Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan at 2014-08-17 15:13:47
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 388 GB (83%) free of 467 GB
Total RAM: 4008 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:13:59, on 17.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Jan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/1start.roboform.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InternetPanelBHO - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SDBB.tmp" /EF "HKCU"
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [mncevcgbgSrv] C:\Windows\system32\mncevcgbg.vbe
O4 - HKLM\..\Run: [mncdmdlSrv] C:\Windows\system32\mncdmdl.vbe
O4 - HKLM\..\Run: [mncowkgoSrv] C:\Windows\inf\mncowkgo.vbe
O4 - HKLM\..\Run: [mncebivqbSrv] C:\Windows\inf\mncebivqb.vbe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKLM\..\Run: [mncxwosmSrv] C:\Windows\system32\mncxwosm.vbe
O4 - HKLM\..\Run: [mncgnootkSrv] C:\Windows\system32\mncgnootk.vbe
O4 - HKLM\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [mncfuxsdtSrv] C:\Windows\system32\mncfuxsdt.vbe
O4 - HKLM\..\Run: [mncnkdxpSrv] C:\Windows\inf\mncnkdxp.vbe
O4 - HKLM\..\Run: [mncrhakijSrv] C:\Windows\inf\mncrhakij.vbe
O4 - HKLM\..\Run: [mncejfiekSrv] C:\Windows\system32\mncejfiek.vbe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Nezapomen] C:\Program Files (x86)\Nezapomen\nezapomen.exe 41868
O4 - HKCU\..\Run: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKCU\..\Run: [f.lux] "C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Windows] C:\Users\Public\Windows\game.vbs
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsažené FLV video - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Lišta úloh - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Ikona RoboForm na liště úloh - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - Unknown owner - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14551 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\PrintCtrl.exe
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Serviio\bin\ServiioService.exe"
"C:\Program Files\Serviio\bin\ServiioService.exe" Serviio __i4j_restart
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
WLIDSvcM.exe 2820
"C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe"
"C:\Program Files\Serviio\bin\ServiioConsole.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
"C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe"
"C:\Program Files\Internet Download Manager\IEMonitor.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
"C:\Windows\Explorer.EXE"
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
\??\C:\Windows\system32\conhost.exe "1776514308-19958703912069139680-1690122166-243430321-289658907-240043068-203079355
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\Jan\Downloads\Programs\RSITx64.exe"
C:\Windows\system32\sppsvc.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Norton Security Scan for Jan.job - C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe /scan-quick /scheduled
C:\Windows\tasks\SpyHunter4.job - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe -scan
=========Mozilla firefox=========
ProfilePath - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/AuthorwarePlayer]
"Description"=Adobe Authorware Player
"Path"=C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{ada4b710-8346-4b82-8199-5de2b400a6ae}
C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\searchplugins\
hledejcenycz.xml
yahoo_ff.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC64.dll [2012-12-14 393688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B28B3C1-3E43-BDE6-615C-9887EF5347D8}]
Adblocker - C:\Program Files (x86)\Adblocker\gsuIkDe5y.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-07-27 2471744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-06-21 25395416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-18 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-18 211368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F804824F-C6B7-88B3-63F3-0CAF79595B6C}]
priccechoop - C:\Program Files (x86)\priccechoop\YbNEY7B.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2012-12-14 360408]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
RoboForm Toolbar Helper - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-06-21 19436248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
Internet Panel - C:\Program Files\NetSoftware\IEHelper.dll [2014-07-17 508912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-06-21 25395416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-06-21 19436248]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-06-04 13672152]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-08-21 519504]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-05-15 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-05-15 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-05-15 442352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"Nezapomen"=C:\Program Files (x86)\Nezapomen\nezapomen.exe [2001-06-30 457216]
"ISUSPM Startup"=c:\progra~2\common~1\instal~1\update~1\isuspm.exe [2004-06-16 221184]
"f.lux"=C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-16 1016712]
"Display Stix - System tray"=C:\Program Files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe [2004-01-12 241664]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2012-12-15 3541008]
"Windows"=C:\Users\Public\Windows\game.vbs [2014-06-30 77]
"RoboForm"=C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-06-21 109784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files (x86)\daemon tools lite\dtlite.exe [2013-10-28 3675352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printsrv]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
[]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"EPSON SX218 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE [2009-09-14 224768]
"Bonus.SSR.FR11"=C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-08-31 925960]
"mncevcgbgSrv"=C:\Windows\system32\mncevcgbg.vbe []
"mncdmdlSrv"=C:\Windows\system32\mncdmdl.vbe []
"mncowkgoSrv"=C:\Windows\inf\mncowkgo.vbe [2014-01-19 1342]
"mncebivqbSrv"=C:\Windows\inf\mncebivqb.vbe [2014-01-19 1342]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2013-09-20 7801088]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-01-10 1105328]
"Family Tree Builder Update"=C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2013-11-12 2532864]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE []
"mncxwosmSrv"=C:\Windows\system32\mncxwosm.vbe []
"mncgnootkSrv"=C:\Windows\system32\mncgnootk.vbe []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2014-05-26 218112]
"mncfuxsdtSrv"=C:\Windows\system32\mncfuxsdt.vbe []
"mncnkdxpSrv"=C:\Windows\inf\mncnkdxp.vbe [2014-01-19 1342]
"mncrhakijSrv"=C:\Windows\inf\mncrhakij.vbe [2014-01-13 1338]
"mncejfiekSrv"=C:\Windows\system32\mncejfiek.vbe []
C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-05-15 442880]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2014-08-17 10:51:07 ----D---- C:\Users\Jan\AppData\Roaming\XBMC
2014-08-17 10:49:29 ----D---- C:\Program Files (x86)\XBMC
2014-08-16 11:55:59 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 22:58:59 ----D---- C:\Program Files (x86)\Seznam.cz
2014-08-15 22:49:49 ----D---- C:\Program Files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 22:42:42 ----D---- C:\Program Files (x86)\Company
2014-08-15 13:37:05 ----D---- C:\Program Files (x86)\EZCast
2014-08-14 22:56:54 ----D---- C:\The KMPlayer
2014-08-13 19:38:07 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-13 19:38:07 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-13 19:38:07 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-13 19:38:07 ----A---- C:\Windows\system32\icardagt.exe
2014-08-13 19:38:05 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-13 19:38:05 ----A---- C:\Windows\system32\icardres.dll
2014-08-13 19:37:51 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-13 19:37:51 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:25:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 17:25:07 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 17:25:03 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 17:25:03 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 17:25:03 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 17:25:03 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 17:25:03 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 17:25:02 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 17:25:02 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 17:25:02 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 17:25:02 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 17:25:02 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 17:24:59 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 17:24:59 ----A---- C:\Windows\system32\msi.dll
2014-08-13 17:24:58 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 17:24:58 ----A---- C:\Windows\system32\consent.exe
2014-08-13 17:24:58 ----A---- C:\Windows\system32\authui.dll
2014-08-13 17:24:57 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 17:24:57 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 17:24:54 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 17:24:53 ----A---- C:\Windows\system32\win32k.sys
2014-08-13 17:24:52 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-13 17:24:52 ----A---- C:\Windows\system32\gdi32.dll
2014-08-13 17:24:51 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 17:24:50 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 17:24:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-13 17:24:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-13 17:24:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-08-13 17:24:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-13 17:24:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-08-13 17:24:44 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-13 17:24:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-13 17:24:44 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-13 17:24:44 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-13 17:24:44 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 17:24:44 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-13 17:24:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-13 17:24:43 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-13 17:24:43 ----A---- C:\Windows\system32\iernonce.dll
2014-08-13 17:24:43 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-13 17:24:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-13 17:24:42 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-13 17:24:42 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-13 17:24:42 ----A---- C:\Windows\system32\urlmon.dll
2014-08-13 17:24:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 17:24:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-13 17:24:42 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-13 17:24:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-08-13 17:24:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-13 17:24:41 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-13 17:24:41 ----A---- C:\Windows\system32\iesetup.dll
2014-08-13 17:24:40 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-08-13 17:24:40 ----A---- C:\Windows\system32\iertutil.dll
2014-08-13 17:24:40 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-13 17:24:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-13 17:24:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-13 17:24:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-13 17:24:39 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-08-13 17:24:39 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-08-13 17:24:38 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-13 17:24:38 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-08-13 17:24:38 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-13 17:24:35 ----A---- C:\Windows\system32\ieui.dll
2014-08-13 17:24:35 ----A---- C:\Windows\system32\ieframe.dll
2014-08-13 17:24:35 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-13 17:24:34 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-13 17:24:34 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-13 17:24:33 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-13 17:24:33 ----A---- C:\Windows\system32\jscript9.dll
2014-08-13 17:24:33 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-13 17:24:32 ----A---- C:\Windows\system32\wininet.dll
2014-08-13 17:24:32 ----A---- C:\Windows\system32\vbscript.dll
2014-08-13 17:24:32 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-13 17:24:30 ----A---- C:\Windows\system32\msrating.dll
2014-08-13 17:24:30 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-13 17:24:29 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 17:24:29 ----A---- C:\Windows\system32\mshtml.dll
2014-08-13 17:23:59 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 17:23:55 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-13 17:23:54 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 17:23:53 ----A---- C:\Windows\system32\aeinv.dll
2014-08-11 17:24:42 ----A---- C:\Windows\SYSWOW64\GameLauncher_x64.exe
2014-08-10 17:27:04 ----D---- C:\DreamWorldCache
2014-08-08 19:20:39 ----D---- C:\ProgramData\EZDisplay
2014-08-04 14:55:10 ----D---- C:\Users\Jan\AppData\Roaming\EZDownloader
2014-08-04 14:53:54 ----A---- C:\Users\Jan\AppData\Roaming\regsvr32.exe_log.txt
2014-08-04 14:53:54 ----A---- C:\Users\Jan\AppData\Roaming\LiveSupport.exe_log.txt
2014-08-04 14:53:24 ----D---- C:\ProgramData\FreshApp installer
2014-08-04 14:52:44 ----D---- C:\ProgramData\Adblocker
2014-08-04 14:52:27 ----D---- C:\ProgramData\priccechoop
2014-08-04 14:52:18 ----D---- C:\ProgramData\a60376ee488b6b69
2014-08-03 12:34:04 ----A---- C:\Windows\SYSWOW64\3.9.0.126_20140723022507.exe
2014-08-01 09:06:28 ----A---- C:\Windows\system32\wups2.dll
2014-08-01 09:06:27 ----A---- C:\Windows\system32\wucltux.dll
2014-08-01 09:06:27 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-01 09:06:26 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-01 09:06:00 ----A---- C:\Windows\system32\wups.dll
2014-08-01 09:06:00 ----A---- C:\Windows\system32\wudriver.dll
2014-08-01 09:05:59 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-01 09:05:59 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-01 09:05:59 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-01 09:05:59 ----A---- C:\Windows\system32\wuapi.dll
2014-08-01 09:05:15 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-01 09:05:15 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-01 09:05:15 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-01 09:05:14 ----A---- C:\Windows\system32\wuapp.exe
2014-07-31 18:23:18 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2014-07-31 12:30:45 ----D---- C:\Users\Jan\AppData\Roaming\Mobogenie
2014-07-29 21:48:29 ----D---- C:\Users\Jan\AppData\Roaming\HighAndes
2014-07-29 21:48:29 ----D---- C:\ProgramData\HighAndes
2014-07-28 16:37:27 ----D---- C:\Users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 16:36:57 ----A---- C:\Windows\system32\drivers\TotRec8.sys
2014-07-28 16:35:52 ----D---- C:\Program Files (x86)\HighCriteria
2014-07-28 13:45:16 ----D---- C:\Program Files (x86)\Microsoft Office
2014-07-28 13:28:00 ----D---- C:\Program Files (x86)\OpenOffice 4
2014-07-28 12:16:06 ----A---- C:\vgaexte.dat
2014-07-28 11:34:01 ----D---- C:\Users\Jan\AppData\Roaming\update_tc
2014-07-28 11:25:50 ----AS---- C:\Windows\SYSWOW64\nircmdc.exe
2014-07-27 22:29:41 ----D---- C:\Users\Jan\AppData\Roaming\SimilarAddon
2014-07-27 22:00:47 ----D---- C:\Users\Jan\AppData\Roaming\Xilisoft
2014-07-27 22:00:47 ----D---- C:\Program Files (x86)\Xilisoft
2014-07-27 18:38:33 ----D---- C:\Users\Jan\AppData\Roaming\dlg
2014-07-26 18:59:38 ----D---- C:\Program Files (x86)\GreenTree Applications
2014-07-26 18:52:13 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-07-26 17:17:11 ----D---- C:\ProgramData\YTD Video Downloader
2014-07-24 17:30:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-07-23 13:20:53 ----D---- C:\Users\Jan\AppData\Roaming\The Bat!
