Dobre rano.
Velke mnozstvi souboru v praci ma z niceho nic koncovku .wallet a nejde otevrit. Google napovedel ze se jedna o nejaky ransomware. Prikladam log z RSIT.
aLogfile of random's system information tool 1.16 (written by random/random)
Run by Recepce at 2017-03-12 06:07:06
Microsoft Windows 10 Home
System drive C: has 189 GB (79%) free of 238 GB
Total RAM: 3278 MB (42% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:07:15, on 12.3.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
C:\Program Files\Okidata\ActKey\Network Configuration.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIKTE.EXE
C:\Users\Recepce\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Recepce\AppData\Roaming\Oracle\bin\javaw.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\VIVOTEK Inc\ST7501\Client\LiveClient\VMSLiveClient.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\Taskmgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\system32\DllHost.exe
C:\Users\Recepce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Recepce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Recepce\Desktop\Downloads\RSIT.exe
C:\Program Files\trend micro\Recepce_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Network Configuration] c:\Program Files\Okidata\ActKey\Network Configuration.exe /RunWithOS
O4 - HKLM\..\Run: [ST7501 Service Control] "C:\Program Files\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIKTE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-R5690 Series" /EF "HKCU"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Recepce\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [nhLOqKrahma] "C:\Users\Recepce\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Recepce\CRlgRdFcyHW\peyfwFuAQNE.sPdynT"
O4 - HKCU\..\Run: [firefox.ddl.jar] C:\Users\Recepce\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\Recepce\AppData\Roaming\firefox.ddl
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Sit.bat
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - http://192.168.39.33:8088/RtspVaPgDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{a02560ca-41bf-455a-a902-d349316cfe15}: NameServer = 8.8.8.8,195.189.0.44
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\system32\IntelCpHeciSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ST7501 Uranus Watch Dog - Unknown owner - C:\Program Files\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 8094 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\EPSON WF-R5690 Series Update {C735B0D8-1E48-4400-8FBA-7F0345B56FF8}.job - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKTE.EXE /EXE:"{C735B0D8-1E48-4400-8FBA-7F0345B56FF8}" /F:"Update"
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\WINDOWS\system32\tasks\EPSON WF-R5690 Series Update {C735B0D8-1E48-4400-8FBA-7F0345B56FF8} - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKTE.EXE /EXE:"{C735B0D8-1E48-4400-8FBA-7F0345B56FF8}" /F:"Update"
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\Recepce\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{A1B100FA-DEB0-4700-BAA2-B6EED6C5D3DF} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe ForcedRebootRetry
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.162 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\extensions\
npdmaned@onyxsoftware.cz
C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\extensions.json
Dman Data Editor - extension - npdmaned@onyxsoftware.cz - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\extensions\npdmaned@onyxsoftware.cz
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\features\{0b95f2c3-cdd9-43ad-bb17-0a51ad6e1af6}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\features\{0b95f2c3-cdd9-43ad-bb17-0a51ad6e1af6}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\features\{0b95f2c3-cdd9-43ad-bb17-0a51ad6e1af6}\disableSHA1rollout@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\features\{0b95f2c3-cdd9-43ad-bb17-0a51ad6e1af6}\aushelper@mozilla.org.xpi
C:\Users\Recepce\AppData\Roaming\Mozilla\Firefox\Profiles\31llv6eq.default\pluginreg.dat
Plugin - Adobe Acrobat - 10.1.16.13 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
Plugin - Adobe Acrobat - 10.1.16.13 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Plugin - Windows Live Photo Gallery - 15.4.3555.308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.50901.0 - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
Plugin - Java(TM) Platform SE 8 U121 - 11.121.2.13 - C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 7.0.250.17 - 10.25.2.17 - C:\WINDOWS\system32\npDeployJava1.dll
Plugin - Shockwave Flash - 23.0.0.162 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll
=========Google Chrome=========
C:\Users\Recepce\AppData\Local\Google\Chrome\User Data\Default\Preferences
Extension aakhlmakppmkkmfkoibponkmmpgpmjgl
Extension aandpgohbohmlknpjbblpmoladhoochg
Extension aangdcfipmfploijfkoonkajgpdkfmbm
Extension abciiempgohamehppammbkhkicmkgkob
Extension abfclfmhaemoockhhinpplncjehfpdbd
Extension abidmaanmbfeddegmapgpjhdmgjaloen
Extension acchaoeabgiclhngknbkegekbfphgndl
Extension acmpfcamncegnhjdeiodgilikjafcamg
Extension acomnmbomlajgjbcijkflekoojdfcldj
Extension aconhjfogglfnkjhkjipaifepjklolog
Extension aebfkgcamgnimcbnbiopgdakknjgggnm
Extension aemcjbfajnnmhblifaejadoecfoaebld
Extension afenhmponmfmdmbmccbmglppcmjhmhmh
Extension aglmapjbjphdidmnileogpjkgpdoliep
Extension agmhonoepgcnakccfpidhjehlocaeaaj
Extension agodbcffjkjcnceklapkjfcmkfepmbgm
