Prosím o preventivní kontrolu a případné vyčištění od havěti. Děkuji
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kamila at 2014-11-08 19:11:51
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 329 GB (69%) free of 476 GB
Total RAM: 1791 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:40, on 8.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\istis2\xfigsys2.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Kamila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hal3000.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [istis2] C:\istis2\xfigsys2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [removeiMeshdatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\SearchCore for Browsers"
O4 - HKLM\..\RunOnce: [removeiMeshtoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{7EF90~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{7EF90~1\reboot.ini
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\RunOnce: [ClearTemp] del C:\Users\Kamila\AppData\Local\Temp\yupdate.exe-{B1501D78-9948-4697-83EF-5730D9006FF0}
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Facebook Messenger.lnk = C:\Users\Kamila\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11293 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
taskeng.exe {417B1798-D98A-4585-B7B7-CB44F6602FA4}
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\PixArt\Pac7302\Monitor.exe"
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\istis2\xfigsys2.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
taskeng.exe {C50002EE-64E2-4BD8-9CF7-AB2F2082A6F8}
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\system32\UI0Detect.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2112.0.413511088\1109916525" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,16 --gpu-vendor-id=0x1002 --gpu-device-id=0x9616 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.710.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\AVAST Software\Avast\avastUi.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="2112.7.455483525\2135150349" /prefetch:673131151
"C:\ProgramData\HP Photo Creations\MessageCheck.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="2112.15.1530228811\69256960" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="2112.19.503694006\1571967603" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="2112.24.846061870\886539720" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2112.25.38617660\496774878" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="2112.29.1203777690\1507709210" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --channel="2112.33.1231030561\391839560" /prefetch:673131151
"C:\Users\Kamila\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HP Photo Creations Communicator.job - C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe "C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HpWebReg.exe" -model "HP Deskjet 2050 J510 series" -invitation yes -safelaunch
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-08 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-10-19 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-08 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-10-19 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-10-19 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-10-19 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 415256]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-10-15 39408]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-10-18 801816]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-23 30524000]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-30 6501656]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2013-10-18 801816]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ClearTemp"=del C:\Users\Kamila\AppData\Local\Temp\yupdate.exe-{B1501D78-9948-4697-83EF-5730D9006FF0} []
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe [2011-12-20 247968]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"istis2"=C:\istis2\xfigsys2.exe [2007-02-26 1095680]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-08 5225064]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"removeiMeshdatamngr"=cmd.exe /c RD /S /Q C:\Program Files (x86)\SearchCore for Browsers []
"removeiMeshtoolbar"=cmd.exe /c RD /S /Q C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar []
"InstallShieldSetup"=C:\PROGRA~2\INSTAL~1\{7EF90~1\setup.exe [2011-11-25 393216]
C:\Users\Kamila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\Kamila\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 271360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-08 19:11:52 ----D---- C:\Program Files\trend micro
2014-11-08 19:11:51 ----D---- C:\rsit
2014-11-08 18:24:02 ----SHD---- C:\Config.Msi
2014-11-08 18:22:00 ----D---- C:\Users\Kamila\AppData\Roaming\AVAST Software