2014-07-21 14:09:55 ----D---- C:\Program Files (x86)\FastShare
2014-07-20 14:37:10 ----D---- C:\ProgramData\NetSoftware
======List of files/folders modified in the last 1 month======
2014-08-17 15:13:59 ----D---- C:\Windows\Prefetch
2014-08-17 15:13:50 ----D---- C:\Program Files\trend micro
2014-08-17 15:05:50 ----D---- C:\Windows\Temp
2014-08-17 15:04:47 ----A---- C:\Windows\ntbtlog.txt
2014-08-17 15:03:52 ----D---- C:\Program Files\NetSoftware
2014-08-17 12:50:41 ----D---- C:\Windows\system32\config
2014-08-17 12:50:32 ----D---- C:\Users\Jan\AppData\Roaming\DMCache
2014-08-17 10:50:37 ----SHD---- C:\Windows\Installer
2014-08-17 10:50:37 ----SHD---- C:\Config.Msi
2014-08-17 10:50:18 ----SHD---- C:\System Volume Information
2014-08-17 10:49:29 ----D---- C:\Program Files (x86)
2014-08-17 02:31:00 ----D---- C:\Temp
2014-08-16 19:23:49 ----D---- C:\Windows
2014-08-16 19:23:32 ----RSD---- C:\Windows\Fonts
2014-08-16 18:50:20 ----D---- C:\Users\Jan\AppData\Roaming\Seznam.cz
2014-08-16 16:04:29 ----D---- C:\Downloads
2014-08-16 15:31:29 ----AD---- C:\Windows\SysWOW64
2014-08-16 15:22:06 ----D---- C:\Windows\inf
2014-08-16 15:22:06 ----AD---- C:\Windows\System32
2014-08-16 15:22:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-16 14:17:34 ----RD---- C:\Program Files
2014-08-16 12:59:23 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 12:59:23 ----D---- C:\mbar
2014-08-16 11:55:59 ----AD---- C:\Windows\system32\drivers
2014-08-15 23:31:18 ----D---- C:\Program Files\Internet Download Manager
2014-08-15 22:47:49 ----D---- C:\Users\Jan\AppData\Roaming\IDM
2014-08-14 17:53:12 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-14 11:53:36 ----D---- C:\Windows\rescache
2014-08-14 10:21:11 ----D---- C:\Windows\Microsoft.NET
2014-08-14 10:20:18 ----RSD---- C:\Windows\assembly
2014-08-13 21:03:27 ----D---- C:\Windows\winsxs
2014-08-13 20:59:44 ----D---- C:\Windows\ehome
2014-08-13 20:59:34 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-13 20:59:34 ----D---- C:\Windows\system32\cs-CZ
2014-08-13 20:59:32 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-13 20:59:32 ----D---- C:\Windows\PolicyDefinitions
2014-08-13 20:59:32 ----D---- C:\Program Files\Internet Explorer
2014-08-13 20:59:31 ----D---- C:\Windows\system32\en-US
2014-08-13 19:51:32 ----D---- C:\Windows\system32\catroot2
2014-08-13 19:51:32 ----D---- C:\Windows\system32\catroot
2014-08-13 19:48:04 ----D---- C:\Windows\system32\MRT
2014-08-13 19:43:23 ----A---- C:\Windows\system32\MRT.exe
2014-08-13 19:37:11 ----SD---- C:\Windows\system32\CompatTel
2014-08-13 19:29:30 ----D---- C:\Windows\system32\Tasks
2014-08-12 21:55:27 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-11 16:30:34 ----D---- C:\Program Files (x86)\Common Files
2014-08-11 16:23:52 ----D---- C:\ProgramData\ProductData
2014-08-09 14:14:58 ----HD---- C:\ProgramData
2014-08-06 13:06:03 ----D---- C:\Users\Jan\AppData\Roaming\Czechcrowncoin
2014-08-04 16:08:03 ----D---- C:\Windows\Tasks
2014-08-04 15:30:00 ----D---- C:\Program Files (x86)\Google
2014-08-04 14:54:05 ----D---- C:\ProgramData\InstallMate
2014-08-04 14:52:17 ----D---- C:\Users
2014-08-03 13:36:34 ----D---- C:\Windows\system
2014-08-03 13:33:17 ----D---- C:\WCH.CN
2014-08-03 13:31:46 ----D---- C:\Windows\system32\DriverStore
2014-07-28 15:11:11 ----D---- C:\ProgramData\Microsoft Help
2014-07-28 15:11:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-07-28 15:10:56 ----D---- C:\Program Files\Common Files
2014-07-28 14:29:48 ----SD---- C:\Users\Jan\AppData\Roaming\Microsoft
2014-07-28 14:17:04 ----D---- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2014-07-28 13:49:58 ----D---- C:\Windows\ShellNew
2014-07-28 13:49:29 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-07-28 11:35:31 ----D---- C:\Windows\Minidump
2014-07-28 11:27:20 ----D---- C:\Windows\SYSWOW64\bitstreams
2014-07-27 18:59:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-07-27 18:43:10 ----D---- C:\Program Files (x86)\IObit
2014-07-27 18:36:28 ----D---- C:\Windows\AppPatch
2014-07-26 20:33:27 ----D---- C:\Extracted
2014-07-26 18:53:31 ----D---- C:\AdwCleaner
2014-07-26 18:52:54 ----D---- C:\Users\Jan\AppData\Roaming\IObit
2014-07-26 18:52:52 ----D---- C:\ProgramData\IObit
2014-07-25 10:48:44 ----D---- C:\Program Files\Microsoft Silverlight
2014-07-25 10:48:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 10:48:40 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-07-20 14:35:59 ----D---- C:\Windows\system32\wfp
2014-07-20 14:35:56 ----D---- C:\Windows\system32\wbem
2014-07-20 14:35:13 ----D---- C:\Windows\system32\CodeIntegrity
2014-07-20 14:35:12 ----D---- C:\Users\Jan\AppData\Roaming\Feedreader
2014-07-20 14:35:12 ----D---- C:\Program Files (x86)\RocketDock
2014-07-20 14:35:12 ----D---- C:\Program Files (x86)\Nezapomen
2014-07-20 14:35:11 ----D---- C:\Windows\registration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-08-22 192824]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-08-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-08-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-08-01 31544]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2014-05-14 116000]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-07-10 667496]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-07-10 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 20464]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-12-23 69376]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 21184]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2014-04-09 269600]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-02-07 381440]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2014-05-14 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2014-05-14 183224]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2014-05-14 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2014-05-14 117024]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-08-01 147768]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-08-22 241464]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-08-22 212280]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-06-22 486192]
R1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [2012-05-10 55384]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-10-15 251664]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-10-15 126736]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2014-05-14 367200]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-02-07 283064]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-05-15 5363520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-06-04 3962840]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-04-20 100312]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-04-12 2431792]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2014-03-25 271064]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-04-20 901848]
R3 subvgaproduct64;subvgaproduct64; C:\Windows\system32\DRIVERS\subvga64.sys [2014-04-09 5120]
R3 TotRec7;Total Recorder WDM audio driver; C:\Windows\system32\drivers\TotRec7.sys [2009-10-20 183888]
R3 TotRec8;Total Recorder WDM audio filter driver; \??\C:\Windows\system32\drivers\TotRec8.sys [2009-10-20 121424]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 esgiguard;esgiguard; C:\Windows\system32\drivers\esgiguard.sys []
S3 gwiopm;gwiopm; C:\Windows\system32\drivers\gwiopm.sys []
S3 CH341SER_A64;CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [2011-11-04 58368]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2012-02-15 164864]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; C:\Windows\system32\drivers\Lavasoft Kernexplorer.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 PQAWRwa;PQAWRwa; C:\Windows\system32\drivers\PQAWRwa.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys []
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys []
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2013-10-25 167936]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-06-21 42184]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2014-05-14 1464096]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; C:\Windows\system32\drivers\TuneUpUtilitiesDrv.sys []
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-10-15 140560]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2013-07-04 106256]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys []
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-09-30 36568]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-08-21 1144688]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-05-14 3869688]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2011-01-03 77824]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-08-08 390672]
R2 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2014-03-21 359936]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-09-02 9742080]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe []
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-07-27 2175264]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-12 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-05-15 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-10-15 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-24 119408]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736]
S4 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S4 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o preventivní kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosím o preventivní kontrolu
Zdravim 
To nebude preventivka, mate tam docela solidni sbirku - nekomu tezite bitcointy
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
To nebude preventivka, mate tam docela solidni sbirku - nekomu tezite bitcointy Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
elzad
Re: prosím o preventivní kontrolu
To nebude preventivka, mate tam docela solidni sbirku - nekomu tezite bitcointy.
Nejasně vím co jsou bitcointy, ale nevím ani jak se s nimi dělá, a že bych někomu těžil? Ani nevím jak se to dělá.
Nejasně vím co jsou bitcointy, ale nevím ani jak se s nimi dělá, a že bych někomu těžil? Ani nevím jak se to dělá.
Re: prosím o preventivní kontrolu
No zjednodusene receno, nekdy zneuziva Vase PC pro sve ucely a vydelky - coz predpokladam ze asi nechcete...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
elzad
Re: prosím o preventivní kontrolu
Podílám log Rkill:
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/17/2014 08:10:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\PrintCtrl.exe (PID: 2216) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!
Performing miscellaneous checks:
* ALERT: ZEROACCESS Reparse Point/Junction found!
* C:\Program Files\Windows Defender\cs-CZ => c:\windows\system32\config\ [Dir]
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
20 out of 15531 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 08/17/2014 08:12:38 PM
Execution time: 0 hours(s), 2 minute(s), and 10 seconds(s)
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/17/2014 08:10:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\PrintCtrl.exe (PID: 2216) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!
Performing miscellaneous checks:
* ALERT: ZEROACCESS Reparse Point/Junction found!
* C:\Program Files\Windows Defender\cs-CZ => c:\windows\system32\config\ [Dir]
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
20 out of 15531 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 08/17/2014 08:12:38 PM
Execution time: 0 hours(s), 2 minute(s), and 10 seconds(s)
-
elzad
Re: prosím o preventivní kontrolu
ComboFix 14-08-17.01 - Jan 17.08.2014 20:22:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4008.2089 [GMT 2:00]
Spuštěný z: c:\users\Jan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\assembly\tmp
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\nsdBB87.tmp
c:\users\Jan\AppData\Local\nszEAC1.tmp
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Public\WINDOWS
c:\users\Public\WINDOWS\game.bat
c:\users\Public\WINDOWS\game.vbs
c:\users\Public\WINDOWS\libcurl.dll
c:\users\Public\WINDOWS\make.bat
c:\users\Public\WINDOWS\make.vbs
c:\users\Public\WINDOWS\pthreadGC2.dll
c:\users\Public\WINDOWS\run.bat
c:\users\Public\WINDOWS\run.vbs
c:\users\Public\WINDOWS\zlib1.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\3.9.0.126_20140723022507.exe
c:\windows\SysWow64\AF15BDAEX.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-17 do 2014-08-17 )))))))))))))))))))))))))))))))
.
.
2014-08-17 18:37 . 2014-08-17 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 13:16 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{849E0B80-2118-4782-B343-13D42CEA0699}\mpengine.dll
2014-08-17 08:51 . 2014-08-17 16:54 -------- d-----w- c:\users\Jan\AppData\Roaming\XBMC
2014-08-17 08:49 . 2014-08-17 08:50 -------- d-----w- c:\program files (x86)\XBMC
2014-08-16 10:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-16 09:55 . 2014-08-16 09:55 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 20:58 . 2014-08-16 16:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-08-15 20:49 . 2014-08-15 20:49 -------- d-----w- c:\program files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 20:42 . 2014-08-16 17:31 -------- d-----w- c:\program files (x86)\Company
2014-08-15 11:37 . 2014-08-15 11:37 -------- d-----w- c:\program files (x86)\EZCast
2014-08-14 20:56 . 2014-08-14 21:02 -------- d-----w- C:\The KMPlayer
2014-08-13 17:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:37 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:37 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 17:24 . 2014-05-02 23:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FB89873-3AEB-4172-AB49-72470FAC986F}\gapaengine.dll
2014-08-13 15:25 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 15:25 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 15:25 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 15:25 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 15:25 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 15:23 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 15:23 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 15:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 15:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 09:18 . 2014-08-14 15:07 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2014-08-11 15:24 . 2014-08-11 15:24 87040 ----a-w- c:\windows\SysWow64\GameLauncher_x64.exe
2014-08-11 14:30 . 2014-08-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\CIGLER SOFTWARE
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- C:\DreamWorldCache
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- c:\users\Jan\AppData\Local\Funcom
2014-08-08 17:20 . 2014-08-15 11:37 -------- d-----w- c:\programdata\EZDisplay
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 12:55 . 2014-08-04 12:57 -------- d-----w- c:\users\Jan\AppData\Roaming\EZDownloader
2014-08-04 12:53 . 2014-08-14 15:49 -------- d-----w- c:\programdata\FreshApp installer
2014-08-01 07:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:05 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 07:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 16:23 . 2011-10-29 08:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-31 10:30 . 2014-07-31 10:45 -------- d-----w- c:\users\Jan\AppData\Roaming\Mobogenie
2014-07-31 10:28 . 2014-07-31 10:29 -------- d-----w- c:\users\Jan\AppData\Local\Sundance
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Roaming\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Local\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\programdata\HighAndes
2014-07-28 14:37 . 2014-07-28 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 14:36 . 2009-10-20 16:00 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-07-28 14:35 . 2014-07-28 14:35 -------- d-----w- c:\program files (x86)\HighCriteria
2014-07-28 11:56 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A1A.tmp
2014-07-28 11:56 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A19.tmp
2014-07-28 11:49 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54BF.tmp
2014-07-28 11:49 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54AF.tmp
2014-07-28 11:28 . 2014-07-28 11:28 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-28 09:34 . 2014-08-01 08:46 -------- d-----w- c:\users\Jan\AppData\Roaming\update_tc
2014-07-28 09:27 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncejfiek.vbe
2014-07-28 09:25 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
2014-07-28 09:17 . 2014-03-05 20:19 7670 --s-a-w- c:\windows\SysWow64\mncfuxsdt.vbe
2014-07-27 20:29 . 2014-07-27 20:29 -------- d-----w- c:\users\Jan\AppData\Roaming\SimilarAddon
2014-07-27 20:00 . 2014-07-27 20:08 -------- d-----w- c:\program files (x86)\Xilisoft
2014-07-27 20:00 . 2014-07-27 20:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Xilisoft
2014-07-27 16:38 . 2014-07-27 16:38 -------- d-----w- c:\users\Jan\AppData\Roaming\dlg
2014-07-26 16:59 . 2014-07-26 16:59 -------- d-----w- c:\program files (x86)\GreenTree Applications
2014-07-26 16:52 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-26 15:17 . 2014-08-14 15:49 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-23 11:20 . 2014-07-23 11:20 -------- d-----w- c:\users\Jan\AppData\Roaming\The Bat!