Extension ahfgeienlihckogmohjhadlkjgocpleb
Extension ahjfgnikolodijnpakeknpilnemojlhc
Extension aieglpnmmhleoenpbmfaffppfomgjmba
Extension aieihijcjcccdiepockaiekhpflicdii
Extension aifmjmboebdkdelpjenakhaodgneempp
Extension ajlkjjdbgcjdiklbcomhnfghjigfccoh
Extension ajneiojjdhceikkgmhnjhgaacpfhldpi
Extension akadaakimgegecohlifeejdnnjbnobop
Extension akbdojiajlefghcdclgkgmbbljamgehd
Extension alcbnnpmipohgdllkkglhkbncijplago
Extension aldalonecchncedclgcndcndgilaclnk
Extension alfahpoknocfdebmiclonikapcnljlob
Extension aljdncnajablgppdcfbehhmidlmbndda
Extension amfgdngndpfldigimkcindjalokfnmem
Extension amoobcjlpgloocplpikcldcpjjdnoeii
Extension anmjpohfnlopdfaojooicpemopnliimn
Extension aofechiiopolnegcjcddgedjabmkemhf
Extension aojicjocmihiopalnhjikigammkhgckb
Extension aokenbhllkgpooaacldiamnpmmgkjblo
Extension apdebchnkegjokdjplmfmepcdgneemhe
Extension apdmgffkfhjfeejmbjidennfjdkmmmbl
Extension aphncaagnlabkeipnbbicmcahnamibgb
Extension bccdgfmbcjkfkinkkagaflgdaoaamogo
Extension bcddmcejgphfgofbpoocakaeapfomlek
Extension bckhfnghfdponbaldednpnljadgfjecj
Extension bdgijcibmhjjccgbdohofncdjcophknj
Extension benclngoadbppljglhphhnfknoppmjoa
Extension bhdkpmneahdelgdgfhddianklldfoell
Extension bhkdpodceenlocjmmgodpbbpkafkpljc
Extension bhmahaiplmeodpakkcchmolaihbhkpdl
Extension biiponhbbifajapmbggbgaepiedinifm
Extension bilgncckogfgfipdlejkffnbkgjkmflh
Extension bioeopenmokdgbekbgpgnacecjmpckbb
Extension bjihddggcgnblgojnmhpnngonofbnkaj
Extension bkhafliomebnpccanacmlfaemgfiofko
Extension bkkchglolnigbfncnbnnbhhempjkdpkf
Extension bkplhcigeaiiliajeehehiikokgocbhb
Extension bldgnkigdcpgnbfehgbameigoohecdfl
Extension bmjhmeeepkkbmjdajachipfgihmpokpd
Extension bndahdijlcnncjbpammoedeapmlobllc
Extension bnffnggkphadlnoopcoakdnkellnifjp
Extension boaoagnmpennjoigkkmnjhecapibhfko
Extension boclfockfmgcppbajihcgajhpggaakgl
Extension bokkificjhapflinbdejegngffgkcgfe
Extension bpfadpmhabiajakhgnaipdplkcjaklnj
Extension canhmdgddepdjikkjhpmhcfdkkjdbppi
Extension caphkimknlmnhpjoneddiaakmcaajagb
Extension cbbbpmlnlpnjojeplppgeilanlihoojg
Extension cbbjhegipokkofhhicbckicchjpcpeni
Extension cbhhdkemlehgodemcigfabmcdnohhhef
Extension cbjlfaogacjpkplebfbijaakaifoflno
Extension cconecmbohgadkjghlfbchmjpgbobkaf
Extension cdogaeccgljmkecjmoedambgiekkllij
Extension cedclbokcakighlpbnbhfjffdjeihfdp
Extension cekdjgnecpoooikhmceokdhojckkkhmh
Extension cepfogmgfkddnllaopgknbdfkceejmhk
Extension cfbdodejdeejbkffcmiaknpmojjeibpn
Extension cfdedhfmaeiheeklgodcmcgfpedooocj
Extension cfnfobbpdaccoljfahpmfjdmbfmmkeof
Extension cfogpbanfnocakdckmgafapdlmclpiln
Extension cgnegjfmdfenjojhjffejinpnpoglmlh
Extension cgnkbnaiipmfbakpmhllalggoepniemh
Extension chhniecmnighakmlnhkifeogjddhoajn
Extension chlplighidmhpgmidehfmjfdlahakjog
Extension cidnoinjdbalndcidafahfnoeehfblfl
Extension cihlkpohodpdkdnfalhdkhhlhmhffmbe
Extension cjhklhdjonhcohlacgggcbklpnldleck
Extension cjohbbapkbkkhpohinffggbphnhoblea
Extension ckckpgefkpjfopjppjfcikppehdhceah
Extension ckphhghhpjbfddcgkpfbelfeojcciglo
Extension clapnamcglekekmamicmbahkghdcjaeh
Extension clfhanhcjmgjnbpjfopldmnabimhmcmp
Extension cmjphjljejnfgdbkdgdlclaabimpknna
Extension cmlokmkdolieoaoddlfhaidnlmiadhik
Extension cmnfphnmpedeolmelllmgkghmjcnlajp
Extension cnimdnlablahacgompaahbgohcokcclp
Extension cniodhfhdiidogekcjkplecimemfocpn
Extension coajchbkdbfhmhbgcjepiofllfjjcpfp
Extension copjbedljgpkaakkmbhgkpoaadeahido
Extension cpiiakoibaohkfoaijaigdnocfolnmll
Extension dadcalgappognjbjpalfophhcfakoeac
Extension danapgfidmepmcfbjjacceiaiiioieio
Extension dbanhghadfmjndnjmmejdgfdmgidlbpm
Extension dbiblcmlcgdjjbdpbmbcpineegngkiip
Extension dbmdicehacbaohlockjgdglcobimmjkh
Extension dcfefnkefopibnlcjhjcfegckhanekld
Extension dcpjokbfgfnbaekphjgehhjaokkcifbj
Extension dejippphmhbpgckbhdidnjmdcpfccbaj
Extension deocpjmfifplhepinpkmpinpnbiemfje
Extension deonbedlmakdddidplniclflladdjoep
Extension dfafokiagoiocidlpglcanjkcdbdnioi
Extension dfjhgoeofgmepmcngkhnaiphbhdbonhp
Extension dfoegfajplmijblljfancdapbdaopebb
Extension dgaehaeahdegbdlenicbmkbakhdgoeml
Extension dgcfmgdfbfbgcpbendbhbkfjppboebed
Extension dgkemngdheppgohkjjelnkjmdeimmfml
Extension dhclobcklknojliojkkclgjndemadnig
Extension dhdepfaagokllfmhfbcfmocaeigmoebo
Extension dhmghpedmigfknfpolfmkihcaeiccjgf
Extension dibljdngacjhpccjckmlmeklpgjeinjd
Extension digmihafmlfkgdbjjdgbcojghcgcoeoa
Extension diinokaoicgobepmadnmedlhdfnpehcj
Extension dinhjcapnfbffhiihdlnbdfjdjjfhcbk
Extension djjddbeligongockkakmbfdngdjdnagb
Extension djnahdkbfgnhgpakidinfonfcjbagkgp
Extension djpnjilhooodipllnjedjeiabkboakok
Extension dkhkecikbdfpoiopnnpoeglbdphgflmf
Extension dkpdmjefniplpkalcgnainfmmclllpnn
Extension dlobhinihbmedmheccecfnkcadpehmbf
Extension dlopielgodpjhkbapdlbbicpiefpaack
Extension dmabikjmolgegjajdhmgpmgffajlmmkb
Extension dmhgenmamfphbclmhdgmffajkfommkom
Extension dmhjdbigobajgnfoabodjgmcdgoeoljm
Extension dmkdhgkknhnfpdjeicefnpmhcpbimden
Extension dnemhlkdpajbbniphgkgceplmnkfnhfo
Extension doneghboglgnflpdicnkaojmmljgejkj
Extension dpaphgcjeeochbiafgbochohgmpcmlbj
Extension dpcdiabehkofdddfhdmkgkndjilfoppd
Extension dpfanoongnoofcdhgijjdjmbnfekdejj
Extension dpgenihgggagjjggfocjceeobjkadcbc
Extension dpmloehicimdjkibmobhmpgdndgbcced
Extension eagmciolnojfofmggkffclbonhleeank
Extension ebdcdchjcndpjhehacedepnggfdbfkpn
Extension ebhdpnhjbfkchfamjcpebpeddhhicnab
Extension echjhfifjidfhoappglfmoffcpmpkigb
Extension echngajnlpjeacbanjejlhcajjfoedcc
Extension ecinfbhalenfhdhnljmkglajfjjfehoj