2014-11-08 18:15:31 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-11-08 18:15:31 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-11-08 18:15:31 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-11-08 18:15:30 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-11-08 18:15:30 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-11-08 18:15:30 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-11-08 18:15:29 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-11-08 18:15:28 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-11-08 18:15:26 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2014-11-08 18:15:23 ----A---- C:\Windows\system32\aswBoot.exe
2014-11-08 18:15:14 ----A---- C:\Windows\avastSS.scr
2014-11-08 18:14:50 ----A---- C:\Windows\system32\drivers\aswNdisFlt.sys
2014-11-08 18:12:16 ----D---- C:\Program Files\AVAST Software
2014-11-08 18:10:53 ----D---- C:\ProgramData\AVAST Software
2014-11-08 12:04:45 ----D---- C:\Program Files\CCleaner
2014-11-06 19:46:31 ----D---- C:\ProgramData\Norton
2014-11-06 19:45:42 ----D---- C:\Users\Kamila\AppData\Roaming\Opera Software
2014-11-06 19:45:38 ----D---- C:\Users\Kamila\AppData\Roaming\Mozilla
2014-11-06 19:45:36 ----D---- C:\Users\Kamila\AppData\Roaming\Yandex
2014-11-06 19:45:23 ----HDC---- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-06 19:44:46 ----D---- C:\Users\Kamila\AppData\Roaming\ImperiaOnline
2014-10-31 15:18:22 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2014-10-31 15:17:44 ----D---- C:\ProgramData\Microsoft Help
2014-10-31 15:17:07 ----RHD---- C:\MSOCache
2014-10-24 16:00:02 ----D---- C:\Users\Kamila\AppData\Roaming\vlc
2014-10-24 15:58:08 ----D---- C:\Program Files (x86)\VideoLAN
2014-10-22 20:04:05 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-21 18:29:02 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\system32\KBDRU.DLL
2014-10-21 18:29:02 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-10-21 17:45:00 ----SD---- C:\Windows\system32\CompatTel
2014-10-20 21:13:53 ----A---- C:\Windows\system32\wmploc.DLL
2014-10-20 21:13:52 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-10-20 21:13:51 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-10-20 21:13:50 ----A---- C:\Windows\system32\wmp.dll
2014-10-20 21:06:34 ----A---- C:\Windows\system32\IEUDINIT.EXE
2014-10-20 20:56:22 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2014-10-20 20:56:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-20 20:56:16 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2014-10-20 20:56:16 ----A---- C:\Windows\SYSWOW64\msls31.dll
2014-10-20 20:56:16 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2014-10-20 20:56:16 ----A---- C:\Windows\system32\elshyph.dll
2014-10-20 20:56:15 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-20 20:56:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-20 20:56:15 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-20 20:56:15 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-20 20:56:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-20 20:56:14 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-20 20:56:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-20 20:56:14 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2014-10-20 20:56:14 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-20 20:56:14 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\wextract.exe
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\url.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\inseng.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-20 20:56:13 ----A---- C:\Windows\SYSWOW64\icardie.dll
2014-10-20 20:56:12 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2014-10-20 20:56:12 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-20 20:56:12 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-20 20:56:12 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-20 20:56:12 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2014-10-20 20:56:11 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2014-10-20 20:56:11 ----A---- C:\Windows\SYSWOW64\occache.dll
2014-10-20 20:56:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-20 20:56:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\mshta.exe
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2014-10-20 20:56:10 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-20 20:56:09 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2014-10-20 20:56:09 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2014-10-20 20:56:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-20 20:56:09 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2014-10-20 20:56:08 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-20 20:56:08 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-10-20 20:56:06 ----A---- C:\Windows\system32\jsIntl.dll
