.db-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\data_reduction_proxy_leveldb\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\data_reduction_proxy_leveldb\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\data_reduction_proxy_leveldb\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\data_reduction_proxy_leveldb\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension Rules\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension Rules\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension Rules\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension Rules\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension Rules\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension State\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension State\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension State\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension State\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extension State\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\manifest.json, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\background.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\funs.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\gli_bg.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\g_gg_c.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\ist_bg.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\upalytics_ch.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\content_scripts.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\gli.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\irc.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\ist.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\up.js, , [c9a72f9eaff957df889707bed52b17e9],

Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\up_start.js, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\.usage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\Paths\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\Paths\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\Paths\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\Paths\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\000\t\Paths\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\Origins\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\Origins\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\Origins\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\Origins\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\File System\Origins\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GCM Store\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GCM Store\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GCM Store\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GCM Store\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GCM Store\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GPUCache\data_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GPUCache\data_1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GPUCache\data_2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GPUCache\data_3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\GPUCache\index, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIcons\6280.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIcons\6281.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIcons\6282.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIcons\6283.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIconsOld\2DFB.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIconsOld\2DFC.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\JumpListIconsOld\2DFD.tmp, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_mail.google.com_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\chrome-extension_bpiopmneeadfapifejkfpahpljkicpik_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\chrome-extension_bpiopmneeadfapifejkfpahpljkicpik_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_foxi69.tlscdn.com_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_foxi69.tlscdn.com_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_hangouts.google.com_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_hangouts.google.com_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_mail.google.com_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_plus.google.com_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_www.google.com_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_www.google.cz_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_www.google.cz_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\http_mf2.advantage.as_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\http_mf2.advantage.as_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\http_pc-help.cnews.cz_0.localstorage, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Local Storage\http_pc-help.cnews.cz_0.localstorage-journal, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\data_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\data_1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\data_2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\data_3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000002, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000003, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000004, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000005, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000006, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\f_000007, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Media Cache\index, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Policy\Signing Key, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Policy\User Policy, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\Database\000003.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\Database\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\Database\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\Database\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\Database\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\ScriptCache\index, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage\000004.log, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage\000005.ldb, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage\CURRENT, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage\LOCK, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage\LOG, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Session Storage\MANIFEST-000001, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache\GPUCache\data_0, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache\GPUCache\data_1, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache\GPUCache\data_2, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache\GPUCache\data_3, , [c9a72f9eaff957df889707bed52b17e9],
Adware.Ghokswa, C:\Users\me\AppData\Local\Jamlarry\User Data\ShaderCache\GPUCache\index, , [c9a72f9eaff957df889707bed52b17e9],
PUP.Optional.UCBrowser, C:\Program Files\UCBrowser\Security\ucdrv-x86.sys, , [2f415f6ea206cc6ab8cf9294c73b2ad6],
PUP.Optional.UCBrowser, C:\Program Files\UCBrowser\Security\uclauncher-x86.exe, , [2f415f6ea206cc6ab8cf9294c73b2ad6],
PUP.Optional.UCBrowser, C:\Program Files\UCBrowser\Security\uclauncher.exe, , [2f415f6ea206cc6ab8cf9294c73b2ad6],
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\ASCDownloader\Downloader.log, , [b7b98449f9afcd69b6b07fabfe04f709],
PUP.Optional.ChromeEnhancer, C:\Program Files\ChromeEnhancer\bhelper.dll, , [73fd20ad8f194ee8b6ba17ca4eb418e8],
PUP.Optional.ChromeEnhancer, C:\Program Files\ChromeEnhancer\bhelper64.dll, , [73fd20ad8f194ee8b6ba17ca4eb418e8],