Extension edmnikahahfkfilbbjbdoiabnghbkmjc
Extension efbeabpbbkahnnjalakldjfhljboclkf
Extension efcnjdcimjmggfdkahncpoikhehcfgnh
Extension efhjelcghjkfigiagdfbfilndaffpmdj
Extension efnaljpgehfilpmkhobibbjceeeondmn
Extension efonemhbokfedckpfpohpmcamfihnnlm
Extension egljdhfnbjahogjahnigfnbpidlmdagi
Extension ehgoiaffgjoinpkllmmnikghgpghnabc
Extension ehmjnpjodmgeocfphkjjnheiheehcoid
Extension ehomcoocpagnlcakcbecdaknmacmedld
Extension eiflkkehgogioennialfbilppmegcpoa
Extension eihjeehdobnpkonebmpanonopghepfle
Extension eijbdinddjecmebnlienfoijpjjobkjh
Extension einmhcleeonenkkldjlmhhcmgolhblhh
Extension ejakhnjbomgngodiidgbkapjgbdckhnh
Extension ejijgghlncnaphklndknkbkclebfboca
Extension ejlekamipdcfcfpgfepjmklllbpeecaj
Extension ekikoahmboikmmclhnijlmldpmleahnh
Extension elcaigjcaijbfpjngaekbblphmfjdhfo
Extension emcdpbapjmnjgoannclkongdfboaabho
Extension eofejpelggimkodeojpeojnbijgiglgh
Extension eopmhecjnginkckggjmhombbopmkjpam
Extension epbmnbdplhcomkedpjfceakddnbgfjmf
Extension fafoohpbicgbcejffcplajonhhooddle
Extension fakdahljemjliginkgdehfoocmjgloam
Extension fbhiehmngojjcmljddjmgpmcockbccmo
Extension fbjjhbijaiopkcdolheliknnjlkaekeb
Extension fbmgoajoadbjhoachcdiplofcblaihdc
Extension fbmimoidopbghbcmdmpkjaffffmcbmbg
Extension fcfepemfihgibdacjlnlecebknaaepmj
Extension fcijaeofmfihkldhkofkjoibdoeoflha
Extension fclheclkknbgfndeahkfdomollhmfkcn
Extension febmhchodibcbchcofonaamfglbjhggg
Extension fekjidlkjnecepnlmdmjohmgpkdlbegi
Extension ffgfbfakpcnngelphjnppokmoicdollk
Extension fhlkffpjoajppmhcakbkjndbjfljccpi
Extension fhpclkemjlhmbfbjakbmdjihocinkmim
Extension fiapkdjniadkodmdibdnchoifkpfoiid
Extension fibgploapkhokkbncddlkcmbmiengcfp
Extension fihepkmlkmciffbhijldnpmifhbkiinp
Extension fiiblakkkkgeljngobmpeljjapemenhi
Extension fjhfnfakmfcejgmfkmnapemgblmehppf
Extension fjjeecfjmgfnleghoellhldedkaocjfc
Extension fjpofaghniailakahnhkjjfbfonpfglo
Extension flalbhkmnijcnpialgakicllnabckmhi
Extension fleljamdchegbjeiipbnmiebnhgheeld
Extension flmmgcfcpbfddenepkfmgfpbaceolcoe
Extension fmcccidacjgnfiafddkngmeolkoiihil
Extension fmonlemffgbabjifjfaoamdflijecdbk
Extension fngolbdmkneakeaoiieafkilnogbocda
Extension fnhcgnmfccojojojacgeiaaeacefdohb
Extension fnihpenllbnplcglabekelhhblcdndbb
Extension fnkaadkanmfgpfbmdcllhjdgmdbgljpi
Extension fnnmbghphdnmmjdapccfobgjemjadeli
Extension fnoadkjdjfgafomgmablhmffooijcfbn
Extension foenbafkkmajnmfnlcmejonkfaipdmme
Extension folhciaicehdnoalhbkbgkakfcockopc
Extension fomljmklmcefndkgpakgifbiiidgbjej
Extension fommcgokigkhmnhlhlkckfjhefnmfohd
Extension fopgndklnkecillfbdmfknhmadmenikm
Extension fpbippbofbmgmbojjmgfcifpmdaelcmd
Extension fpbkafpphnhlpakobppekmkebmbhkoco
Extension fpjdackpllilinpkgmhkpidkanmccblc
Extension fpmajanjndhgpifbcbnklbiehgnpkgmf
Extension fpoajjnnpmledpmohlgpgbmlhbgkgahg
Extension fpokembamndopkflopmplkklbdngnknd
Extension gagalgomhifgcmeciklindhpaihmecgi
Extension gaicmfjflflabagobdiodejfpjikheeo
Extension gandihaiobadcggbfkhpbkocmiemjlnf
Extension gbenikfjhilhpgagllmfgggdjaflbmbi
Extension gchbiabnbdikkgfhnkclecjncojnkmhb
Extension gdggdkkjecogagaffaemnbfmllcoihjp
Extension gdlgbpbmiiagaikjbednkikinokbkbcb
Extension geggofhlfbcmanadhknllmlajiafopoh
Extension gekkhpjigmckhgmgngadbeknekgpgolb
Extension gfjfhihpkmehdmblhfaikkipeplpdcla
Extension gfmmoiakbmdohkgeoekiokjgljcminig
Extension ggkpicnfnljflddbdoeeaajjgepapcbf
Extension ghgphbmpcfgkfneodjpbdanmdoemklio
Extension ghmaokcegalalefnhlfcnjhnpdbanjkj
Extension gifglngcdbggmlgkcombebegdaoknkho
Extension gjkbghdignnlcknknflbigpammebiolo
Extension gjmhdmobkhfhkpfmfegnkkimlamjdldi
Extension gkcfodgjdcijjlliehfhgohlkemcbobl
Extension gkhbgnodbilglgholifcjdblbgdaieah
Extension gkjeccpmibljcfpfapfljciimedljpnm
Extension gkjmgdpdndoaiholejnmdbbpdaafahmm
Extension gklphmokmaaepjgandocpneomjlidjag
Extension glhhlafadlhkgbklgbjnmblfhnkfknbm
Extension gmghjgfdialcnhadahmjefeflgnhcjeb
Extension gnapdhmknipknfmhhnhdmhakdfhgeing
Extension gncfgndgeoddelbfhlndhljnecoednaa
Extension gngfmjidncdccdlfjcjbnngeaaclfgpl
Extension gngmkbiihflpghldjnbpemaicedhdddk
Extension gobjcjhhebpjbmjdgmejhebbleadnceo
Extension goedioiidkokkbobdnopnlnaaalniegm
Extension gomkbnfeifchddfokcicibjnlgbolhol
Extension gompblemgafijijmlgbaepcijfgfgljf
Extension gpdcodmabpgmncbkhpipakhehepmpopk
Extension gpgehbjbkfhngdlfpfeokjgbkmmokjhe
Extension gplgjmecjpbfcdikpbicknafcnfcidek
Extension hbaajkahagmlkdekmbdabikbopdgpaac
Extension hbdhabpmbbanaopgkbaondabkkepjfaf
Extension hbmlheccjkodhfejcmblndjodllmnlnl
Extension hcapokajkngndbglnfglpfdpoeidmpha
Extension hcpndbchnlgojmnijaldkicigmihmdca
Extension hdijkiondgomjpehfhopomicjbiodmcm
Extension hdnbmmfjbblajkjkcaeofolgfnljpnim
Extension hecijapnccjhonbmacmkmffooodfokoo
Extension hefmoncdemhjembgbnkgglhlookbipdc
Extension hfcgbiofoebieldldghfocjfnnajmpej
Extension hfjpjodbolkmheaehcnmfhjakjileoof
Extension hfpfbhnmbbigpmoodjemilggabklpopj
Extension hgbaomphocgmdpmiohjclchaaljpaelp
Extension hgboiaecclcbjphldpbgfgggcbihmnai
Extension hgjgaeknhmidehalnmokomhpfhbfmpcm
Extension hhbihfbjoifhhebcnchglobmkmapgjkm
Extension hhfffemhgkginfafaoapljdllodppana
Extension hhfiljkpjapjjphcocclhhaldpfkkjbi
Extension hhjmkijkgojfifipdgmiemghfikbohcm
Extension hhlgbfcfbkhlmajakkcjippgpcmejkko
Extension hhommgjjeekpmpcbdmfnhpchijdkgaei
Extension hilncbjbdpnfepdidfchmdclhpnlegpj
Extension himgjpdejpikenoibmolgmfblolpahno
Extension hjkhligcnpfjhjlapmejaiaiigibofif
Extension hjnigaibahdeadcdnpnommdehajodlhc
Extension hkbgccpdcpbdckohbknjlamamelcnlki
Extension hkjcejgfmaanpncnpoidgbhoikcaeepd