2014-10-20 20:56:05 ----A---- C:\Windows\system32\wininet.dll
2014-10-20 20:56:05 ----A---- C:\Windows\system32\urlmon.dll
2014-10-20 20:56:05 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-20 20:56:05 ----A---- C:\Windows\system32\msls31.dll
2014-10-20 20:56:04 ----A---- C:\Windows\system32\msrating.dll
2014-10-20 20:56:04 ----A---- C:\Windows\system32\msfeedssync.exe
2014-10-20 20:56:04 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-10-20 20:56:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-20 20:56:04 ----A---- C:\Windows\system32\iertutil.dll
2014-10-20 20:56:04 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-10-20 20:56:03 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-10-20 20:56:03 ----A---- C:\Windows\system32\mshtmler.dll
2014-10-20 20:56:03 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-20 20:56:03 ----A---- C:\Windows\system32\jscript9.dll
2014-10-20 20:56:03 ----A---- C:\Windows\system32\ieui.dll
2014-10-20 20:56:03 ----A---- C:\Windows\system32\iesysprep.dll
2014-10-20 20:56:02 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 20:56:02 ----A---- C:\Windows\system32\ieframe.dll
2014-10-20 20:56:02 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\url.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\iesetup.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\iernonce.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\ieapfltr.dat
2014-10-20 20:56:01 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-20 20:56:01 ----A---- C:\Windows\system32\icardie.dll
2014-10-20 20:56:01 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-20 20:56:00 ----A---- C:\Windows\system32\wextract.exe
2014-10-20 20:56:00 ----A---- C:\Windows\system32\webcheck.dll
2014-10-20 20:56:00 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-20 20:56:00 ----A---- C:\Windows\system32\licmgr10.dll
2014-10-20 20:56:00 ----A---- C:\Windows\system32\inseng.dll
2014-10-20 20:56:00 ----A---- C:\Windows\system32\iexpress.exe
2014-10-20 20:55:59 ----A---- C:\Windows\system32\vbscript.dll
2014-10-20 20:55:59 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-20 20:55:58 ----A---- C:\Windows\system32\pngfilt.dll
2014-10-20 20:55:58 ----A---- C:\Windows\system32\occache.dll
2014-10-20 20:55:58 ----A---- C:\Windows\system32\mshtml.dll
2014-10-20 20:55:58 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-20 20:55:57 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-20 20:55:57 ----A---- C:\Windows\system32\mshta.exe
2014-10-20 20:55:57 ----A---- C:\Windows\system32\jscript.dll
2014-10-20 20:55:57 ----A---- C:\Windows\system32\imgutil.dll
2014-10-20 20:55:57 ----A---- C:\Windows\system32\iepeers.dll
2014-10-20 20:55:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-20 20:55:57 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-20 20:55:57 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-20 19:45:20 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-10-20 19:45:20 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-10-20 19:33:58 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-10-20 19:33:57 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-10-20 19:33:57 ----A---- C:\Windows\system32\infocardapi.dll
2014-10-20 19:33:57 ----A---- C:\Windows\system32\icardagt.exe
2014-10-20 19:33:55 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-10-20 19:33:55 ----A---- C:\Windows\system32\icardres.dll
2014-10-20 19:33:29 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-10-20 19:33:29 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-10-20 18:35:12 ----D---- C:\ProgramData\LogMeIn
2014-10-20 18:29:24 ----A---- C:\Windows\system32\msieftp.dll
2014-10-20 18:29:23 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2014-10-20 18:29:22 ----A---- C:\Windows\system32\wwansvc.dll
2014-10-20 18:29:19 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-10-20 18:29:19 ----A---- C:\Windows\system32\usp10.dll
2014-10-20 18:29:05 ----A---- C:\Windows\system32\win32k.sys
2014-10-20 18:29:03 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-10-20 18:29:03 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-10-20 18:28:30 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2014-10-20 18:28:30 ----A---- C:\Windows\system32\WMPhoto.dll
2014-10-20 18:28:26 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-20 18:28:26 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-20 18:28:26 ----A---- C:\Windows\system32\mscorier.dll
2014-10-20 18:28:26 ----A---- C:\Windows\system32\dfshim.dll
2014-10-20 18:28:25 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-20 18:28:25 ----A---- C:\Windows\system32\mscories.dll
2014-10-20 18:28:23 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-10-20 18:28:23 ----A---- C:\Windows\system32\wer.dll
2014-10-20 18:28:22 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-10-20 18:28:22 ----A---- C:\Windows\system32\imagehlp.dll