PUP.Optional.ChromeEnhancer, C:\Program Files\ChromeEnhancer\ChromeEnhancerMonitor64.exe, , [73fd20ad8f194ee8b6ba17ca4eb418e8],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Local State, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cookies, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Session, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Tabs, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Favicons, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Session, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Tabs, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Shortcuts, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Top Sites, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.CrossBrowse, C:\Users\kubaa\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Visited Links, , [7ff109c47b2dd660cfb913cffa08e21e],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\background.js, , [5b15b21b4b5d152148df539a2cd618e8],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\manifest.json, , [5b15b21b4b5d152148df539a2cd618e8],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Roaming\Opera Software\Opera Stable\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\background.js, , [e48cba13fbad9a9ced3700f35fa358a8],
PUP.Optional.RelevantKnowledge, C:\Users\kubaa\AppData\Roaming\Opera Software\Opera Stable\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\manifest.json, , [e48cba13fbad9a9ced3700f35fa358a8],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\background.html, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\chromeCoreFilesIndex.txt, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\manifest.json, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\popup.html, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\manifest.xml, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins.json, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\104.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\119.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\14.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\19.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\200.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\220.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\234.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\246.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\253.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\273.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\281.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\289.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\335.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\345.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\354.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\376.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\379.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\385.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\389.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\390.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\391.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\4.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\64.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\7.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\9.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\extensionData\plugins\97.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\icons\icon128.png, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\icons\icon16.png, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\icons\icon48.png, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\icons\actions\1.png, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\025f6cb9144912a33795139106db3d58.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\6ac180612f2c85d098333fe8cd0aca85.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\api\687a8c5d43724fc247c8ae6d8b2f1195.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\api\7dca56a3e3eaa1bc1e6ab97003085bee.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\api\9552ead536ab83301a37021e87b79e0e.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\api\pageAction.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\2d96ab9e8071f5c3ae0887082a549820.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\319cac239fef0b56b0486e910c7393a5.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\4809ab18b1300aca8387bf968b739b23.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\7284aa4fe22e28a0f93a1c144dc8d9de.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\770889c15f4cc0cd31fdd786ede4e6f7.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\app_api.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\c4484db909d605d56e25b1468704a422.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\cb084c9dc178a6557abddbd5fbf5914f.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\ee4e6b142c4702f1ccf73d9def8c4b78.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\f1d788316b6566c5521b533d41e5df02.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\installer.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\popupResource\newPopup.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.CrossRider, C:\Users\kubaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi\1.26.99_0\js\lib\popupResource\popup.js, , [f37deae35b4d9f975c7d7e7530d2e21e],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\kuba\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [b8b8c70633751521590bd71e79899f61],
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Alphalab\InstallationConfiguration.xml, , [a5cb6b6285231e18688080d131d3d62a],
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Alphalab\uninstall.dat, , [a5cb6b6285231e18688080d131d3d62a],
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Alphalab\uninstall.ico, , [a5cb6b6285231e18688080d131d3d62a],
PUP.Optional.Linkury.Generic, C:\ProgramData\Viafreshs\ff.HP, , [e48c6d6018909a9c2bca34eed72bc33d],
PUP.Optional.Linkury.Generic, C:\ProgramData\Viafreshs\ff.NT, , [e48c6d6018909a9c2bca34eed72bc33d],
PUP.Optional.Linkury.Generic, C:\ProgramData\Viafreshs\snp.sc, , [e48c6d6018909a9c2bca34eed72bc33d],
PUP.Optional.Linkury.ACMB1, C:\Users\kubaa\AppData\Roaming\Mozilla\Firefox\Profiles\0iqnj02z.default\prefs.js, Dobré: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Špatné: (user_pref("browser.startup.homepage", "C:\ProgramData\Hotfreshs\ff.HP), ,[f57b4687d4d465d14a6f3fbe2fd4bd43]
PUP.Optional.Linkury.ACMB1, C:\Users\kubaa\AppData\Roaming\Mozilla\Firefox\Profiles\0iqnj02z.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\ProgramData\Hotfreshs\ff.NT");), ,[aac60ac37236082e85f7124017ed857b]
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\manifest.json, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\background.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\funs.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\gli_bg.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\g_gg_c.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\ist_bg.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\background\upalytics_ch.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\content_scripts.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\gli.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\irc.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\ist.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\up.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.ChromeADR.Generic, C:\Users\me\AppData\Local\Jamlarry\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik\1.1.1_0\content\up_start.js, , [c1af24a9b1f767cf22c5740654adcd33],
PUP.Optional.Linkury.Generic, C:\Windows\System32\config\systemprofile\AppData\Roaming\Config.xml, , [b3bdf4d93375dd591c5a7d6d09f744bc],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Vsechny nalezy smazte/presunte do karanteny.


Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/23/2017 11:14:02 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\s\AppData\Local\Microsoft Windows\taskhost.exe (PID: 3328) [SFI]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* TBS [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/23/2017 11:16:12 AM
Execution time: 0 hours(s), 2 minute(s), and 10 seconds(s)