Extension hkjfdgjkgpbbdmadbglcgljjjddkcdha
Extension hmmoglffhpmacaacfbbmbbkcbdkjphnc
Extension hnbcdmfeoldeppcbnnjmjkdofohaljbn
Extension hncomkjbbkchfjelocejkbbflmjhlhfp
Extension hnipgljcblpgnnojcfldehpeknhakbgj
Extension hnkcpoijaeegompjgbjjhkdmljldaccg
Extension hnnebfeppcbhhbhiifeaajgcjnkljlld
Extension hnonhhpgjnjcjfbkjdpfbkfpaodcmncb
Extension hnpgphegniamplngojaffllhjahkgbfl
Extension hpcdoodjfcmpcpkeendjnjkeinimhkih
Extension hphibigbodkkohoglgfkddblldpfohjl
Extension hpibmhghjndideebpackbdlpncgkcppp
Extension iablioliielnhdianpbiijaoncbmfend
Extension ibnhidklhjoopebonemhliklfbhndjjd
Extension iccblehkchfmjgfafjcpjlkjcponhdhl
Extension icihfeaofpcfehanhbnjigdlpfahjlee
Extension idbdlnkdnaodonmgnimcfelpngbmcpjk
Extension iedogbkombgmapifenoojnmpcnjighfm
Extension iemfpgbdjfoihicbocpbjppipdbfimeh
Extension ifbkndkaolfbjjhnnhfmkbkoclpdkpli
Extension ifeijfpkjckedpclgncedmgdiaoeahmk
Extension igaajdmlejbjcbmpmnigopikfdaccdcm
Extension igbaoknfddliiaoimhehfbkfekpmmfll
Extension igghanohiioehififjoalfkdoicafjof
Extension iggjepemmdkieakihpomccndhdfcljdp
Extension igjhgaoajaccjllfkfffboldnmncmhoh
Extension igkdgkdiiolilocklmiolkpoohacojop
Extension ihnembcpodnfgkafmiojebccomjekopm
Extension iiiinekimabooeihccihfopoadcaaphn
Extension ijecjbcgpblkacpijljpaienknanaloa
Extension ijenlpgidnapbndonoinbkhekgjonojg
Extension ijjmbbddenkbenbcfldgghhjgjmcnioo
Extension ilhjicgcglhjigdehkcehjdokmkahbjl
Extension iljfgjkppapinhcgonhjnipfppfmfedh
Extension ilmknaabackgdbnkgbihgpgiopnlkjek
Extension imfbomjbodpfgfhfahlgkkcllmhbelhk
Extension imkffpjpdngdkpgadcmnlkhhmhdocijn
Extension inbhlfpapeikbbgpfionabkigakepbbm
Extension indfhnliadamglhalanplbajgenpjdml
Extension iobnpmeeecphddicmhhmdjbnlbdhjlne
Extension iomejadoamfilglofmeaffghddcgapmf
Extension jabpdgllijbnknhkgjideeajfofafckp
Extension jaejgaoiipdjjlbnapngknalafalbkej
Extension jafnimahlamccccjbkhjjpeiipiedpik
Extension janhdpmhnighonkkbkdpnljcoenpfkbh
Extension jaoiiahdoamhobamdkmcmielddmnelko
Extension jbfebbkjjmkcoldeaeelhpconkmgjhbg
Extension jbmbiepnidbnhbbfdbgioomdkgnbcacj
Extension jbnafcjbcfgejacaanogofkkehcomamp
Extension jcmipejepoimfflnoapdmkdephgjinck
Extension jddbdddmbfencninofcgnodekclofpaj
Extension jdiakcmbpmcnniggjcmcjknnklpdlogc
Extension jeehjhnmgohgpfpjneglogiholalkeip
Extension jfalnphfjdoalcdhlnhdpekbmmopkgkj
Extension jfhmafmjfdblceidmfdmoihamolaaeco
Extension jfjagidcpadkoaonbogmbgfimmnefeie
Extension jgdkappiifgomhgikcjbanhnmlekpeje
Extension jgmpapdckakiohhebmeoemejibommimi
Extension jgoljhcbgajhbhnchplgjdkknendhjnn
Extension jhhabiomopkibeecgngiggmopkeofacl
Extension jihmekmccilkocefjpejdebpapohlhjb
Extension jiiccolbjkhpgockodneljpejdeaaodf
Extension jindbcpkhnnnjgcjgmkjedbibibiojjf
Extension jiofcofpcbijcnlpekdkpmgjdppajbjb
Extension jjahldbngdicbnejidklgkienpkdcpba
Extension jjhackoobdibnnndjopfjldbjmohkpdk
Extension jjnkfllhcgkgnfbekpnmoikpfihpjfli
Extension jkihmglffmfjedfbpbpdbbimcodjbmdh
Extension jkkfmenldnihjkgnolhlakhaepomhoob
Extension jkmhalpofmlfeglboejbchpoijnkmcgh
Extension jljfnkmkkdkppfndippkedacgfkafped
Extension jmbkhogpjgjpfjhpdikloblkbkljkgao
Extension jmeanodbelbflfmnkfdjgpikmldgjjko
Extension jmifipgdcllamghkhdplfjffkciekbgo
Extension jnehbnhjkefckoljkcmjfgkkeejhipgi
Extension jokbafidjfknjbchmcakabjgdiiacgek
Extension jolgdmpdhloiienhblmiimamomhdphlk
Extension jpehgolpfgnknboibogccapmdcadjkbd
Extension jpeijjbllejgmokmahkeommcodahoobm
Extension jpgidahfcgiajlcbleeiaibpmmblcmnb
Extension jpiedgcdjigcoeagojmlokclbljokpon
Extension jpkdlckejfjidmplieobnhijmoiecbhl
Extension kbipembkfhbdmkkkfbigmohilmknjnof
Extension kbmkecfipofebpaikgifajmahdmadlnb
Extension kcanfkmhccbaheheaackijegkclkaeic
Extension kcfnnanmpghdnoompcfclakpacapnfbn
Extension kcgplbmkmfcpngilmhjmebdgkkpbdemp
Extension kcmnkpehkjhodoodchlmgnicaifckhdj
Extension kdchmeaiapjkejkcbeclgjklemecieeg
Extension kdcnnmifdmlmjffdgeieikcokcogpbej
Extension kdfahjokahcbmecgaandpobmgiiknagf
Extension kdicckonacionpoompfoopggkgimjpcb
Extension kdjhalklkkcmodeicjiaekcgifkcepaf
Extension kdpcgcpfnkolljkhgdbbgimplfkhakec
Extension keknhkokjnjhgpcofobpcbelddppeolp
Extension kelcbonmemlciepjdmfcifnhloeammhj
Extension kelljdoinjlkmkncffgadbebgpmlcang
Extension keoimpnicgbcjamfdgpcecihicnbmhej
Extension kffhenjbibjnbnjhlkcdlmpeccpaohio
Extension kfodnkhdfdgeaegehjjnkjkieloddelg
Extension kgbkdabomfdpfoibliicpmibceaoohgh
Extension kgbmmcjgkkecjcafigegjphkmkdpnggo
Extension kgdhnhadbnpeibkghaebmhmngobdafag
Extension kgdkcodealpfjolmiagcogfbgmaamegh
Extension kgdmldjagfciieddcnlhampgkajkpanc
Extension khgjomcpjblpoaipanicbfjfgcfbpegp
Extension kibgmcdcfmcglajcfbecilngejnfppjp
Extension kiipngoehgkgkackngaidmhmnchfbmio
Extension kincjchfokkeneeofpeefomkikfkiedl
Extension kinhljbhjmcmoddhdoodekeklmjapjff
Extension kkhejjmlcfbcleolhadhekjbcanoopna
Extension kkhomejdleoonmbdhcigkhkjcghngncf
Extension kkkeikdkpjenmoiicggnnodbkebafgpc
Extension kleaapgdkahaekcocmkbgfainbhihccj
Extension kljhmdlkclaglodecegamnpioaflmage
Extension kmlebjoghkhpapfhbdikannggmmffnco
Extension kojkdbedffnppdoalcfkkeelbhbklhgp
Extension kolbbghckjilleabphhgeggcgpfidofi
Extension kpbfifeiomkhocgkkffocfinoedcjebg
Extension laicaenbonaajhkmfhhbpiapobdieffm
Extension lambangeielkjcnmioccboaphdfcffib
Extension lbaddolhebpnhdcdkicpcflhnfamcemn
Extension lbcmmpmjjaockhkcofljpakjcbmjmgla
Extension lbficnmfealeidppcbgdcbemgfjodbkg
Extension lcbfjcekjncehfbcimlogajbekmoeblm
Extension lcccggoiffkhgfkefgbicjdgdnfpoihn
Extension lceaiepehinnomgijphkmjccbigkljkj