2014-10-20 18:28:19 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-10-20 18:28:19 ----A---- C:\Windows\system32\drivers\netio.sys
2014-10-20 18:28:19 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-10-20 18:28:03 ----A---- C:\Windows\system32\msxml3.dll
2014-10-20 18:28:02 ----A---- C:\Windows\system32\msxml6.dll
2014-10-20 18:28:01 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-10-20 18:28:01 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-10-20 18:28:01 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-10-20 18:28:01 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-10-20 18:28:01 ----A---- C:\Windows\system32\msxml6r.dll
2014-10-20 18:28:01 ----A---- C:\Windows\system32\msxml3r.dll
2014-10-20 18:27:57 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-10-20 18:27:57 ----A---- C:\Windows\system32\d3d10warp.dll
2014-10-20 18:27:36 ----A---- C:\Windows\system32\drivers\portcls.sys
2014-10-20 18:27:36 ----A---- C:\Windows\system32\drivers\drmk.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-10-20 18:27:33 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-10-20 18:27:30 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-10-20 18:27:30 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-10-20 18:27:30 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-10-20 18:27:30 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-20 18:27:30 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-10-20 18:27:30 ----A---- C:\Windows\system32\RMActivate.exe
2014-10-20 18:27:29 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-10-20 18:27:29 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-10-20 18:27:29 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-10-20 18:27:29 ----A---- C:\Windows\system32\secproc_isv.dll
2014-10-20 18:27:29 ----A---- C:\Windows\system32\secproc.dll
2014-10-20 18:27:29 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-10-20 18:27:29 ----A---- C:\Windows\system32\msdrm.dll
2014-10-20 18:27:28 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-10-20 18:27:28 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-10-20 18:27:28 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-10-20 18:27:28 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-10-20 18:27:28 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-10-20 18:27:14 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-10-20 18:27:14 ----A---- C:\Windows\system32\osk.exe
2014-10-20 18:27:10 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-10-20 18:27:10 ----A---- C:\Windows\system32\qedit.dll
2014-10-20 18:27:07 ----A---- C:\Windows\system32\drivers\afd.sys
2014-10-20 18:27:05 ----A---- C:\Windows\system32\generaltel.dll
2014-10-20 18:27:05 ----A---- C:\Windows\system32\aepdu.dll
2014-10-20 18:27:05 ----A---- C:\Windows\system32\aeinv.dll
2014-10-20 18:26:43 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-10-20 18:26:42 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-10-20 18:26:42 ----A---- C:\Windows\system32\objsel.dll
2014-10-20 18:26:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-20 18:26:40 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-10-20 18:26:40 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-10-20 18:26:40 ----A---- C:\Windows\system32\KernelBase.dll
2014-10-20 18:26:39 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-10-20 18:26:39 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\system32\dimsroam.dll
2014-10-20 18:26:39 ----A---- C:\Windows\system32\cngprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\system32\capiprovider.dll
2014-10-20 18:26:39 ----A---- C:\Windows\system32\adprovider.dll
2014-10-20 18:26:38 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-10-20 18:26:38 ----A---- C:\Windows\system32\wincredprovider.dll
2014-10-20 18:26:07 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-10-20 18:26:07 ----A---- C:\Windows\system32\d2d1.dll
2014-10-20 18:25:57 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-10-20 18:25:57 ----A---- C:\Windows\system32\qdvd.dll
2014-10-20 18:25:56 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-10-20 18:25:50 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-20 18:25:50 ----A---- C:\Windows\system32\msi.dll
2014-10-20 18:25:50 ----A---- C:\Windows\system32\authui.dll
2014-10-20 18:25:49 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-10-20 18:25:49 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-10-20 18:25:49 ----A---- C:\Windows\system32\msihnd.dll
2014-10-20 18:25:49 ----A---- C:\Windows\system32\consent.exe
2014-10-20 18:25:30 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-10-20 18:25:30 ----A---- C:\Windows\system32\iologmsg.dll
2014-10-20 18:25:30 ----A---- C:\Windows\system32\drivers\storport.sys