2014-07-21 12:09 . 2014-07-28 09:47 -------- d-----w- c:\program files (x86)\FastShare
2014-07-20 12:37 . 2014-07-20 12:37 -------- d-----w- c:\programdata\NetSoftware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 09:54 . 2014-06-19 11:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:43 . 2012-01-19 21:08 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-12 19:55 . 2012-04-02 21:43 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-12 19:55 . 2011-07-09 08:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-09 06:26 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:26 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:26 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:26 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:25 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-04 14:42 . 2014-06-04 14:42 2162992 ----a-w- c:\windows\system32\YamahaAE.dll
2014-06-04 14:42 . 2014-06-04 14:42 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2117424 ----a-w- c:\windows\system32\SStudio.dll
2014-06-04 14:42 . 2014-06-04 14:42 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-06-04 14:42 . 2014-06-04 14:42 246008 ----a-w- c:\windows\system32\slprp64.dll
2014-06-04 14:42 . 2014-06-04 14:42 889592 ----a-w- c:\windows\system32\sl3apo64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1048824 ----a-w- c:\windows\system32\slcnt64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-04 14:42 . 2014-06-04 14:42 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-04 14:42 . 2014-06-04 14:42 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-04 14:42 . 2014-06-04 14:42 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-06-04 14:42 . 2014-06-04 14:42 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-04 14:42 . 2014-06-04 14:42 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-04 14:42 . 2014-06-04 14:42 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-04 14:42 . 2014-06-04 14:42 5751048 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-04 14:42 . 2014-06-04 14:42 956504 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-04 14:42 . 2014-06-04 14:42 12894808 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-04 14:42 . 2014-06-04 14:42 3959384 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-06-04 14:42 . 2014-06-04 14:42 28343384 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-04 14:42 . 2014-06-04 14:42 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-04 14:42 . 2014-06-04 14:41 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-04 14:41 . 2014-06-04 14:41 900696 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-04 14:41 . 2014-06-04 14:41 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-04 14:41 . 2014-06-04 14:41 291488 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2014-06-04 14:41 . 2014-06-04 14:41 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-06-04 14:41 . 2014-06-04 14:41 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 33592 ----a-w- c:\windows\system32\audioLibVc.dll
2014-05-30 08:08 . 2014-07-09 06:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 06:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 06:26 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 06:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 06:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 06:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 06:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 06:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 06:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 06:26 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 06:26 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 06:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 06:26 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 06:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 06:26 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 07:25 . 2014-05-29 07:25 911360 ----a-w- C:\MRDownloader.exe
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nezapomen"="c:\program files (x86)\Nezapomen\nezapomen.exe" [2001-06-30 457216]
"ISUSPM Startup"="c:\progra~2\common~1\instal~1\update~1\isuspm.exe" [2004-06-16 221184]
"f.lux"="c:\users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe" [2004-01-12 241664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-06-21 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"EPSON SX218 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE" [2009-09-14 224768]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-30 925960]
"mncevcgbgSrv"="c:\windows\system32\mncevcgbg.vbe" [2014-03-05 7670]
"mncdmdlSrv"="c:\windows\system32\mncdmdl.vbe" [2014-03-05 7670]
"mncowkgoSrv"="c:\windows\inf\mncowkgo.vbe" [2014-01-19 1342]
"mncebivqbSrv"="c:\windows\inf\mncebivqb.vbe" [2014-01-19 1342]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-09-20 7801088]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105328]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-11-12 2532864]
"mncxwosmSrv"="c:\windows\system32\mncxwosm.vbe" [2014-03-05 7670]
"mncgnootkSrv"="c:\windows\system32\mncgnootk.vbe" [2014-03-05 7670]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2014-05-26 218112]
"mncfuxsdtSrv"="c:\windows\system32\mncfuxsdt.vbe" [2014-03-05 7670]
"mncnkdxpSrv"="c:\windows\inf\mncnkdxp.vbe" [2014-01-19 1342]
"mncrhakijSrv"="c:\windows\inf\mncrhakij.vbe" [2014-01-13 1338]
"mncejfiekSrv"="c:\windows\system32\mncejfiek.vbe" [2014-03-05 7670]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-06-21 109784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2014-3-21 399360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"Family Tree Builder Update"=c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
"WCtrlPanel"=c:\windows\SysWOW64\CtrlPanel.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\progra~2\common~1\instal~1\update~1\issch.exe" -start
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 esgiguard;esgiguard; [x]
R3 gwiopm;gwiopm; [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PQAWRwa;PQAWRwa; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys;c:\windows\SYSNATIVE\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-27 16:43 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-16 02:37 23496 ----a-w- c:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-04 13672152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-08-21 519504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-05-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-05-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-05-15 442352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/1start.roboform.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsažené FLV video - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{44BB3BD4-AFCE-49BE-82BE-3ED2C532F40E}\14E64627F69646: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
user_pref(extensions.autoDisableScopes,14);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Zoner Photo Studio Autoupdate - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE
SafeBoot-Lavasoft Ad-Aware Service
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
BHO-{0B28B3C1-3E43-BDE6-615C-9887EF5347D8} - c:\program files (x86)\Adblocker\gsuIkDe5y.x64.dll
BHO-{F804824F-C6B7-88B3-63F3-0CAF79595B6C} - c:\program files (x86)\priccechoop\YbNEY7B.x64.dll
Toolbar-Locked - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b1,89,6c,af,4e,6e,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,8d,40,9d,d6,0a,29,44,ac,7d,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,8d,40,9d,d6,0a,29,44,ac,7d,47,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):07,f2,c6,56,a3,c0,80,cf,b9,6a,30,81,a2,04,53,44,0d,29,ef,8a,9a,
d7,a4,92,ee,e5,47,08,34,9e,f4,60,ae,a4,21,0c,ec,39,d5,bc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{60151d09-0d64-4067-bb4a-21eb9a528319}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009e
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,78,3a,30,ae,ff,4a,03,d3,99,20,41,05,04,df,ce,3f,d0,6f,3b,3a,b9,ad,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):42,4d,fa,73,66,6b,d6,b5,3c,ac,87,7a,c1,19,73,9e,06,d3,25,1a,58,
7f,e5,6f,7e,fd,74,53,dd,6c,17,c0,e2,0f,bc,51,9b,7e,3c,ff,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{f516d1c7-7cc6-4f31-9de9-e10317b00391}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000096
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,86,31,b1,1f,b0,31,ba,d0,ac,f6,da,34,97,37,b0,62,c1,ed,86,d0,e7,83,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="6711127C6FC716B7344155D2314E67B95738C2BFB9613E3F05E0F4E8CDA8C0EC8347B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C3EE566995867039832E8B0E6F47BC90A946AB14C9E261FABE6F812523D4621EF6EDAA01EA40C4EB28632701F23BCADC875E8027B295107D758750B5CF75A26042068BDFCE73733F1164DA98F37A3980AFC5D2AF3ED8E7B9BB87D643CCFBE3E48870FD77FE1509ABCCE127AFEF8FB4642F294E69A5CAC291A46711D14FCEAA626FDE54FA73395F1EA416A436C90E771D741EC3B0948533DE4E4C577BA9C2A9E818094C9A8DF1428CCA5552A068E5A5E26F859EC8C697C6B061D037DBAAD1B692EAF592E685332B32354E39832641D51FA4AE186A7DAF3E9F71A4577511530CEF4D105A8835AA58B25CBBC3A89E8CD939A0D22D50F9BDD732B2CBBF4F11CAF1A934DFBA9C926FAADFAAD1B80D5D4DB73BC3CC7ECAC0FAE468347AB4AC3EE359BBA30B965BECB919AC4BFCBA19A490D430A7817231E7D30255A036D8D201DAF2610ACC9D319451ED592ECB1968AC6F857A381E791B41101D7F99B6D9A161C6112AA95CDB1C4EF27E86CC1429C10B58D8A9C41A49675DA9227A3F1AB90E8C2613B99657B7EE08C89604A700AB3C4DD0B39F9BF4D539ACCA9E20A87BBD10ECF99015EB71B7D42C0F44D9BCF2521FB6E8646B8AE75AF123EE15E5685460730E149C5EACE0CB86F966C434258C6EEB97A6816485F42D4FB6B276E25B88899AD7E05F22B0F3DFBA3FBC75C14A9B5EAB5F76D938849F0312FF3BC6E048FD1B91A8C3174FA0135D5CF40B4345A044B245C42A72CD3855077B4DAB7BE799F87DA3BD888392CD18C9C161A306BD4CE76F0CE16F95173D5C31CC90701BEFC9FA0338C151C330351F1E74FA31028B391386B61181E77A79BC25BDFC35858796AA93D3BD5CBDC38F5A4920559FA901E7DA76F9CCBA01B22DD57B19DC14E73CF02C23A2A91D0B0F8D9FABCF79B6CD32E62EF1EBC1EE1368AC7A162DB134881548921AC6F25B42D67365F4C1C32362070B64EDC32DC984E7BA7D57228AF81F2CEC88C5A57D1D6D8976E4DE898C4792C699316D5A2B9CA660572B9AD43F385BEFAAB6050DEBBE9B79307D57DC86030AF0D382B74E64A570829BB2A21A39D396109420F5C39EBF359D52820BB3C78A46746850B6A090B6EC25F40141F73504F561CBF1B92CBCCCF4952A0E396B6E0F793F281C12D4BD9932713DFFDBC0E9453234EFC1DC9B2B1AD9E6DDE6F47AE531CF9645672F6A1F722CAA21BFB5607D4A24D2A75C19C3CCB0F6F7E7A23C8D16D5AE2625352C3360D44C7619B3B88A3616FDFB0C948E9E8364BD6D32975DB7DB0CE1A25672D546223"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2014-08-17 20:48:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-17 18:48
.
Před spuštěním: Volných bajtů: 406 125 248 512
Po spuštění: Volných bajtů: 406 097 227 776
.
- - End Of File - - 9215E86646EA931E7EAEAD6E52CED19C
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4008.2089 [GMT 2:00]
Spuštěný z: c:\users\Jan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\assembly\tmp
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Jan\AppData\Local\nsdBB87.tmp
c:\users\Jan\AppData\Local\nszEAC1.tmp
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\Jan\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\cafjfomneppcebnjelgnjicpnfimnaha\3.9\tx5.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\iU8s7.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Torch\User Data\Default\Extensions\hpmcdiephomdkjdpgbbjhnlebeofkdcd\240\manifest.json
c:\users\Public\WINDOWS
c:\users\Public\WINDOWS\game.bat
c:\users\Public\WINDOWS\game.vbs
c:\users\Public\WINDOWS\libcurl.dll
c:\users\Public\WINDOWS\make.bat
c:\users\Public\WINDOWS\make.vbs
c:\users\Public\WINDOWS\pthreadGC2.dll
c:\users\Public\WINDOWS\run.bat
c:\users\Public\WINDOWS\run.vbs
c:\users\Public\WINDOWS\zlib1.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\3.9.0.126_20140723022507.exe
c:\windows\SysWow64\AF15BDAEX.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-17 do 2014-08-17 )))))))))))))))))))))))))))))))
.
.
2014-08-17 18:37 . 2014-08-17 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 13:16 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{849E0B80-2118-4782-B343-13D42CEA0699}\mpengine.dll
2014-08-17 08:51 . 2014-08-17 16:54 -------- d-----w- c:\users\Jan\AppData\Roaming\XBMC
2014-08-17 08:49 . 2014-08-17 08:50 -------- d-----w- c:\program files (x86)\XBMC
2014-08-16 10:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-16 09:55 . 2014-08-16 09:55 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 20:58 . 2014-08-16 16:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-08-15 20:49 . 2014-08-15 20:49 -------- d-----w- c:\program files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 20:42 . 2014-08-16 17:31 -------- d-----w- c:\program files (x86)\Company
2014-08-15 11:37 . 2014-08-15 11:37 -------- d-----w- c:\program files (x86)\EZCast
2014-08-14 20:56 . 2014-08-14 21:02 -------- d-----w- C:\The KMPlayer
2014-08-13 17:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:37 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:37 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 17:24 . 2014-05-02 23:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FB89873-3AEB-4172-AB49-72470FAC986F}\gapaengine.dll
2014-08-13 15:25 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 15:25 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 15:25 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 15:25 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 15:25 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 15:23 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 15:23 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 15:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 15:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 09:18 . 2014-08-14 15:07 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2014-08-11 15:24 . 2014-08-11 15:24 87040 ----a-w- c:\windows\SysWow64\GameLauncher_x64.exe
2014-08-11 14:30 . 2014-08-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\CIGLER SOFTWARE
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- C:\DreamWorldCache
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- c:\users\Jan\AppData\Local\Funcom
2014-08-08 17:20 . 2014-08-15 11:37 -------- d-----w- c:\programdata\EZDisplay
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 12:55 . 2014-08-04 12:57 -------- d-----w- c:\users\Jan\AppData\Roaming\EZDownloader
2014-08-04 12:53 . 2014-08-14 15:49 -------- d-----w- c:\programdata\FreshApp installer
2014-08-01 07:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:05 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 07:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 16:23 . 2011-10-29 08:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-31 10:30 . 2014-07-31 10:45 -------- d-----w- c:\users\Jan\AppData\Roaming\Mobogenie
2014-07-31 10:28 . 2014-07-31 10:29 -------- d-----w- c:\users\Jan\AppData\Local\Sundance
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Roaming\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Local\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\programdata\HighAndes
2014-07-28 14:37 . 2014-07-28 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 14:36 . 2009-10-20 16:00 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-07-28 14:35 . 2014-07-28 14:35 -------- d-----w- c:\program files (x86)\HighCriteria
2014-07-28 11:56 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A1A.tmp
2014-07-28 11:56 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A19.tmp
2014-07-28 11:49 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54BF.tmp
2014-07-28 11:49 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54AF.tmp
2014-07-28 11:28 . 2014-07-28 11:28 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-28 09:34 . 2014-08-01 08:46 -------- d-----w- c:\users\Jan\AppData\Roaming\update_tc
2014-07-28 09:27 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncejfiek.vbe
2014-07-28 09:25 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
2014-07-28 09:17 . 2014-03-05 20:19 7670 --s-a-w- c:\windows\SysWow64\mncfuxsdt.vbe
2014-07-27 20:29 . 2014-07-27 20:29 -------- d-----w- c:\users\Jan\AppData\Roaming\SimilarAddon
2014-07-27 20:00 . 2014-07-27 20:08 -------- d-----w- c:\program files (x86)\Xilisoft
2014-07-27 20:00 . 2014-07-27 20:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Xilisoft
2014-07-27 16:38 . 2014-07-27 16:38 -------- d-----w- c:\users\Jan\AppData\Roaming\dlg
2014-07-26 16:59 . 2014-07-26 16:59 -------- d-----w- c:\program files (x86)\GreenTree Applications
2014-07-26 16:52 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-26 15:17 . 2014-08-14 15:49 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-23 11:20 . 2014-07-23 11:20 -------- d-----w- c:\users\Jan\AppData\Roaming\The Bat!