Extension lcfkojlnjnedeoepfemhdgkhiabkeadc
Extension lcmpleboacinanffcdgenhhbkboclkjb
Extension ldgfapfmnplpaohbbadnecegcpfkfall
Extension ldmoahefokhfelhpbgfjpelcdbahdofk
Extension leccghfplhenabeogpibljliijgapfgb
Extension lfechjkgjjijfjoandhakaghdeimjcod
Extension lfggokjjaanlfikbbapgnfemifmddalf
Extension lgalokbapphhklmilicdefmgbjkcmldf
Extension lgcnahanhlfpceencjmlehpfklokhojk
Extension lhajoamjgchgljkdjigcgmmcehjkagan
Extension lhgbajoidigcpmgbnnonllfkndhahmie
Extension likifpgnijjfbdegfepoalpamlgnfofi
Extension liomofjeffddiiccaolcnllbhnipbkhe
Extension ljcicfibknpmlcmcecddjlbgkejehhpa
Extension ljeihpebkahejeacdalhkhmckmggppif
Extension ljlppmpjdogefnanekncklkjgpnhpcpd
Extension ljmjoloiepllcndinchenhomcdcgbgef
Extension lkdimamelhbiijkiljlnedmhnnkkmlbl
Extension lkfdchejjogilmloogbbjlnlpbhgjfab
Extension lkhcbijhgfchgdmklonlobkfbcadbokg
Extension lljnngafekbnkpdfophmcdlbfebcbcld
Extension lmhdacagnmfmomeodbgmlghejdbmldge
Extension lnahlgmhpghkhmafjppdidhcoaomipfg
Extension lnbeebaenahmkbffnimghceldeeihfak
Extension lncjcfkpannmofmpgdfoonkniofdnaba
Extension lndempehphjoeimfchjflohpmhamiamf
Extension lnjgjionmhobdfdegbciceafphgemjnc
Extension lnlaeblencbjjjeaanegaldcjfekeled
Extension lodollblmkailkkdiijmoccefdfjohgk
Extension loggadfheaoeabmkgolecncpfdfioefa
Extension lojppnndedobolgfepahepphhloediji
Extension loldehkdjdncebfnncknlkdchjclifbn
Extension lookpbabilcplifjdeifacodednpacmk
Extension lpgiafapdmlapiokjnmpbbfkomiceoml
Extension lplmcpcnhpbffpcfiaddbeaplhhbengd
Extension maakimnachffhlgdhfomaejeeaikgjap
Extension mafccdbbhekjhemajjejkaidndokeena
Extension magllcifjcllaafcdplnajmobccbcdlo
Extension mamfageekafifnickhgkibkofcclfefe
Extension mandondadnlimicalgkbkaohmeopdojj
Extension mbifidpgmfiielflaipknojhpfcljmgo
Extension mbmdaiddhfoljplpdhohimgieioblfif
Extension mcbkimglepddodbiongpohpeidioafgk
Extension mcknnlhkkdbcppajgefagceglahcafjd
Extension mdiehnlecbjlppbpaaipmlnhhjgepfcg
Extension mdngbiejioalifclonjepjjfppmbgned
Extension megkcfpbmemnpkgadkoompnoajcolpni
Extension mfffdpnblflpobcnekhekiahepofaane
Extension mfgkkephjfnkggbmahehnjhdcmkioaff
Extension mfhfkclojmdocagbmecgcnlofppebebd
Extension mfncimdpmknolnnnccdmkpnpkaofonkc
Extension mfooalpniplhaaealemjpchkchmmgdko
Extension mgdgiplcofghdmpekdeeceolepakodcb
Extension mhbffdldpckobeihgebaamjalehefnia
Extension mhldlgmggplfkkjgpgjjpebflplpgekg
Extension mickhiflmjglhpdpfigpkpjiipfdlphj
Extension mikpklndmiopinkkmalgoophegfnmmfh
Extension mjalegijammcloleihdmooifidcjggjp
Extension mjgobkikdipfikmaoakdcdbicpioljgg
Extension mjhlngjakabhonjagnlimeicooahajpl
Extension mjolnadmlahbpepjaemohnkhpjkbhmef
Extension mknjbohhleiicbpagpgmhoaigbblmnic
Extension mkobblpffgbncfhijabakfafmkjdmmnm
Extension mlmegahemifabfmdnndafagnncfbnahn
Extension mlmmbepkgelpbenpobinockmiehdahai
Extension mlnndjkcclbekgoebkenkdgiggaomaed
Extension mlnoedbhndgbjcbeadjfnmjloejlgojk
Extension mmjodihhmnpkldljaifiajmlnpflfhpm
Extension mndoohjdoechinpkfbkolflbonciahfo
Extension mnhcgaghminpdabllkbkecahjfkdiabk
Extension mnichagcickblneeijmfnmoiakigmmhf
Extension mnllienogacopjnkmhgnniopjpgjpopp
Extension mogepbcllienegdibkfpmombhefhcoic
Extension mokdlfbphidpiopnlfejpcmadcbomckn
Extension mpcglemopeoeapmagdbeenepkdbajape
Extension mpgehpkneknbopplhmmkfijfiniddipf
Extension mplhbhmkccidaokcelbcbcmhhedebcng
Extension mplpabdbfbloeiboikmdbnggfnjbjmlh
Extension naopgnjebjeeedbbhcadkhkmeefmloho
Extension nbfcehkihbmpebblmfkihadebllgfmgl
Extension nbieffehfdniifkgdckbndjhojohbfjj
Extension nbjnehjmelkfjggedillcpjeelfnempb
Extension nckmikohoilfkcoahbjpbgbpegcjgngm
Extension ncpdanjmicnihdlijomcggnnekloephc
Extension ndhkiimgbjnendpcfbiadlifmangejoa
Extension ndiogongcmocdgjciemhagfhpjamehpe
Extension negkalblfongjbphdcbbhddlickhlamd
Extension nepfiodmbijheamafkiglonfkjebdjmf
Extension nfecfkjnlkbphobjbcnphimihniieehc
Extension nhbfbnmmdjkjahhfdeklgphihfodfgnb
Extension nhboiakpmibkbkbeehchlfkggmhphpnk
Extension nhkmojkfnknbbmhbnacjdlodokeophkl
Extension nhooocacdhkpbmoocdclodjlddcebfoe
Extension nibohffepnilngkecenfdgnokfhmnkod
Extension nidmbljkkcbdfklgdkklgjgmhejmbojn
Extension nidodbfomffkfabciljelkbdiabkeehe
Extension nifbebeekindefklojhchehidpikbjfc
Extension nihhbeikpchdddoillfdcdinnnnllmna
Extension nlefocohkhlgmjdhgkjgdodobmffjbod
Extension nlgapikcofpablcmfgaoodlhiejiehhh
Extension nloaaepkhcnmoakooihnefhhggbmemed
Extension nmgpbidjnaebdlbdbpjggenmbaolmfoi
Extension nmmnodocfckpoddcgihiihcdinaonckb
Extension nmphbnbmgfccfhcmibikmhcgajjpelpf
Extension nnioepmjbjjlflmdgjanlcmbjahljeeo
Extension nochkknnbahbhmmknnmdhagelcnfagom
Extension noefghcilkpcabnhhilojimkkjplhcnd
Extension npadaghbcdejfngcjpbnoikajdnongca
Extension npfpmgjnfcklmaipcffpjhapedmpjggj
Extension npolaghondefgiomhkbiiompikfjneep
Extension oafccdmmjdpialdmgenjfhijoondgncj
Extension oakhllhnbcpgagdafgbninlpjdemdmjk
Extension oanjogmonneelfpnfmdlalfddkeckdej
Extension obfnipbbnnhkbafmdbbfpgfgbjmmkgpm
Extension obgljnmbldahelaakfdbjkplokjoneip
Extension obhplmafmpmelgapjjbfhcdkicnhakhf
Extension oblicopoaionpjoapgjmmoncjadpdioh
Extension ochmdkhojipfibbplgpeeggeimnagcfd
Extension ocmhjnhildbnglmlfimkjnnfgddelacb
Extension ocnlnkjmfnolmbclblfhfhcakldceiec
Extension odeckaficnaplobiiaomegfbokokehhb
Extension odefpckfdnfkeandbeccopcpncnbkonn
Extension odnamglmogfldajnhkfodmloofeokcmm
Extension oebmjchahlpmalnjpeagiibojcbfmema
Extension oelhhkgiajkjfbccafjgggcpkbkjgpij
Extension oghphhcagopecifjblgdcfihjnlcbcfc
Extension ogjbodghhojomghbdfnlkppdagkfjede