2014-07-21 12:09 . 2014-07-28 09:47 -------- d-----w- c:\program files (x86)\FastShare
2014-07-20 12:37 . 2014-07-20 12:37 -------- d-----w- c:\programdata\NetSoftware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 09:54 . 2014-06-19 11:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:43 . 2012-01-19 21:08 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-12 19:55 . 2012-04-02 21:43 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-12 19:55 . 2011-07-09 08:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-09 06:26 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:26 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:26 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:26 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:25 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-04 14:42 . 2014-06-04 14:42 2162992 ----a-w- c:\windows\system32\YamahaAE.dll
2014-06-04 14:42 . 2014-06-04 14:42 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2117424 ----a-w- c:\windows\system32\SStudio.dll
2014-06-04 14:42 . 2014-06-04 14:42 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-06-04 14:42 . 2014-06-04 14:42 246008 ----a-w- c:\windows\system32\slprp64.dll
2014-06-04 14:42 . 2014-06-04 14:42 889592 ----a-w- c:\windows\system32\sl3apo64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1048824 ----a-w- c:\windows\system32\slcnt64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-04 14:42 . 2014-06-04 14:42 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-04 14:42 . 2014-06-04 14:42 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-04 14:42 . 2014-06-04 14:42 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-06-04 14:42 . 2014-06-04 14:42 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-04 14:42 . 2014-06-04 14:42 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-04 14:42 . 2014-06-04 14:42 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-04 14:42 . 2014-06-04 14:42 5751048 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-04 14:42 . 2014-06-04 14:42 956504 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-04 14:42 . 2014-06-04 14:42 12894808 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-04 14:42 . 2014-06-04 14:42 3959384 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-06-04 14:42 . 2014-06-04 14:42 28343384 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-04 14:42 . 2014-06-04 14:42 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-04 14:42 . 2014-06-04 14:41 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-04 14:41 . 2014-06-04 14:41 900696 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-04 14:41 . 2014-06-04 14:41 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-04 14:41 . 2014-06-04 14:41 291488 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2014-06-04 14:41 . 2014-06-04 14:41 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-06-04 14:41 . 2014-06-04 14:41 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 33592 ----a-w- c:\windows\system32\audioLibVc.dll
2014-05-30 08:08 . 2014-07-09 06:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 06:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 06:26 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 06:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 06:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 06:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 06:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 06:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 06:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 06:26 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 06:26 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 06:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 06:26 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 06:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 06:26 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 07:25 . 2014-05-29 07:25 911360 ----a-w- C:\MRDownloader.exe
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nezapomen"="c:\program files (x86)\Nezapomen\nezapomen.exe" [2001-06-30 457216]
"ISUSPM Startup"="c:\progra~2\common~1\instal~1\update~1\isuspm.exe" [2004-06-16 221184]
"f.lux"="c:\users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe" [2004-01-12 241664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-06-21 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"EPSON SX218 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE" [2009-09-14 224768]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-30 925960]
"mncevcgbgSrv"="c:\windows\system32\mncevcgbg.vbe" [2014-03-05 7670]
"mncdmdlSrv"="c:\windows\system32\mncdmdl.vbe" [2014-03-05 7670]
"mncowkgoSrv"="c:\windows\inf\mncowkgo.vbe" [2014-01-19 1342]
"mncebivqbSrv"="c:\windows\inf\mncebivqb.vbe" [2014-01-19 1342]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-09-20 7801088]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105328]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-11-12 2532864]
"mncxwosmSrv"="c:\windows\system32\mncxwosm.vbe" [2014-03-05 7670]
"mncgnootkSrv"="c:\windows\system32\mncgnootk.vbe" [2014-03-05 7670]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2014-05-26 218112]
"mncfuxsdtSrv"="c:\windows\system32\mncfuxsdt.vbe" [2014-03-05 7670]
"mncnkdxpSrv"="c:\windows\inf\mncnkdxp.vbe" [2014-01-19 1342]
"mncrhakijSrv"="c:\windows\inf\mncrhakij.vbe" [2014-01-13 1338]
"mncejfiekSrv"="c:\windows\system32\mncejfiek.vbe" [2014-03-05 7670]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-06-21 109784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2014-3-21 399360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"Family Tree Builder Update"=c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
"WCtrlPanel"=c:\windows\SysWOW64\CtrlPanel.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\progra~2\common~1\instal~1\update~1\issch.exe" -start
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 esgiguard;esgiguard; [x]
R3 gwiopm;gwiopm; [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PQAWRwa;PQAWRwa; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys;c:\windows\SYSNATIVE\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-27 16:43 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-16 02:37 23496 ----a-w- c:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-04 13672152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-08-21 519504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-05-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-05-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-05-15 442352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/1start.roboform.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsažené FLV video - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{44BB3BD4-AFCE-49BE-82BE-3ED2C532F40E}\14E64627F69646: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
user_pref(extensions.autoDisableScopes,14);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Zoner Photo Studio Autoupdate - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE
SafeBoot-Lavasoft Ad-Aware Service
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
BHO-{0B28B3C1-3E43-BDE6-615C-9887EF5347D8} - c:\program files (x86)\Adblocker\gsuIkDe5y.x64.dll
BHO-{F804824F-C6B7-88B3-63F3-0CAF79595B6C} - c:\program files (x86)\priccechoop\YbNEY7B.x64.dll
Toolbar-Locked - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b1,89,6c,af,4e,6e,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,8d,40,9d,d6,0a,29,44,ac,7d,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,8d,40,9d,d6,0a,29,44,ac,7d,47,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):07,f2,c6,56,a3,c0,80,cf,b9,6a,30,81,a2,04,53,44,0d,29,ef,8a,9a,
d7,a4,92,ee,e5,47,08,34,9e,f4,60,ae,a4,21,0c,ec,39,d5,bc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{60151d09-0d64-4067-bb4a-21eb9a528319}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009e
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,78,3a,30,ae,ff,4a,03,d3,99,20,41,05,04,df,ce,3f,d0,6f,3b,3a,b9,ad,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):42,4d,fa,73,66,6b,d6,b5,3c,ac,87,7a,c1,19,73,9e,06,d3,25,1a,58,
7f,e5,6f,7e,fd,74,53,dd,6c,17,c0,e2,0f,bc,51,9b,7e,3c,ff,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{f516d1c7-7cc6-4f31-9de9-e10317b00391}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000096
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,86,31,b1,1f,b0,31,ba,d0,ac,f6,da,34,97,37,b0,62,c1,ed,86,d0,e7,83,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="6711127C6FC716B7344155D2314E67B95738C2BFB9613E3F05E0F4E8CDA8C0EC8347B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C3EE566995867039832E8B0E6F47BC90A946AB14C9E261FABE6F812523D4621EF6EDAA01EA40C4EB28632701F23BCADC875E8027B295107D758750B5CF75A26042068BDFCE73733F1164DA98F37A3980AFC5D2AF3ED8E7B9BB87D643CCFBE3E48870FD77FE1509ABCCE127AFEF8FB4642F294E69A5CAC291A46711D14FCEAA626FDE54FA73395F1EA416A436C90E771D741EC3B0948533DE4E4C577BA9C2A9E818094C9A8DF1428CCA5552A068E5A5E26F859EC8C697C6B061D037DBAAD1B692EAF592E685332B32354E39832641D51FA4AE186A7DAF3E9F71A4577511530CEF4D105A8835AA58B25CBBC3A89E8CD939A0D22D50F9BDD732B2CBBF4F11CAF1A934DFBA9C926FAADFAAD1B80D5D4DB73BC3CC7ECAC0FAE468347AB4AC3EE359BBA30B965BECB919AC4BFCBA19A490D430A7817231E7D30255A036D8D201DAF2610ACC9D319451ED592ECB1968AC6F857A381E791B41101D7F99B6D9A161C6112AA95CDB1C4EF27E86CC1429C10B58D8A9C41A49675DA9227A3F1AB90E8C2613B99657B7EE08C89604A700AB3C4DD0B39F9BF4D539ACCA9E20A87BBD10ECF99015EB71B7D42C0F44D9BCF2521FB6E8646B8AE75AF123EE15E5685460730E149C5EACE0CB86F966C434258C6EEB97A6816485F42D4FB6B276E25B88899AD7E05F22B0F3DFBA3FBC75C14A9B5EAB5F76D938849F0312FF3BC6E048FD1B91A8C3174FA0135D5CF40B4345A044B245C42A72CD3855077B4DAB7BE799F87DA3BD888392CD18C9C161A306BD4CE76F0CE16F95173D5C31CC90701BEFC9FA0338C151C330351F1E74FA31028B391386B61181E77A79BC25BDFC35858796AA93D3BD5CBDC38F5A4920559FA901E7DA76F9CCBA01B22DD57B19DC14E73CF02C23A2A91D0B0F8D9FABCF79B6CD32E62EF1EBC1EE1368AC7A162DB134881548921AC6F25B42D67365F4C1C32362070B64EDC32DC984E7BA7D57228AF81F2CEC88C5A57D1D6D8976E4DE898C4792C699316D5A2B9CA660572B9AD43F385BEFAAB6050DEBBE9B79307D57DC86030AF0D382B74E64A570829BB2A21A39D396109420F5C39EBF359D52820BB3C78A46746850B6A090B6EC25F40141F73504F561CBF1B92CBCCCF4952A0E396B6E0F793F281C12D4BD9932713DFFDBC0E9453234EFC1DC9B2B1AD9E6DDE6F47AE531CF9645672F6A1F722CAA21BFB5607D4A24D2A75C19C3CCB0F6F7E7A23C8D16D5AE2625352C3360D44C7619B3B88A3616FDFB0C948E9E8364BD6D32975DB7DB0CE1A25672D546223"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2014-08-17 20:48:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-17 18:48
.
Před spuštěním: Volných bajtů: 406 125 248 512
Po spuštění: Volných bajtů: 406 097 227 776
.
- - End Of File - - 9215E86646EA931E7EAEAD6E52CED19C
A36C5E4F47E84449FF07ED3517B43A31
Re: prosím o preventivní kontrolu
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
elzad
Re: prosím o preventivní kontrolu
# AdwCleaner v3.307 - Report created 18/08/2014 at 10:07:46
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jan - JAN-PC
# Running from : C:\Users\Jan\Desktop\adwcleaner_3.307.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\priccechoop
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Jan\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Jan\AppData\Local\torch
Folder Deleted : C:\Users\Jan\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Jan\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\Jan\AppData\Roaming\SimilarAddon
Folder Deleted : C:\Users\Jan\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\torch
File Deleted : C:\Windows\System32\GroupPolicy\Machine\Registry.pol
File Deleted : C:\Windows\System32\GroupPolicy\User\Registry.pol
File Deleted : C:\Users\Jan\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Jan\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\invalidprefs.js
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\bbytdkrn.default\user.js
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : Express FilesUpdate
Task Deleted : LaunchSignup
Task Deleted : YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\bbytdkrn.default\prefs.js ]
[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\prefs.js ]
Line Deleted : user_pref("extensions.3_or3Q.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.QuROdxFVWqI.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.QuROdxFVWqI.url", "hxxp://safesitte.com/sync2/?q=hfZ9ofV9CShEAen0rTU9rShTB6lKDzt4okqAtNtVh7n0rjnEpda9rjs8rTnHtMFHhd9Fqda5rjgFrTaFrjwMDMlGojUMAe4Uojs8rTsErTrHpdaGrTYHpjg8qTwMC6qUo[...]
-\\ Google Chrome v37.0.2062.58
[ File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R10].txt - [1323 octets] - [06/01/2014 18:38:49]
AdwCleaner[R11].txt - [1823 octets] - [08/01/2014 19:12:36]
AdwCleaner[R12].txt - [1203 octets] - [09/01/2014 10:27:24]
AdwCleaner[R13].txt - [5848 octets] - [11/03/2014 10:46:41]
AdwCleaner[R14].txt - [15732 octets] - [26/07/2014 18:51:38]
AdwCleaner[R15].txt - [5846 octets] - [18/08/2014 10:05:55]
AdwCleaner[S10].txt - [1822 octets] - [08/01/2014 19:13:10]
AdwCleaner[S11].txt - [5912 octets] - [11/03/2014 10:48:37]
AdwCleaner[S12].txt - [15925 octets] - [26/07/2014 18:52:50]
AdwCleaner[S13].txt - [5551 octets] - [18/08/2014 10:07:46]
AdwCleaner[S9].txt - [1403 octets] - [06/01/2014 18:39:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [5672 octets] ##########
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jan - JAN-PC
# Running from : C:\Users\Jan\Desktop\adwcleaner_3.307.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\priccechoop
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Jan\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Jan\AppData\Local\torch
Folder Deleted : C:\Users\Jan\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Jan\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\Jan\AppData\Roaming\SimilarAddon
Folder Deleted : C:\Users\Jan\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\torch
File Deleted : C:\Windows\System32\GroupPolicy\Machine\Registry.pol
File Deleted : C:\Windows\System32\GroupPolicy\User\Registry.pol
File Deleted : C:\Users\Jan\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Jan\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\invalidprefs.js
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\bbytdkrn.default\user.js
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : Express FilesUpdate
Task Deleted : LaunchSignup
Task Deleted : YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\bbytdkrn.default\prefs.js ]
[ File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\prefs.js ]
Line Deleted : user_pref("extensions.3_or3Q.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.QuROdxFVWqI.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.QuROdxFVWqI.url", "hxxp://safesitte.com/sync2/?q=hfZ9ofV9CShEAen0rTU9rShTB6lKDzt4okqAtNtVh7n0rjnEpda9rjs8rTnHtMFHhd9Fqda5rjgFrTaFrjwMDMlGojUMAe4Uojs8rTsErTrHpdaGrTYHpjg8qTwMC6qUo[...]