Extension oidjdpbndkjhmhmgdoggibcjnippkcgo
Extension oilfokmpgejhjhecdjjpikloibggpenf
Extension oimplfccampifgkgndlamabnkcibkngc
Extension ojglppmhgfohhfeinlhklglifnbfebak
Extension ojmdhklabgbnnkkilmkcfcemdhognifc
Extension omceiakkomngangmllpgbjcoeloglald
Extension omnicnmbagoinlpamknknbcgopadcoci
Extension oncmkbmjpjlihkpbohlpmjghiiogmoie
Extension onfbaaifbbahonepmednhkjbhdgogkbl
Extension onjaecbdddgibdijafoemfiachlbcgkj
Extension onpnpccdagncipgnoofbhchlbajcjnkd
Extension oocfbmollajebjjpkahmlnclfhkjijea
Extension ookcgejbfhcmcanfkfmmmpahflnlajbl
Extension oomelpjfeldbopnleifpjibbpekflhlg
Extension opnnngnphijodjhemhdafpnnpdjggofe
Extension painakdmkedalbggbejpphgjikkmafhc
Extension pajgiddgjidlcajihkjoacjbplimkgfe
Extension pbdgmppmccanplobanhfkjndjkmmabgk
Extension pbekednmpdekknlffkiopooofokfmkla
Extension pbglijbamgmlcpnnpbfjkbdeheejjloj
Extension pbipaboekjdfhkfifpkofbfnpbnlolji
Extension pcaedgdgamlfffkfblocmakhgieggoak
Extension pcojpoljjgnicbhaffkiphphplijgbcc
Extension pdhjoamffhjhlkiiminjhmihalkfjaee
Extension peahabnpipmmfiajjjhgfggbeigbmbgp
Extension peiijdmlgbelnnmnkighhkpeihmmamio
Extension pfaooklcbjnkgconjjepimkohgcjmdji
Extension pfcelnbmkeoaeicedjomcjkcammlkdbk
Extension pfckhplmfbblecglndaigpojefidapai
Extension pfgmgcnbngcnhjddppmnloflcidemopc
Extension pfhlnanelpgjbhndafjamnpfhkjadoip
Extension pfoiaildicnbcjojocjlpcibenphhbln
Extension pfonklmafadkmcedjlodommcoipgbcde
Extension pgelifedkjaohmjehecojkfldinjlamn
Extension pgjpnfpidejcmjibaaohcmehfohacckf
Extension pgkcfihepeihdlfphbndagmompiakeci
Extension pgldfhecfiofkhnbgcncepnkjkeoahlk
Extension pgmfkblbflahhponhjmkcnpjinenhlnc
Extension pgmpnhbchhaningbkefchpdalnimjijd
Extension phkpgooenaonkpnabopdbjjfmphclela
Extension pihcfdffalbcnmbghijdfcaanagapelf
Extension pjdhkkcnlbfebiokpeghfffajaabahfo
Extension pjgbfgdpkbfimabdalhjmmeeelbmkcac
Extension pjloefkigphblpjminnlpbhjchjafcfc
Extension pkbbbncikcipejaiiiioboongndhmjgl
Extension pkbkgagehkkoajkpgnmjegibihpalfdk
Extension pkbkkendemaimikinaefldfljliecapm
Extension pkcbihpffghlanbclfmkegjmbijcpobj
Extension pkdlpbfmpolnhligegklimbccminkioc
Extension pkhidkonipdjidjglnkfcfhnkfnlefbk
Extension plfijddblbcdcnammpdmfccchkbdekmm
Extension pmbjemmaclljifpmnlagkcgpbcipdldb
Extension pnaaalnkbgjaphhmahecamecmaldknkc
Extension pnaiiipilbpcceggeanphcpkkihnojan
Extension pndadpldhngimdmhnajebjldbmcbpjol
Extension pnnbdjcjeiobikdfikegpclkcimgafpp
Extension pnpfkfanlgljpkpilhgiimfadggfmhcd
Extension pnpgiaejfbdapllkchhgchjpdbcpiooa
Extension pobponmhkpmphbnfhpjdagklbkmjhked
Extension ppmfajacidhcjbddpgmcmigffpppcadd
Plugin 11,0,1,152 Shockwave Flash C:\Users\Recepce\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll
Plugin 10.1.0.534 Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
Plugin Remoting Viewer internal-remoting-viewer
Plugin Native Client C:\Users\Recepce\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
Plugin Chrome PDF Viewer C:\Users\Recepce\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll
Plugin 1 Default Plug-in default_plugin
Homepage: http://www.booking.com/hotelaccess
default_search_provider.search_url: http://www.bing.com/search?setmkt=cs-CZ&q={searchTerms}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-08 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-08 186944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [2012-06-12 5708432]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2016-05-03 415200]
"USB3MON"=C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-21 291648]
"egui"=C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [2012-07-04 3154464]
"Network Configuration"=c:\Program Files\Okidata\ActKey\Network Configuration.exe [2011-10-20 723936]
"ST7501 Service Control"=C:\Program Files\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe [2013-07-26 2638848]
"ST7501"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIKTE.EXE [2013-09-12 261696]
"OneDrive"=C:\Users\Recepce\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-03-02 1518304]
"nhLOqKrahma"=C:\Users\Recepce\AppData\Roaming\Oracle\bin\javaw.exe [2013-07-09 175016]
"firefox.ddl.jar"=C:\Users\Recepce\AppData\Roaming\Oracle\bin\javaw.exe [2013-07-09 175016]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Users\Recepce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sit.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-03-12 06:07:06 ----D---- C:\rsit
2017-03-12 06:07:06 ----D---- C:\Program Files\trend micro
2017-03-02 04:12:24 ----ASH---- C:\swapfile.sys
2017-02-26 06:40:20 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2017-02-26 06:40:20 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2017-02-26 06:40:20 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2017-02-26 06:40:20 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2017-02-26 06:40:20 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2017-02-26 06:40:19 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2017-02-26 06:40:18 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2017-02-26 06:40:18 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2017-02-26 06:40:18 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2017-02-26 06:40:18 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2017-02-26 06:40:18 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2017-02-26 06:40:18 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2017-02-26 06:40:17 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2017-02-26 06:40:16 