-\\ Google Chrome v37.0.2062.58
[ File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R10].txt - [1323 octets] - [06/01/2014 18:38:49]
AdwCleaner[R11].txt - [1823 octets] - [08/01/2014 19:12:36]
AdwCleaner[R12].txt - [1203 octets] - [09/01/2014 10:27:24]
AdwCleaner[R13].txt - [5848 octets] - [11/03/2014 10:46:41]
AdwCleaner[R14].txt - [15732 octets] - [26/07/2014 18:51:38]
AdwCleaner[R15].txt - [5846 octets] - [18/08/2014 10:05:55]
AdwCleaner[S10].txt - [1822 octets] - [08/01/2014 19:13:10]
AdwCleaner[S11].txt - [5912 octets] - [11/03/2014 10:48:37]
AdwCleaner[S12].txt - [15925 octets] - [26/07/2014 18:52:50]
AdwCleaner[S13].txt - [5551 octets] - [18/08/2014 10:07:46]
AdwCleaner[S9].txt - [1403 octets] - [06/01/2014 18:39:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [5672 octets] ##########
Re: prosím o preventivní kontrolu
Odinstalujte vse od IObit (Malware Fighter, LiveUpdate, IObitUnlocker...) Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\users\Jan\AppData\Roaming\update_tc c:\users\Jan\AppData\Roaming\SimilarAddon c:\program files (x86)\IObit Collect:: c:\windows\system32\mncevcgbg.vbe c:\windows\system32\mncejfiek.vbe c:\windows\SysWow64\mncejfiek.vbe c:\windows\SysWow64\mncfuxsdt.vbe c:\windows\inf\mncrhakij.vbe c:\windows\system32\mncevcgbg.vbe c:\windows\system32\mncdmdl.vbe c:\windows\inf\mncnkdxp.vbe c:\windows\system32\mncejfiek.vbe c:\windows\system32\mncgnootk.vbe c:\windows\system32\mncxwosm.vbe c:\windows\inf\mncebivqb.vbe c:\windows\inf\mncowkgo.vbe c:\windows\system32\mncdmdl.vbe File:: c:\windows\Tasks\Adobe Flash Player Updater.job Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"=- "DAEMON Tools Lite"=- "IDMan"=- "RoboForm"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- "Bonus.SSR.FR11"=- "mncevcgbgSrv"=- "mncdmdlSrv"=- "mncowkgoSrv"=- "mncebivqbSrv"=- "Family Tree Builder Update"=- "mncxwosmSrv"=- "mncgnootkSrv"=- "DAEMON Tools Lite"=- "NetSoftware"=- "mncfuxsdtSrv"=- "mncnkdxpSrv"=- "mncrhakijSrv"=- "mncejfiekSrv"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "RoboForm"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"=- [-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] Driver:: IMFservice LiveUpdateSvc esgiguard gwiopm RegFilter UrlFilter FileMonitor IObitUnlocker RegLock:: [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{60151d09-0d64-4067-bb4a-21eb9a528319}] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{f516d1c7-7cc6-4f31-9de9-e10317b00391}] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{f516d1c7-7cc6-4f31-9de9-e10317b00391}] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{f516d1c7-7cc6-4f31-9de9-e10317b00391}] [HKEY_USERS\S-1-5-21-3371989906-421553980-335095200-1000_Classes\Wow6432Node\CLSID\{f516d1c7-7cc6-4f31-9de9-e10317b00391}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] RegNull:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
elzad
Re: prosím o preventivní kontrolu
ComboFix 14-08-17.01 - Jan 18.08.2014 13:02:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4008.1815 [GMT 2:00]
Spuštěný z: c:\users\Jan\Downloads\Programs\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jan\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64_1.dll
c:\program files (x86)\IObit\LiveUpdate\Language\Arabic.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Belarusian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Czech.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Dutch.lng
c:\program files (x86)\IObit\LiveUpdate\Language\English.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Finnish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\German.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Hungarian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\ChineseSimp.lng
c:\program files (x86)\IObit\LiveUpdate\Language\ChineseTrad.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Japanese.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Polish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-BR).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Romanian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Russian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (cyrillic).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (latin).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Slovenian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Spanish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Swedish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Turkish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Vietnamese.lng
c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe
c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.log
c:\program files (x86)\IObit\LiveUpdate\LiveUpdateSrvUpt.log
c:\program files (x86)\IObit\LiveUpdate\ProductStatistics.dll
c:\program files (x86)\IObit\LiveUpdate\ProductStatistics.log
c:\program files (x86)\IObit\LiveUpdate\ProductUpt.log
c:\program files (x86)\IObit\LiveUpdate\system.ini
c:\program files (x86)\IObit\LiveUpdate\update\update.spt
c:\users\Jan\AppData\Roaming\update_tc
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Legacy_FILEMONITOR
-------\Legacy_IOBITUNLOCKER
-------\Legacy_REGFILTER
-------\Legacy_URLFILTER
-------\Service_esgiguard
-------\Service_FileMonitor
-------\Service_gwiopm
-------\Service_IMFservice
-------\Service_LiveUpdateSvc
-------\Service_RegFilter
-------\Service_UrlFilter
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-18 do 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 11:13 . 2014-08-18 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-18 11:13 . 2014-08-18 11:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-18 09:04 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC44EFDC-8434-4BD1-B2CF-FF79CE931768}\mpengine.dll
2014-08-17 21:11 . 2014-08-17 21:11 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-17 21:11 . 2014-08-17 21:11 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-17 21:11 . 2014-08-17 21:11 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-17 21:11 . 2014-08-17 21:11 189352 ----a-w- c:\windows\system32\java.exe
2014-08-17 20:10 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncypccdv.vbe
2014-08-17 20:10 . 2013-12-09 23:30 10236928 --s-a-w- c:\windows\SysWow64\acumncypccdv.exe
2014-08-17 20:10 . 2013-10-26 19:30 972814 --s-a-w- c:\windows\SysWow64\dcgmncypccdv.exe
2014-08-17 19:53 . 2014-08-17 21:13 -------- d-----w- c:\users\Jan\AppData\Roaming\Dropbox
2014-08-17 19:51 . 2014-08-17 19:51 -------- d-----w- c:\users\Jan\AppData\Roaming\AVAST Software
2014-08-17 19:49 . 2014-08-17 19:49 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-17 19:49 . 2014-08-17 19:49 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-17 19:49 . 2014-08-17 19:50 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-17 19:49 . 2014-08-17 19:49 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-17 19:49 . 2014-08-17 19:49 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-17 19:49 . 2014-08-17 19:49 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-17 19:49 . 2014-08-17 19:49 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-17 19:49 . 2014-08-17 19:49 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-17 19:49 . 2014-08-17 19:49 43152 ----a-w- c:\windows\avastSS.scr
2014-08-17 19:46 . 2014-08-17 19:46 -------- d-----w- c:\program files\AVAST Software
2014-08-17 19:45 . 2014-08-17 19:46 -------- d-----w- c:\programdata\AVAST Software
2014-08-17 19:34 . 2014-08-17 19:34 -------- d-----w- c:\programdata\AVG
2014-08-17 13:16 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-17 08:51 . 2014-08-17 16:54 -------- d-----w- c:\users\Jan\AppData\Roaming\XBMC
2014-08-17 08:49 . 2014-08-17 08:50 -------- d-----w- c:\program files (x86)\XBMC
2014-08-16 09:55 . 2014-08-16 09:55 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 20:58 . 2014-08-16 16:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-08-15 20:49 . 2014-08-15 20:49 -------- d-----w- c:\program files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 20:42 . 2014-08-16 17:31 -------- d-----w- c:\program files (x86)\Company
2014-08-15 11:37 . 2014-08-15 11:37 -------- d-----w- c:\program files (x86)\EZCast
2014-08-14 20:56 . 2014-08-14 21:02 -------- d-----w- C:\The KMPlayer
2014-08-13 17:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:37 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:37 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 17:24 . 2014-05-02 23:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FB89873-3AEB-4172-AB49-72470FAC986F}\gapaengine.dll
2014-08-13 15:25 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 15:25 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 15:25 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 15:25 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 15:25 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 15:23 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 15:23 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 15:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 15:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 09:18 . 2014-08-14 15:07 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2014-08-11 15:24 . 2014-08-11 15:24 87040 ----a-w- c:\windows\SysWow64\GameLauncher_x64.exe
2014-08-11 14:30 . 2014-08-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\CIGLER SOFTWARE
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- C:\DreamWorldCache
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- c:\users\Jan\AppData\Local\Funcom
2014-08-08 17:20 . 2014-08-15 11:37 -------- d-----w- c:\programdata\EZDisplay
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 12:53 . 2014-08-14 15:49 -------- d-----w- c:\programdata\FreshApp installer
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Packages
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\programdata\a60376ee488b6b69
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\NeroMediaHomeUser.4
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\HomeGroupUser$
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Guest
2014-08-01 07:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:05 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 07:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 16:23 . 2011-10-29 08:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-31 10:28 . 2014-07-31 10:29 -------- d-----w- c:\users\Jan\AppData\Local\Sundance
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Roaming\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Local\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\programdata\HighAndes
2014-07-28 14:37 . 2014-07-28 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 14:36 . 2009-10-20 16:00 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-07-28 14:35 . 2014-07-28 14:35 -------- d-----w- c:\program files (x86)\HighCriteria
2014-07-28 11:56 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A1A.tmp
2014-07-28 11:56 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A19.tmp
2014-07-28 11:49 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54BF.tmp
2014-07-28 11:49 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54AF.tmp
2014-07-28 11:28 . 2014-07-28 11:28 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-28 09:25 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
2014-07-27 20:00 . 2014-07-27 20:08 -------- d-----w- c:\program files (x86)\Xilisoft
2014-07-27 20:00 . 2014-07-27 20:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Xilisoft
2014-07-27 16:38 . 2014-07-27 16:38 -------- d-----w- c:\users\Jan\AppData\Roaming\dlg
2014-07-26 16:52 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-26 15:17 . 2014-08-14 15:49 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-23 11:20 . 2014-07-23 11:20 -------- d-----w- c:\users\Jan\AppData\Roaming\The Bat!
2014-07-21 12:09 . 2014-07-28 09:47 -------- d-----w- c:\program files (x86)\FastShare
2014-07-20 12:37 . 2014-07-20 12:37 -------- d-----w- c:\programdata\NetSoftware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 21:09 . 2012-04-02 21:43 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-17 21:09 . 2011-07-09 08:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-17 19:49 . 2013-04-02 20:38 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-16 09:54 . 2014-06-19 11:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:43 . 2012-01-19 21:08 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 02:18 . 2014-07-09 06:26 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:26 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:26 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:26 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:25 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-04 14:42 . 2014-06-04 14:42 2162992 ----a-w- c:\windows\system32\YamahaAE.dll
2014-06-04 14:42 . 2014-06-04 14:42 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2117424 ----a-w- c:\windows\system32\SStudio.dll
2014-06-04 14:42 . 2014-06-04 14:42 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-06-04 14:42 . 2014-06-04 14:42 246008 ----a-w- c:\windows\system32\slprp64.dll
2014-06-04 14:42 . 2014-06-04 14:42 889592 ----a-w- c:\windows\system32\sl3apo64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1048824 ----a-w- c:\windows\system32\slcnt64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-04 14:42 . 2014-06-04 14:42 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-04 14:42 . 2014-06-04 14:42 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-04 14:42 . 2014-06-04 14:42 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-06-04 14:42 . 2014-06-04 14:42 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-04 14:42 . 2014-06-04 14:42 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-04 14:42 . 2014-06-04 14:42 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-04 14:42 . 2014-06-04 14:42 5751048 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-04 14:42 . 2014-06-04 14:42 956504 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-04 14:42 . 2014-06-04 14:42 12894808 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-04 14:42 . 2014-06-04 14:42 3959384 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-06-04 14:42 . 2014-06-04 14:42 28343384 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-04 14:42 . 2014-06-04 14:42 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-04 14:42 . 2014-06-04 14:41 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-04 14:41 . 2014-06-04 14:41 900696 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-04 14:41 . 2014-06-04 14:41 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-04 14:41 . 2014-06-04 14:41 291488 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2014-06-04 14:41 . 2014-06-04 14:41 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-06-04 14:41 . 2014-06-04 14:41 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 33592 ----a-w- c:\windows\system32\audioLibVc.dll
2014-05-30 08:08 . 2014-07-09 06:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 06:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 06:26 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 06:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 06:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 06:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 06:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 06:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 06:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 06:26 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 06:26 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 06:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 06:26 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 06:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 06:26 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 07:25 . 2014-05-29 07:25 911360 ----a-w- C:\MRDownloader.exe
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nezapomen"="c:\program files (x86)\Nezapomen\nezapomen.exe" [2001-06-30 457216]
"f.lux"="c:\users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe" [2004-01-12 241664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX218 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE" [2009-09-14 224768]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-09-20 7801088]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105328]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-17 4085896]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncypccdvSrv"="c:\windows\system32\mncypccdv.vbe" [2014-03-05 7670]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2014-3-21 399360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslf8fa4416;MpKslf8fa4416;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC44EFDC-8434-4BD1-B2CF-FF79CE931768}\MpKslf8fa4416.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC44EFDC-8434-4BD1-B2CF-FF79CE931768}\MpKslf8fa4416.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 PQAWRwa;PQAWRwa; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys;c:\windows\SYSNATIVE\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B28B3C1-3E43-BDE6-615C-9887EF5347D8}]
c:\program files (x86)\Adblocker\gsuIkDe5y.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F804824F-C6B7-88B3-63F3-0CAF79595B6C}]
c:\program files (x86)\priccechoop\YbNEY7B.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-17 19:49 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-16 02:37 23496 ----a-w- c:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-04 13672152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-08-21 519504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-05-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-05-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-05-15 442352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/1start.roboform.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsažené FLV video - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{44BB3BD4-AFCE-49BE-82BE-3ED2C532F40E}\14E64627F69646: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
AddRemove-optimizer_chrome - c:\users\Jan\AppData\Roaming\IDM\bin\chrome_uninstaller.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="6711127C6FC716B7344155D2314E67B95738C2BFB9613E3F05E0F4E8CDA8C0EC8347B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C3EE566995867039832E8B0E6F47BC90A946AB14C9E261FABE6F812523D4621EF6EDAA01EA40C4EB28632701F23BCADC875E8027B295107D758750B5CF75A26042068BDFCE73733F1164DA98F37A3980AFC5D2AF3ED8E7B9BB87D643CCFBE3E48870FD77FE1509ABCCE127AFEF8FB4642F294E69A5CAC291A46711D14FCEAA626FDE54FA73395F1EA416A436C90E771D741EC3B0948533DE4E4C577BA9C2A9E818094C9A8DF1428CCA5552A068E5A5E26F859EC8C697C6B061D037DBAAD1B692EAF592E685332B32354E39832641D51FA4AE186A7DAF3E9F71A4577511530CEF4D105A8835AA58B25CBBC3A89E8CD939A0D22D50F9BDD732B2CBBF4F11CAF1A934DFBA9C926FAADFAAD1B80D5D4DB73BC3CC7ECAC0FAE468347AB4AC3EE359BBA30B965BECB919AC4BFCBA19A490D430A7817231E7D30255A036D8D201DAF2610ACC9D319451ED592ECB1968AC6F857A381E791B41101D7F99B6D9A161C6112AA95CDB1C4EF27E86CC1429C10B58D8A9C41A49675DA9227A3F1AB90E8C2613B99657B7EE08C89604A700AB3C4DD0B39F9BF4D539ACCA9E20A87BBD10ECF99015EB71B7D42C0F44D9BCF2521FB6E8646B8AE75AF123EE15E5685460730E149C5EACE0CB86F966C434258C6EEB97A6816485F42D4FB6B276E25B88899AD7E05F22B0F3DFBA3FBC75C14A9B5EAB5F76D938849F0312FF3BC6E048FD1B91A8C3174FA0135D5CF40B4345A044B245C42A72CD3855077B4DAB7BE799F87DA3BD888392CD18C9C161A306BD4CE76F0CE16F95173D5C31CC90701BEFC9FA0338C151C330351F1E74FA31028B391386B61181E77A79BC25BDFC35858796AA93D3BD5CBDC38F5A4920559FA901E7DA76F9CCBA01B22DD57B19DC14E73CF02C23A2A91D0B0F8D9FABCF79B6CD32E62EF1EBC1EE1368AC7A162DB134881548921AC6F25B42D67365F4C1C32362070B64EDC32DC984E7BA7D57228AF81F2CEC88C5A57D1D6D8976E4DE898C4792C699316D5A2B9CA660572B9AD43F385BEFAAB6050DEBBE9B79307D57DC86030AF0D382B74E64A570829BB2A21A39D396109420F5C39EBF359D52820BB3C78A46746850B6A090B6EC25F40141F73504F561CBF1B92CBCCCF4952A0E396B6E0F793F281C12D4BD9932713DFFDBC0E9453234EFC1DC9B2B1AD9E6DDE6F47AE531CF9645672F6A1F722CAA21BFB5607D4A24D2A75C19C3CCB0F6F7E7A23C8D16D5AE2625352C3360D44C7619B3B88A3616FDFB0C948E9E8364BD6D32975DB7DB0CE1A25672D546223"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2014-08-18 13:24:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-18 11:24
ComboFix2.txt 2014-08-17 18:48
.