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2017-02-26 06:40:15 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2017-02-26 06:40:15 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2017-02-26 06:40:15 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2017-02-26 06:40:15 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2017-02-26 06:40:14 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2017-02-26 06:40:14 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2017-02-26 06:40:14 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2017-02-26 06:40:13 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2017-02-26 06:40:13 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2017-02-26 06:40:13 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2017-02-26 06:40:13 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2017-02-26 06:40:13 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2017-02-26 06:40:13 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2017-02-26 06:40:12 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2017-02-26 06:40:12 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2017-02-26 06:40:12 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2017-02-26 06:40:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2017-02-26 06:40:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2017-02-26 06:40:11 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2017-02-26 06:40:11 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2017-02-26 06:40:11 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2017-02-26 06:40:10 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2017-02-26 06:40:09 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2017-02-26 06:40:09 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2017-02-26 06:40:09 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2017-02-26 06:40:09 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2017-02-26 06:40:08 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2017-02-26 06:40:08 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2017-02-26 06:40:08 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2017-02-26 06:40:08 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2017-02-26 06:40:07 ----A---- C:\WINDOWS\system32\d3dx10.dll
2017-02-26 06:40:06 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2017-02-26 06:40:06 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2017-02-26 06:40:06 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2017-02-26 06:40:06 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2017-02-26 06:40:06 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2017-02-26 06:40:05 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2017-02-26 06:40:05 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2017-02-26 06:40:05 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2017-02-26 06:40:05 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2017-02-26 06:40:00 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2017-02-26 06:40:00 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2017-02-26 06:40:00 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2017-02-26 06:40:00 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2017-02-26 06:39:59 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2017-02-26 06:39:59 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2017-02-26 06:39:59 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2017-02-26 06:39:59 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2017-02-26 06:39:58 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
======List of files/folders modified in the last 1 month======
2017-03-12 06:07:06 ----RD---- C:\Program Files
2017-03-12 06:06:59 ----D---- C:\WINDOWS\Temp
2017-03-12 06:00:44 ----D---- C:\WINDOWS\Prefetch
2017-03-12 05:17:16 ----D---- C:\WINDOWS\system32\sru
2017-03-12 04:20:10 ----RD---- C:\WINDOWS\Microsoft.NET
2017-03-12 04:06:02 ----D---- C:\WINDOWS\system32\SleepStudy
2017-03-12 00:00:04 ----D---- C:\recording
2017-03-11 22:34:02 ----AD---- C:\Battle.net
2017-03-11 18:13:28 ----AD---- C:\Hearthstone
2017-03-11 17:57:31 ----HD---- C:\Program Files\WindowsApps
2017-03-11 17:57:31 ----D---- C:\WINDOWS\AppReadiness
2017-03-11 03:12:55 ----D---- C:\WINDOWS\system32\config
2017-03-05 06:05:56 ----SHD---- C:\System Volume Information
2017-03-02 15:20:42 ----D---- C:\WINDOWS\system32\Tasks
2017-03-02 04:08:31 ----HD---- C:\Config.Msi
2017-03-01 04:18:29 ----SHD---- C:\WINDOWS\Installer
2017-03-01 04:17:48 ----AD---- C:\WINDOWS\System32
2017-02-27 18:48:12 ----D---- C:\Users\Recepce\AppData\Roaming\Battle.net
2017-02-26 06:40:05 ----RSD---- C:\WINDOWS\assembly
2017-02-23 22:15:48 ----D---- C:\WINDOWS\system32\MRT
2017-02-23 22:11:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-02-23 22:11:00 ----D---- C:\WINDOWS\system32\catroot2
2017-02-23 13:25:56 ----D---- C:\WINDOWS\system32\drivers\UMDF
2017-02-23 13:17:07 ----D---- C:\WINDOWS\INF
2017-02-22 04:45:22 ----D---- C:\WINDOWS\WinSxS
2017-02-22 04:37:34 ----D---- C:\WINDOWS\CbsTemp
File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 42336]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2012-07-10 172704]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-03-29 123760]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 58368]
R2 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2012-03-29 106720]
R2 RtNdPt60;@oem16.inf,%NDISPROT_Desc%;Realtek NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\RtNdPt60.sys [2011-06-16 33056]
R3 iwdbus;@oem31.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 35320]
R3 MEI;@oem20.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECI.sys [2012-07-17 55104]
R3 rt640x86;@rt640x86.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x86.sys [2016-07-16 494080]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 56672]
S2 Parvdm;Parvdm; C:\WINDOWS\System32\drivers\parvdm.sys [2016-07-16 9216]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 12800]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 12288]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpio.sys [2016-07-16 22016]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 25600]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2c.sys [2016-07-16 61936]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 30208]
S3 intaud_WaveExtensible;@oem4.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 44016]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 94720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 62976]
S3 RTTEAMPT;@oem10.inf,%RTTEAMPT_Desc%;Realtek Teaming Protocol Driver (NDIS 6.2); C:\WINDOWS\system32\DRIVERS\RtTeam60.sys [2011-06-16 40736]
S3 RTVLANPT;@oem2.inf,%RTVLANPT_Desc%;Realtek Vlan Protocol Driver (NDIS 6.2); C:\WINDOWS\system32\DRIVERS\RtVlan620.sys []
S3 StillCam;@sti.inf,%StillCam.SvcDesc%;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2016-07-16 9216]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2); C:\WINDOWS\system32\DRIVERS\RtTeam60.sys [2011-06-16 40736]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 76800]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPUserSvc_570ee;CDPUserSvc_570ee; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [2012-07-04 999704]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe -k HPService;"ServiceDll"=C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-05-03 292832]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZinw12.dll
R2 OneSyncSvc_570ee;Hostitel synchronizace_570ee; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe -k HPZ12;"ServiceDll"=C:\Windows\system32\HPZipm12.dll
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 ST7501 Uranus Watch Dog;ST7501 Uranus Watch Dog; C:\Program Files\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe [2013-07-26 288664]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [2012-07-04 31056]
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [2012-07-04 183944]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_570ee;Služba zasílání zpráv_570ee; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-27 172488]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PimIndexMaintenanceSvc_570ee;Data kontaktů_570ee; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S3 UnistoreSvc_570ee;Úložiště uživatelských dat_570ee; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 UserDataSvc_570ee;Přístup k uživatelským datům_570ee; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejspis ransomware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119516
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejspis ransomware
Zdravím!
PC vám můžeme odvirovat, ale dekrypt neřešíme. K tomu je třeba přímý přístup do PC a to nemáme právně ošetřeno. Můžete zkusit u kolegů zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Pokud to půjde dekryptovat, pomohou vám. Jinak jsou data ztracena. Spusťte tuto utilitu:
PC vám můžeme odvirovat, ale dekrypt neřešíme. K tomu je třeba přímý přístup do PC a to nemáme právně ošetřeno. Můžete zkusit u kolegů zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Pokud to půjde dekryptovat, pomohou vám. Jinak jsou data ztracena. Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejspis ransomware
No, koukal na to nas IT guy, a diky bohu nahodil zalohu z patku. A z toho co jsem pochopil tak to infikovalo jen server. Jinak log vypada asi v pohode.
# AdwCleaner v6.044 - Log vytvořen 12/03/2017 v 20:10:31
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-12.1 [Místní]
# Operační systém : Windows 10 Home (X86)
# Uživatelské jméno : Recepce - RECEPCE-PC
# Spuštěno z : C:\Users\Recepce\Desktop\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [810 Bajty] - [12/03/2017 20:10:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1379 Bajty] - [12/03/2017 20:08:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [1454 Bajty] - [12/03/2017 20:10:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1028 Bajty] ##########
# AdwCleaner v6.044 - Log vytvořen 12/03/2017 v 20:10:31
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-12.1 [Místní]
# Operační systém : Windows 10 Home (X86)
# Uživatelské jméno : Recepce - RECEPCE-PC
# Spuštěno z : C:\Users\Recepce\Desktop\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [810 Bajty] - [12/03/2017 20:10:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1379 Bajty] - [12/03/2017 20:08:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [1454 Bajty] - [12/03/2017 20:10:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1028 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119516
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejspis ransomware
Jj. Tohle je OK. Mohou už tam být jen nějaké zbytečnosti. Pokud je chcete odstranit, musíte dát log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . V desítkách nemohu mazat z RSIT pro riziko poškození systému.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?