Před spuštěním: Volných bajtů: 405 952 290 816
Po spuštění: Volných bajtů: 405 197 893 632
.
- - End Of File - - 0F4D5602FB75FD621DA5311020DA7524
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4008.1815 [GMT 2:00]
Spuštěný z: c:\users\Jan\Downloads\Programs\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jan\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64_1.dll
c:\program files (x86)\IObit\LiveUpdate\Language\Arabic.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Belarusian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Czech.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Dutch.lng
c:\program files (x86)\IObit\LiveUpdate\Language\English.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Finnish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\German.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Hungarian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\ChineseSimp.lng
c:\program files (x86)\IObit\LiveUpdate\Language\ChineseTrad.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Japanese.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Polish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-BR).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Romanian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Russian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (cyrillic).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (latin).lng
c:\program files (x86)\IObit\LiveUpdate\Language\Slovenian.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Spanish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Swedish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Turkish.lng
c:\program files (x86)\IObit\LiveUpdate\Language\Vietnamese.lng
c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe
c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.log
c:\program files (x86)\IObit\LiveUpdate\LiveUpdateSrvUpt.log
c:\program files (x86)\IObit\LiveUpdate\ProductStatistics.dll
c:\program files (x86)\IObit\LiveUpdate\ProductStatistics.log
c:\program files (x86)\IObit\LiveUpdate\ProductUpt.log
c:\program files (x86)\IObit\LiveUpdate\system.ini
c:\program files (x86)\IObit\LiveUpdate\update\update.spt
c:\users\Jan\AppData\Roaming\update_tc
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Legacy_FILEMONITOR
-------\Legacy_IOBITUNLOCKER
-------\Legacy_REGFILTER
-------\Legacy_URLFILTER
-------\Service_esgiguard
-------\Service_FileMonitor
-------\Service_gwiopm
-------\Service_IMFservice
-------\Service_LiveUpdateSvc
-------\Service_RegFilter
-------\Service_UrlFilter
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-18 do 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 11:13 . 2014-08-18 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-18 11:13 . 2014-08-18 11:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-18 09:04 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC44EFDC-8434-4BD1-B2CF-FF79CE931768}\mpengine.dll
2014-08-17 21:11 . 2014-08-17 21:11 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-17 21:11 . 2014-08-17 21:11 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-17 21:11 . 2014-08-17 21:11 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-17 21:11 . 2014-08-17 21:11 189352 ----a-w- c:\windows\system32\java.exe
2014-08-17 20:10 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncypccdv.vbe
2014-08-17 20:10 . 2013-12-09 23:30 10236928 --s-a-w- c:\windows\SysWow64\acumncypccdv.exe
2014-08-17 20:10 . 2013-10-26 19:30 972814 --s-a-w- c:\windows\SysWow64\dcgmncypccdv.exe
2014-08-17 19:53 . 2014-08-17 21:13 -------- d-----w- c:\users\Jan\AppData\Roaming\Dropbox
2014-08-17 19:51 . 2014-08-17 19:51 -------- d-----w- c:\users\Jan\AppData\Roaming\AVAST Software
2014-08-17 19:49 . 2014-08-17 19:49 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-17 19:49 . 2014-08-17 19:49 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-17 19:49 . 2014-08-17 19:50 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-17 19:49 . 2014-08-17 19:49 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-17 19:49 . 2014-08-17 19:49 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-17 19:49 . 2014-08-17 19:49 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-17 19:49 . 2014-08-17 19:49 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-17 19:49 . 2014-08-17 19:49 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-17 19:49 . 2014-08-17 19:49 43152 ----a-w- c:\windows\avastSS.scr
2014-08-17 19:46 . 2014-08-17 19:46 -------- d-----w- c:\program files\AVAST Software
2014-08-17 19:45 . 2014-08-17 19:46 -------- d-----w- c:\programdata\AVAST Software
2014-08-17 19:34 . 2014-08-17 19:34 -------- d-----w- c:\programdata\AVG
2014-08-17 13:16 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-17 08:51 . 2014-08-17 16:54 -------- d-----w- c:\users\Jan\AppData\Roaming\XBMC
2014-08-17 08:49 . 2014-08-17 08:50 -------- d-----w- c:\program files (x86)\XBMC
2014-08-16 09:55 . 2014-08-16 09:55 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 20:58 . 2014-08-16 16:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-08-15 20:49 . 2014-08-15 20:49 -------- d-----w- c:\program files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 20:42 . 2014-08-16 17:31 -------- d-----w- c:\program files (x86)\Company
2014-08-15 11:37 . 2014-08-15 11:37 -------- d-----w- c:\program files (x86)\EZCast
2014-08-14 20:56 . 2014-08-14 21:02 -------- d-----w- C:\The KMPlayer
2014-08-13 17:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:37 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:37 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 17:24 . 2014-05-02 23:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FB89873-3AEB-4172-AB49-72470FAC986F}\gapaengine.dll
2014-08-13 15:25 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 15:25 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 15:25 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 15:25 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 15:25 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 15:23 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 15:23 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 15:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 15:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 09:18 . 2014-08-14 15:07 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2014-08-11 15:24 . 2014-08-11 15:24 87040 ----a-w- c:\windows\SysWow64\GameLauncher_x64.exe
2014-08-11 14:30 . 2014-08-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\CIGLER SOFTWARE
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- C:\DreamWorldCache
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- c:\users\Jan\AppData\Local\Funcom
2014-08-08 17:20 . 2014-08-15 11:37 -------- d-----w- c:\programdata\EZDisplay
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 12:53 . 2014-08-14 15:49 -------- d-----w- c:\programdata\FreshApp installer
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Packages
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\programdata\a60376ee488b6b69
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\NeroMediaHomeUser.4
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\HomeGroupUser$
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Guest
2014-08-01 07:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:05 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 07:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 16:23 . 2011-10-29 08:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-31 10:28 . 2014-07-31 10:29 -------- d-----w- c:\users\Jan\AppData\Local\Sundance
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Roaming\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Local\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\programdata\HighAndes
2014-07-28 14:37 . 2014-07-28 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 14:36 . 2009-10-20 16:00 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-07-28 14:35 . 2014-07-28 14:35 -------- d-----w- c:\program files (x86)\HighCriteria
2014-07-28 11:56 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A1A.tmp
2014-07-28 11:56 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A19.tmp
2014-07-28 11:49 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54BF.tmp
2014-07-28 11:49 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54AF.tmp
2014-07-28 11:28 . 2014-07-28 11:28 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-28 09:25 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
2014-07-27 20:00 . 2014-07-27 20:08 -------- d-----w- c:\program files (x86)\Xilisoft
2014-07-27 20:00 . 2014-07-27 20:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Xilisoft
2014-07-27 16:38 . 2014-07-27 16:38 -------- d-----w- c:\users\Jan\AppData\Roaming\dlg
2014-07-26 16:52 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-26 15:17 . 2014-08-14 15:49 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-23 11:20 . 2014-07-23 11:20 -------- d-----w- c:\users\Jan\AppData\Roaming\The Bat!
2014-07-21 12:09 . 2014-07-28 09:47 -------- d-----w- c:\program files (x86)\FastShare
2014-07-20 12:37 . 2014-07-20 12:37 -------- d-----w- c:\programdata\NetSoftware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 21:09 . 2012-04-02 21:43 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-17 21:09 . 2011-07-09 08:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-17 19:49 . 2013-04-02 20:38 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-16 09:54 . 2014-06-19 11:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:43 . 2012-01-19 21:08 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 02:18 . 2014-07-09 06:26 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:26 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:26 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:26 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:25 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-04 14:42 . 2014-06-04 14:42 2162992 ----a-w- c:\windows\system32\YamahaAE.dll
2014-06-04 14:42 . 2014-06-04 14:42 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2117424 ----a-w- c:\windows\system32\SStudio.dll
2014-06-04 14:42 . 2014-06-04 14:42 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-06-04 14:42 . 2014-06-04 14:42 246008 ----a-w- c:\windows\system32\slprp64.dll
2014-06-04 14:42 . 2014-06-04 14:42 889592 ----a-w- c:\windows\system32\sl3apo64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1048824 ----a-w- c:\windows\system32\slcnt64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-04 14:42 . 2014-06-04 14:42 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-04 14:42 . 2014-06-04 14:42 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-04 14:42 . 2014-06-04 14:42 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-06-04 14:42 . 2014-06-04 14:42 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-04 14:42 . 2014-06-04 14:42 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-04 14:42 . 2014-06-04 14:42 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-04 14:42 . 2014-06-04 14:42 5751048 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-04 14:42 . 2014-06-04 14:42 956504 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-04 14:42 . 2014-06-04 14:42 12894808 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-04 14:42 . 2014-06-04 14:42 3959384 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-06-04 14:42 . 2014-06-04 14:42 28343384 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-04 14:42 . 2014-06-04 14:42 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-04 14:42 . 2014-06-04 14:41 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-04 14:41 . 2014-06-04 14:41 900696 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-04 14:41 . 2014-06-04 14:41 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-04 14:41 . 2014-06-04 14:41 291488 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2014-06-04 14:41 . 2014-06-04 14:41 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-06-04 14:41 . 2014-06-04 14:41 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 33592 ----a-w- c:\windows\system32\audioLibVc.dll
2014-05-30 08:08 . 2014-07-09 06:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 06:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 06:26 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 06:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 06:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 06:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 06:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 06:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 06:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 06:26 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 06:26 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 06:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 06:26 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 06:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 06:26 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 07:25 . 2014-05-29 07:25 911360 ----a-w- C:\MRDownloader.exe
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nezapomen"="c:\program files (x86)\Nezapomen\nezapomen.exe" [2001-06-30 457216]
"f.lux"="c:\users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe" [2004-01-12 241664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX218 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE" [2009-09-14 224768]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-09-20 7801088]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105328]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-17 4085896]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncypccdvSrv"="c:\windows\system32\mncypccdv.vbe" [2014-03-05 7670]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2014-3-21 399360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslf8fa4416;MpKslf8fa4416;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC44EFDC-8434-4BD1-B2CF-FF79CE931768}\MpKslf8fa4416.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC44EFDC-8434-4BD1-B2CF-FF79CE931768}\MpKslf8fa4416.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 PQAWRwa;PQAWRwa; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys;c:\windows\SYSNATIVE\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B28B3C1-3E43-BDE6-615C-9887EF5347D8}]
c:\program files (x86)\Adblocker\gsuIkDe5y.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F804824F-C6B7-88B3-63F3-0CAF79595B6C}]
c:\program files (x86)\priccechoop\YbNEY7B.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-17 19:49 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-16 02:37 23496 ----a-w- c:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-04 13672152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-08-21 519504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-05-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-05-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-05-15 442352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/1start.roboform.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsažené FLV video - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{44BB3BD4-AFCE-49BE-82BE-3ED2C532F40E}\14E64627F69646: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
AddRemove-optimizer_chrome - c:\users\Jan\AppData\Roaming\IDM\bin\chrome_uninstaller.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="6711127C6FC716B7344155D2314E67B95738C2BFB9613E3F05E0F4E8CDA8C0EC8347B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C3EE566995867039832E8B0E6F47BC90A946AB14C9E261FABE6F812523D4621EF6EDAA01EA40C4EB28632701F23BCADC875E8027B295107D758750B5CF75A26042068BDFCE73733F1164DA98F37A3980AFC5D2AF3ED8E7B9BB87D643CCFBE3E48870FD77FE1509ABCCE127AFEF8FB4642F294E69A5CAC291A46711D14FCEAA626FDE54FA73395F1EA416A436C90E771D741EC3B0948533DE4E4C577BA9C2A9E818094C9A8DF1428CCA5552A068E5A5E26F859EC8C697C6B061D037DBAAD1B692EAF592E685332B32354E39832641D51FA4AE186A7DAF3E9F71A4577511530CEF4D105A8835AA58B25CBBC3A89E8CD939A0D22D50F9BDD732B2CBBF4F11CAF1A934DFBA9C926FAADFAAD1B80D5D4DB73BC3CC7ECAC0FAE468347AB4AC3EE359BBA30B965BECB919AC4BFCBA19A490D430A7817231E7D30255A036D8D201DAF2610ACC9D319451ED592ECB1968AC6F857A381E791B41101D7F99B6D9A161C6112AA95CDB1C4EF27E86CC1429C10B58D8A9C41A49675DA9227A3F1AB90E8C2613B99657B7EE08C89604A700AB3C4DD0B39F9BF4D539ACCA9E20A87BBD10ECF99015EB71B7D42C0F44D9BCF2521FB6E8646B8AE75AF123EE15E5685460730E149C5EACE0CB86F966C434258C6EEB97A6816485F42D4FB6B276E25B88899AD7E05F22B0F3DFBA3FBC75C14A9B5EAB5F76D938849F0312FF3BC6E048FD1B91A8C3174FA0135D5CF40B4345A044B245C42A72CD3855077B4DAB7BE799F87DA3BD888392CD18C9C161A306BD4CE76F0CE16F95173D5C31CC90701BEFC9FA0338C151C330351F1E74FA31028B391386B61181E77A79BC25BDFC35858796AA93D3BD5CBDC38F5A4920559FA901E7DA76F9CCBA01B22DD57B19DC14E73CF02C23A2A91D0B0F8D9FABCF79B6CD32E62EF1EBC1EE1368AC7A162DB134881548921AC6F25B42D67365F4C1C32362070B64EDC32DC984E7BA7D57228AF81F2CEC88C5A57D1D6D8976E4DE898C4792C699316D5A2B9CA660572B9AD43F385BEFAAB6050DEBBE9B79307D57DC86030AF0D382B74E64A570829BB2A21A39D396109420F5C39EBF359D52820BB3C78A46746850B6A090B6EC25F40141F73504F561CBF1B92CBCCCF4952A0E396B6E0F793F281C12D4BD9932713DFFDBC0E9453234EFC1DC9B2B1AD9E6DDE6F47AE531CF9645672F6A1F722CAA21BFB5607D4A24D2A75C19C3CCB0F6F7E7A23C8D16D5AE2625352C3360D44C7619B3B88A3616FDFB0C948E9E8364BD6D32975DB7DB0CE1A25672D546223"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2014-08-18 13:24:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-18 11:24
ComboFix2.txt 2014-08-17 18:48
.
Před spuštěním: Volných bajtů: 405 952 290 816
Po spuštění: Volných bajtů: 405 197 893 632
.
- - End Of File - - 0F4D5602FB75FD621DA5311020DA7524
A36C5E4F47E84449FF07ED3517B43A31
Re: prosím o preventivní kontrolu
Jeste jeden CFScript.txt, postup stejny
Kód: Vybrat vše
KillAll::
Collect::
c:\windows\inf\msstp.vbe
c:\windows\system32\mncypccdv.vbe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MSStp"=-
"mncypccdvSrv"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F804824F-C6B7-88B3-63F3-0CAF79595B6C}]
Driver::
Lavasoft Kernexplorer
Folder::
c:\program files (x86)\priccechoop
DDS::
uStart Page = hxxp:/1start.roboform.com
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
Reboot::
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
elzad
Re: prosím o preventivní kontrolu
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/19/2014 04:29:39 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\PrintCtrl.exe (PID: 3852) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 08/19/2014 04:32:22 PM
Execution time: 0 hours(s), 2 minute(s), and 42 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/19/2014 04:29:39 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\PrintCtrl.exe (PID: 3852) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 08/19/2014 04:32:22 PM
Execution time: 0 hours(s), 2 minute(s), and 42 seconds(s)
Re: prosím o preventivní kontrolu
Jeste ten ComboFix se skriptem co jsem psal ted...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
elzad
Re: prosím o preventivní kontrolu
ComboFix 14-08-19.01 - Jan 20.08.2014 10:33:13.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4008.1753 [GMT 2:00]
Spuštěný z: c:\users\Jan\Downloads\Programs\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jan\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-20 do 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-20 08:40 . 2014-08-20 08:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-20 08:40 . 2014-08-20 08:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-19 21:12 . 2014-08-19 21:12 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-19 21:12 . 2014-08-19 21:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-19 21:12 . 2014-08-19 21:12 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-19 21:12 . 2014-08-19 21:12 189352 ----a-w- c:\windows\system32\java.exe
2014-08-19 21:09 . 2014-08-19 21:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-19 21:08 . 2014-08-19 21:08 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-19 21:08 . 2014-08-19 21:08 -------- d-----w- c:\program files (x86)\Java
2014-08-19 09:04 . 2014-08-07 08:59 11319200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E59C47-BC39-4D8A-937E-77BDF20C357A}\mpengine.dll
2014-08-18 09:04 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-17 20:10 . 2013-12-09 23:30 10236928 --s-a-w- c:\windows\SysWow64\acumncypccdv.exe
2014-08-17 20:10 . 2013-10-26 19:30 972814 --s-a-w- c:\windows\SysWow64\dcgmncypccdv.exe
2014-08-17 19:53 . 2014-08-17 21:13 -------- d-----w- c:\users\Jan\AppData\Roaming\Dropbox
2014-08-17 19:51 . 2014-08-17 19:51 -------- d-----w- c:\users\Jan\AppData\Roaming\AVAST Software
2014-08-17 19:49 . 2014-08-17 19:49 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-17 19:49 . 2014-08-17 19:49 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-17 19:49 . 2014-08-17 19:50 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-17 19:49 . 2014-08-17 19:49 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-17 19:49 . 2014-08-17 19:49 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-17 19:49 . 2014-08-17 19:49 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-17 19:49 . 2014-08-17 19:49 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-17 19:49 . 2014-08-17 19:49 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-17 19:49 . 2014-08-17 19:49 43152 ----a-w- c:\windows\avastSS.scr
2014-08-17 19:46 . 2014-08-17 19:46 -------- d-----w- c:\program files\AVAST Software
2014-08-17 19:45 . 2014-08-17 19:46 -------- d-----w- c:\programdata\AVAST Software
2014-08-17 19:34 . 2014-08-17 19:34 -------- d-----w- c:\programdata\AVG
2014-08-17 08:51 . 2014-08-18 12:31 -------- d-----w- c:\users\Jan\AppData\Roaming\XBMC
2014-08-17 08:49 . 2014-08-17 08:50 -------- d-----w- c:\program files (x86)\XBMC
2014-08-16 09:55 . 2014-08-16 09:55 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 20:58 . 2014-08-16 16:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-08-15 20:49 . 2014-08-15 20:49 -------- d-----w- c:\program files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 20:42 . 2014-08-16 17:31 -------- d-----w- c:\program files (x86)\Company
2014-08-15 11:37 . 2014-08-15 11:37 -------- d-----w- c:\program files (x86)\EZCast
2014-08-14 20:56 . 2014-08-14 21:02 -------- d-----w- C:\The KMPlayer
2014-08-13 17:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:37 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:37 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 17:24 . 2014-05-02 23:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FB89873-3AEB-4172-AB49-72470FAC986F}\gapaengine.dll
2014-08-13 15:25 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 15:25 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 15:25 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 15:25 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 15:25 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 15:23 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 15:23 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 15:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 15:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 09:18 . 2014-08-19 13:00 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2014-08-11 15:24 . 2014-08-11 15:24 87040 ----a-w- c:\windows\SysWow64\GameLauncher_x64.exe
2014-08-11 14:30 . 2014-08-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\CIGLER SOFTWARE
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- C:\DreamWorldCache
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- c:\users\Jan\AppData\Local\Funcom
2014-08-08 17:20 . 2014-08-15 11:37 -------- d-----w- c:\programdata\EZDisplay
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 12:53 . 2014-08-14 15:49 -------- d-----w- c:\programdata\FreshApp installer
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Packages
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\programdata\a60376ee488b6b69
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\NeroMediaHomeUser.4
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\HomeGroupUser$
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Guest
2014-08-01 07:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:05 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 07:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 16:23 . 2011-10-29 08:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-31 10:28 . 2014-07-31 10:29 -------- d-----w- c:\users\Jan\AppData\Local\Sundance
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Roaming\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Local\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\programdata\HighAndes
2014-07-28 14:37 . 2014-07-28 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 14:36 . 2009-10-20 16:00 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-07-28 14:35 . 2014-07-28 14:35 -------- d-----w- c:\program files (x86)\HighCriteria
2014-07-28 11:56 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A1A.tmp
2014-07-28 11:56 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A19.tmp
2014-07-28 11:49 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54BF.tmp
2014-07-28 11:49 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54AF.tmp
2014-07-28 11:28 . 2014-07-28 11:28 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-28 09:25 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
2014-07-27 20:00 . 2014-07-27 20:08 -------- d-----w- c:\program files (x86)\Xilisoft
2014-07-27 20:00 . 2014-07-27 20:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Xilisoft
2014-07-27 16:38 . 2014-07-27 16:38 -------- d-----w- c:\users\Jan\AppData\Roaming\dlg
2014-07-26 16:52 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-26 15:17 . 2014-08-14 15:49 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-23 11:20 . 2014-07-23 11:20 -------- d-----w- c:\users\Jan\AppData\Roaming\The Bat!
2014-07-21 12:09 . 2014-07-28 09:47 -------- d-----w- c:\program files (x86)\FastShare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 20:52 . 2011-03-28 16:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-17 21:09 . 2012-04-02 21:43 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-17 21:09 . 2011-07-09 08:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-17 19:49 . 2013-04-02 20:38 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-16 09:54 . 2014-06-19 11:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:43 . 2012-01-19 21:08 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 02:18 . 2014-07-09 06:26 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:26 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:26 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:26 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:25 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-04 14:42 . 2014-06-04 14:42 2162992 ----a-w- c:\windows\system32\YamahaAE.dll
2014-06-04 14:42 . 2014-06-04 14:42 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2117424 ----a-w- c:\windows\system32\SStudio.dll
2014-06-04 14:42 . 2014-06-04 14:42 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-06-04 14:42 . 2014-06-04 14:42 246008 ----a-w- c:\windows\system32\slprp64.dll
2014-06-04 14:42 . 2014-06-04 14:42 889592 ----a-w- c:\windows\system32\sl3apo64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1048824 ----a-w- c:\windows\system32\slcnt64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-04 14:42 . 2014-06-04 14:42 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-04 14:42 . 2014-06-04 14:42 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-04 14:42 . 2014-06-04 14:42 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-06-04 14:42 . 2014-06-04 14:42 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-04 14:42 . 2014-06-04 14:42 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-04 14:42 . 2014-06-04 14:42 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-04 14:42 . 2014-06-04 14:42 5751048 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-04 14:42 . 2014-06-04 14:42 956504 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-04 14:42 . 2014-06-04 14:42 12894808 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-04 14:42 . 2014-06-04 14:42 3959384 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-06-04 14:42 . 2014-06-04 14:42 28343384 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-04 14:42 . 2014-06-04 14:42 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-04 14:42 . 2014-06-04 14:41 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-04 14:41 . 2014-06-04 14:41 900696 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-04 14:41 . 2014-06-04 14:41 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-04 14:41 . 2014-06-04 14:41 291488 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2014-06-04 14:41 . 2014-06-04 14:41 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-06-04 14:41 . 2014-06-04 14:41 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 33592 ----a-w- c:\windows\system32\audioLibVc.dll
2014-05-30 08:08 . 2014-07-09 06:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 06:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 06:26 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 06:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 06:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 06:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 06:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 06:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 06:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 06:26 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 06:26 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 06:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 06:26 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 06:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 06:26 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 07:25 . 2014-05-29 07:25 911360 ----a-w- C:\MRDownloader.exe
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nezapomen"="c:\program files (x86)\Nezapomen\nezapomen.exe" [2001-06-30 457216]
"f.lux"="c:\users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe" [2004-01-12 241664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX218 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE" [2009-09-14 224768]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-09-20 7801088]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105328]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-17 4085896]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2014-3-21 399360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PQAWRwa;PQAWRwa; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys;c:\windows\SYSNATIVE\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B28B3C1-3E43-BDE6-615C-9887EF5347D8}]
c:\program files (x86)\Adblocker\gsuIkDe5y.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F804824F-C6B7-88B3-63F3-0CAF79595B6C}]
c:\program files (x86)\priccechoop\YbNEY7B.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-17 19:49 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-16 02:37 23496 ----a-w- c:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-04 13672152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-08-21 519504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-05-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-05-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-05-15 442352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/1start.roboform.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsažené FLV video - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{44BB3BD4-AFCE-49BE-82BE-3ED2C532F40E}\14E64627F69646: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="6711127C6FC716B7344155D2314E67B95738C2BFB9613E3F05E0F4E8CDA8C0EC8347B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C3EE566995867039832E8B0E6F47BC90A946AB14C9E261FABE6F812523D4621EF6EDAA01EA40C4EB28632701F23BCADC875E8027B295107D758750B5CF75A26042068BDFCE73733F1164DA98F37A3980AFC5D2AF3ED8E7B9BB87D643CCFBE3E48870FD77FE1509ABCCE127AFEF8FB4642F294E69A5CAC291A46711D14FCEAA626FDE54FA73395F1EA416A436C90E771D741EC3B0948533DE4E4C577BA9C2A9E818094C9A8DF1428CCA5552A068E5A5E26F859EC8C697C6B061D037DBAAD1B692EAF592E685332B32354E39832641D51FA4AE186A7DAF3E9F71A4577511530CEF4D105A8835AA58B25CBBC3A89E8CD939A0D22D50F9BDD732B2CBBF4F11CAF1A934DFBA9C926FAADFAAD1B80D5D4DB73BC3CC7ECAC0FAE468347AB4AC3EE359BBA30B965BECB919AC4BFCBA19A490D430A7817231E7D30255A036D8D201DAF2610ACC9D319451ED592ECB1968AC6F857A381E791B41101D7F99B6D9A161C6112AA95CDB1C4EF27E86CC1429C10B58D8A9C41A49675DA9227A3F1AB90E8C2613B99657B7EE08C89604A700AB3C4DD0B39F9BF4D539ACCA9E20A87BBD10ECF99015EB71B7D42C0F44D9BCF2521FB6E8646B8AE75AF123EE15E5685460730E149C5EACE0CB86F966C434258C6EEB97A6816485F42D4FB6B276E25B88899AD7E05F22B0F3DFBA3FBC75C14A9B5EAB5F76D938849F0312FF3BC6E048FD1B91A8C3174FA0135D5CF40B4345A044B245C42A72CD3855077B4DAB7BE799F87DA3BD888392CD18C9C161A306BD4CE76F0CE16F95173D5C31CC90701BEFC9FA0338C151C330351F1E74FA31028B391386B61181E77A79BC25BDFC35858796AA93D3BD5CBDC38F5A4920559FA901E7DA76F9CCBA01B22DD57B19DC14E73CF02C23A2A91D0B0F8D9FABCF79B6CD32E62EF1EBC1EE1368AC7A162DB134881548921AC6F25B42D67365F4C1C32362070B64EDC32DC984E7BA7D57228AF81F2CEC88C5A57D1D6D8976E4DE898C4792C699316D5A2B9CA660572B9AD43F385BEFAAB6050DEBBE9B79307D57DC86030AF0D382B74E64A570829BB2A21A39D396109420F5C39EBF359D52820BB3C78A46746850B6A090B6EC25F40141F73504F561CBF1B92CBCCCF4952A0E396B6E0F793F281C12D4BD9932713DFFDBC0E9453234EFC1DC9B2B1AD9E6DDE6F47AE531CF9645672F6A1F722CAA21BFB5607D4A24D2A75C19C3CCB0F6F7E7A23C8D16D5AE2625352C3360D44C7619B3B88A3616FDFB0C948E9E8364BD6D32975DB7DB0CE1A25672D546223"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2014-08-20 10:43:26
ComboFix-quarantined-files.txt 2014-08-20 08:43
ComboFix2.txt 2014-08-20 08:25
ComboFix3.txt 2014-08-18 11:25
ComboFix4.txt 2014-08-17 18:48
.
Před spuštěním: Volných bajtů: 405 499 539 456
Po spuštění: Volných bajtů: 405 152 174 080
.
- - End Of File - - AA3E006CF6BE2442D045C6BBAA006B46
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4008.1753 [GMT 2:00]
Spuštěný z: c:\users\Jan\Downloads\Programs\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jan\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-20 do 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-20 08:40 . 2014-08-20 08:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-20 08:40 . 2014-08-20 08:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-19 21:12 . 2014-08-19 21:12 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-19 21:12 . 2014-08-19 21:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-19 21:12 . 2014-08-19 21:12 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-19 21:12 . 2014-08-19 21:12 189352 ----a-w- c:\windows\system32\java.exe
2014-08-19 21:09 . 2014-08-19 21:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-19 21:08 . 2014-08-19 21:08 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-19 21:08 . 2014-08-19 21:08 -------- d-----w- c:\program files (x86)\Java
2014-08-19 09:04 . 2014-08-07 08:59 11319200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E59C47-BC39-4D8A-937E-77BDF20C357A}\mpengine.dll
2014-08-18 09:04 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-17 20:10 . 2013-12-09 23:30 10236928 --s-a-w- c:\windows\SysWow64\acumncypccdv.exe
2014-08-17 20:10 . 2013-10-26 19:30 972814 --s-a-w- c:\windows\SysWow64\dcgmncypccdv.exe
2014-08-17 19:53 . 2014-08-17 21:13 -------- d-----w- c:\users\Jan\AppData\Roaming\Dropbox
2014-08-17 19:51 . 2014-08-17 19:51 -------- d-----w- c:\users\Jan\AppData\Roaming\AVAST Software
2014-08-17 19:49 . 2014-08-17 19:49 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-17 19:49 . 2014-08-17 19:49 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-17 19:49 . 2014-08-17 19:50 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-17 19:49 . 2014-08-17 19:49 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-17 19:49 . 2014-08-17 19:49 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-17 19:49 . 2014-08-17 19:49 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-17 19:49 . 2014-08-17 19:49 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-17 19:49 . 2014-08-17 19:49 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-17 19:49 . 2014-08-17 19:49 43152 ----a-w- c:\windows\avastSS.scr
2014-08-17 19:46 . 2014-08-17 19:46 -------- d-----w- c:\program files\AVAST Software
2014-08-17 19:45 . 2014-08-17 19:46 -------- d-----w- c:\programdata\AVAST Software
2014-08-17 19:34 . 2014-08-17 19:34 -------- d-----w- c:\programdata\AVG
2014-08-17 08:51 . 2014-08-18 12:31 -------- d-----w- c:\users\Jan\AppData\Roaming\XBMC
2014-08-17 08:49 . 2014-08-17 08:50 -------- d-----w- c:\program files (x86)\XBMC
2014-08-16 09:55 . 2014-08-16 09:55 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 20:58 . 2014-08-16 16:49 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-08-15 20:49 . 2014-08-15 20:49 -------- d-----w- c:\program files (x86)\IDM.v 6. xx.release.3- patch crack keygen
2014-08-15 20:42 . 2014-08-16 17:31 -------- d-----w- c:\program files (x86)\Company
2014-08-15 11:37 . 2014-08-15 11:37 -------- d-----w- c:\program files (x86)\EZCast
2014-08-14 20:56 . 2014-08-14 21:02 -------- d-----w- C:\The KMPlayer
2014-08-13 17:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:37 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:37 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 17:24 . 2014-05-02 23:08 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FB89873-3AEB-4172-AB49-72470FAC986F}\gapaengine.dll
2014-08-13 15:25 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 15:25 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 15:25 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 15:25 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 15:25 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 15:25 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 15:23 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 15:23 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 15:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 15:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 09:18 . 2014-08-19 13:00 -------- d-----w- c:\users\Jan\AppData\Local\Adobe
2014-08-11 15:24 . 2014-08-11 15:24 87040 ----a-w- c:\windows\SysWow64\GameLauncher_x64.exe
2014-08-11 14:30 . 2014-08-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\CIGLER SOFTWARE
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- C:\DreamWorldCache
2014-08-10 15:27 . 2014-08-10 15:27 -------- d-----w- c:\users\Jan\AppData\Local\Funcom
2014-08-08 17:20 . 2014-08-15 11:37 -------- d-----w- c:\programdata\EZDisplay
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-04 12:53 . 2014-08-14 15:49 -------- d-----w- c:\programdata\FreshApp installer
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Packages
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\programdata\a60376ee488b6b69
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\NeroMediaHomeUser.4
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Jan\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\HomeGroupUser$
2014-08-04 12:52 . 2014-08-04 12:52 -------- d-----w- c:\users\Guest
2014-08-01 07:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:06 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:06 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:05 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:05 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:05 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-01 07:05 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 16:23 . 2011-10-29 08:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-31 10:28 . 2014-07-31 10:29 -------- d-----w- c:\users\Jan\AppData\Local\Sundance
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Roaming\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\users\Jan\AppData\Local\HighAndes
2014-07-29 19:48 . 2014-07-29 19:48 -------- d-----w- c:\programdata\HighAndes
2014-07-28 14:37 . 2014-07-28 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\TotalRecorder
2014-07-28 14:36 . 2009-10-20 16:00 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2014-07-28 14:35 . 2014-07-28 14:35 -------- d-----w- c:\program files (x86)\HighCriteria
2014-07-28 11:56 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A1A.tmp
2014-07-28 11:56 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD7A19.tmp
2014-07-28 11:49 . 2012-06-23 16:19 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54BF.tmp
2014-07-28 11:49 . 2012-06-23 16:19 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\TBD54AF.tmp
2014-07-28 11:28 . 2014-07-28 11:28 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-28 09:25 . 2013-08-11 13:40 43520 --s-a-w- c:\windows\SysWow64\nircmdc.exe
2014-07-27 20:00 . 2014-07-27 20:08 -------- d-----w- c:\program files (x86)\Xilisoft
2014-07-27 20:00 . 2014-07-27 20:00 -------- d-----w- c:\users\Jan\AppData\Roaming\Xilisoft
2014-07-27 16:38 . 2014-07-27 16:38 -------- d-----w- c:\users\Jan\AppData\Roaming\dlg
2014-07-26 16:52 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-26 15:17 . 2014-08-14 15:49 -------- d-----w- c:\programdata\YTD Video Downloader
2014-07-23 11:20 . 2014-07-23 11:20 -------- d-----w- c:\users\Jan\AppData\Roaming\The Bat!
2014-07-21 12:09 . 2014-07-28 09:47 -------- d-----w- c:\program files (x86)\FastShare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 20:52 . 2011-03-28 16:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-17 21:09 . 2012-04-02 21:43 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-17 21:09 . 2011-07-09 08:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-17 19:49 . 2013-04-02 20:38 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-16 09:54 . 2014-06-19 11:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:43 . 2012-01-19 21:08 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 02:18 . 2014-07-09 06:26 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:26 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:26 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:26 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:25 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-04 14:42 . 2014-06-04 14:42 2162992 ----a-w- c:\windows\system32\YamahaAE.dll
2014-06-04 14:42 . 2014-06-04 14:42 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2117424 ----a-w- c:\windows\system32\SStudio.dll
2014-06-04 14:42 . 2014-06-04 14:42 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-06-04 14:42 . 2014-06-04 14:42 246008 ----a-w- c:\windows\system32\slprp64.dll
2014-06-04 14:42 . 2014-06-04 14:42 889592 ----a-w- c:\windows\system32\sl3apo64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1048824 ----a-w- c:\windows\system32\slcnt64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-04 14:42 . 2014-06-04 14:42 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-04 14:42 . 2014-06-04 14:42 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-04 14:42 . 2014-06-04 14:42 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-06-04 14:42 . 2014-06-04 14:42 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-04 14:42 . 2014-06-04 14:42 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-04 14:42 . 2014-06-04 14:42 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-04 14:42 . 2014-06-04 14:42 5751048 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-04 14:42 . 2014-06-04 14:42 956504 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-04 14:42 . 2014-06-04 14:42 12894808 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-04 14:42 . 2014-06-04 14:42 3959384 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-06-04 14:42 . 2014-06-04 14:42 28343384 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-04 14:42 . 2014-06-04 14:42 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-04 14:42 . 2014-06-04 14:42 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-04 14:42 . 2014-06-04 14:42 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-04 14:42 . 2014-06-04 14:41 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-04 14:41 . 2014-06-04 14:41 900696 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-04 14:41 . 2014-06-04 14:41 1317976 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1168472 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-04 14:41 . 2014-06-04 14:41 1136728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-04 14:41 . 2014-06-04 14:41 291488 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2014-06-04 14:41 . 2014-06-04 14:41 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-06-04 14:41 . 2014-06-04 14:41 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-06-04 14:41 . 2014-06-04 14:41 33592 ----a-w- c:\windows\system32\audioLibVc.dll
2014-05-30 08:08 . 2014-07-09 06:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 06:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 06:26 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 06:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 06:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 06:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 06:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 06:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 06:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 06:26 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 06:26 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 06:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 06:26 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 06:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 06:26 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 07:25 . 2014-05-29 07:25 911360 ----a-w- C:\MRDownloader.exe
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nezapomen"="c:\program files (x86)\Nezapomen\nezapomen.exe" [2001-06-30 457216]
"f.lux"="c:\users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.1.1\dstix.exe" [2004-01-12 241664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX218 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE" [2009-09-14 224768]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-09-20 7801088]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1105328]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-17 4085896]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2014-3-21 399360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PQAWRwa;PQAWRwa; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys;c:\windows\SYSNATIVE\drivers\TotRec7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B28B3C1-3E43-BDE6-615C-9887EF5347D8}]
c:\program files (x86)\Adblocker\gsuIkDe5y.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F804824F-C6B7-88B3-63F3-0CAF79595B6C}]
c:\program files (x86)\priccechoop\YbNEY7B.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-17 19:49 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-23 08:16 2827128 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-16 02:37 23496 ----a-w- c:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-04 13672152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-08-21 519504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-05-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-05-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-05-15 442352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/1start.roboform.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ikona RoboForm na liště úloh - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přizpůsobit Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsažené FLV video - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Uložit formuláře - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Vyplnit formulář - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{44BB3BD4-AFCE-49BE-82BE-3ED2C532F40E}\14E64627F69646: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\diyx8kvd.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="6711127C6FC716B7344155D2314E67B95738C2BFB9613E3F05E0F4E8CDA8C0EC8347B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C3EE566995867039832E8B0E6F47BC90A946AB14C9E261FABE6F812523D4621EF6EDAA01EA40C4EB28632701F23BCADC875E8027B295107D758750B5CF75A26042068BDFCE73733F1164DA98F37A3980AFC5D2AF3ED8E7B9BB87D643CCFBE3E48870FD77FE1509ABCCE127AFEF8FB4642F294E69A5CAC291A46711D14FCEAA626FDE54FA73395F1EA416A436C90E771D741EC3B0948533DE4E4C577BA9C2A9E818094C9A8DF1428CCA5552A068E5A5E26F859EC8C697C6B061D037DBAAD1B692EAF592E685332B32354E39832641D51FA4AE186A7DAF3E9F71A4577511530CEF4D105A8835AA58B25CBBC3A89E8CD939A0D22D50F9BDD732B2CBBF4F11CAF1A934DFBA9C926FAADFAAD1B80D5D4DB73BC3CC7ECAC0FAE468347AB4AC3EE359BBA30B965BECB919AC4BFCBA19A490D430A7817231E7D30255A036D8D201DAF2610ACC9D319451ED592ECB1968AC6F857A381E791B41101D7F99B6D9A161C6112AA95CDB1C4EF27E86CC1429C10B58D8A9C41A49675DA9227A3F1AB90E8C2613B99657B7EE08C89604A700AB3C4DD0B39F9BF4D539ACCA9E20A87BBD10ECF99015EB71B7D42C0F44D9BCF2521FB6E8646B8AE75AF123EE15E5685460730E149C5EACE0CB86F966C434258C6EEB97A6816485F42D4FB6B276E25B88899AD7E05F22B0F3DFBA3FBC75C14A9B5EAB5F76D938849F0312FF3BC6E048FD1B91A8C3174FA0135D5CF40B4345A044B245C42A72CD3855077B4DAB7BE799F87DA3BD888392CD18C9C161A306BD4CE76F0CE16F95173D5C31CC90701BEFC9FA0338C151C330351F1E74FA31028B391386B61181E77A79BC25BDFC35858796AA93D3BD5CBDC38F5A4920559FA901E7DA76F9CCBA01B22DD57B19DC14E73CF02C23A2A91D0B0F8D9FABCF79B6CD32E62EF1EBC1EE1368AC7A162DB134881548921AC6F25B42D67365F4C1C32362070B64EDC32DC984E7BA7D57228AF81F2CEC88C5A57D1D6D8976E4DE898C4792C699316D5A2B9CA660572B9AD43F385BEFAAB6050DEBBE9B79307D57DC86030AF0D382B74E64A570829BB2A21A39D396109420F5C39EBF359D52820BB3C78A46746850B6A090B6EC25F40141F73504F561CBF1B92CBCCCF4952A0E396B6E0F793F281C12D4BD9932713DFFDBC0E9453234EFC1DC9B2B1AD9E6DDE6F47AE531CF9645672F6A1F722CAA21BFB5607D4A24D2A75C19C3CCB0F6F7E7A23C8D16D5AE2625352C3360D44C7619B3B88A3616FDFB0C948E9E8364BD6D32975DB7DB0CE1A25672D546223"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2014-08-20 10:43:26
ComboFix-quarantined-files.txt 2014-08-20 08:43
ComboFix2.txt 2014-08-20 08:25
ComboFix3.txt 2014-08-18 11:25
ComboFix4.txt 2014-08-17 18:48
.
Před spuštěním: Volných bajtů: 405 499 539 456
Po spuštění: Volných bajtů: 405 152 174 080
.
- - End Of File - - AA3E006CF6BE2442D045C6BBAA006B46
A36C5E4F47E84449FF07ED3517B43A31
Re: prosím o preventivní kontrolu
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?