2014-10-20 18:25:30 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-10-20 18:25:30 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-10-20 18:24:45 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-10-20 18:24:45 ----A---- C:\Windows\system32\tzres.dll
2014-10-20 18:24:23 ----A---- C:\Windows\system32\rastls.dll
2014-10-20 18:24:22 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-20 18:24:20 ----A---- C:\Windows\system32\shell32.dll
2014-10-20 18:24:19 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-10-20 18:23:50 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-20 18:23:50 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-10-20 18:23:50 ----A---- C:\Windows\system32\schannel.dll
2014-10-20 18:23:50 ----A---- C:\Windows\system32\lsasrv.dll
2014-10-20 18:23:50 ----A---- C:\Windows\system32\kerberos.dll
2014-10-20 18:23:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-10-20 18:23:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-10-20 18:23:49 ----A---- C:\Windows\system32\winlogon.exe
2014-10-20 18:23:49 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-20 18:23:49 ----A---- C:\Windows\system32\msv1_0.dll
2014-10-20 18:23:49 ----A---- C:\Windows\system32\mstscax.dll
2014-10-20 18:23:48 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-20 18:23:48 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-20 18:23:48 ----A---- C:\Windows\system32\termsrv.dll
2014-10-20 18:23:48 ----A---- C:\Windows\system32\mstsc.exe
2014-10-20 18:23:47 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-20 18:23:47 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-10-20 18:23:47 ----A---- C:\Windows\system32\winsta.dll
2014-10-20 18:23:47 ----A---- C:\Windows\system32\wdigest.dll
2014-10-20 18:23:47 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-20 18:23:47 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-20 18:23:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-10-20 18:23:46 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-20 18:23:46 ----A---- C:\Windows\system32\ncrypt.dll
2014-10-20 18:23:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-10-20 18:23:45 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-10-20 18:23:45 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-20 18:23:45 ----A---- C:\Windows\system32\credssp.dll
2014-10-20 18:23:44 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-20 18:22:06 ----A---- C:\Windows\system32\wow64.dll
2014-10-20 18:22:06 ----A---- C:\Windows\system32\kernel32.dll
2014-10-20 18:22:05 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-10-20 18:22:05 ----A---- C:\Windows\system32\wow64win.dll
2014-10-20 18:22:04 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-10-20 18:22:03 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-10-20 18:22:03 ----A---- C:\Windows\system32\wow64cpu.dll
2014-10-20 18:22:03 ----A---- C:\Windows\system32\ntvdm64.dll
2014-10-20 18:22:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-10-20 18:22:01 ----A---- C:\Windows\SYSWOW64\user.exe
2014-10-20 18:22:01 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-10-20 18:21:57 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-10-20 18:21:55 ----A---- C:\Windows\system32\scrrun.dll
2014-10-20 18:21:55 ----A---- C:\Windows\system32\cscript.exe
2014-10-20 18:21:54 ----A---- C:\Windows\SYSWOW64\wscript.exe
2014-10-20 18:21:54 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2014-10-20 18:21:54 ----A---- C:\Windows\system32\wscript.exe
2014-10-20 18:21:53 ----A---- C:\Windows\SYSWOW64\cscript.exe
2014-10-20 18:21:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-10-20 18:21:40 ----A---- C:\Windows\system32\sspisrv.dll
2014-10-20 18:21:40 ----A---- C:\Windows\system32\sspicli.dll
2014-10-20 18:21:40 ----A---- C:\Windows\system32\secur32.dll
2014-10-20 18:21:40 ----A---- C:\Windows\system32\lsass.exe
2014-10-20 18:21:40 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-10-20 18:20:48 ----A---- C:\Windows\system32\packager.dll
2014-10-20 18:20:47 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-20 18:20:43 ----A---- C:\Windows\system32\gdi32.dll
2014-10-20 18:20:42 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-10-20 18:20:34 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-10-20 18:20:33 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-10-20 18:20:27 ----A---- C:\Windows\system32\rpcrt4.dll
2014-10-20 18:20:26 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-10-20 17:37:42 ----A---- C:\Windows\system32\wups2.dll
2014-10-20 17:37:42 ----A---- C:\Windows\system32\wucltux.dll
2014-10-20 17:37:42 ----A---- C:\Windows\system32\wuaueng.dll
2014-10-20 17:37:42 ----A---- C:\Windows\system32\wuauclt.exe
2014-10-20 17:37:33 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-10-20 17:37:33 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-10-20 17:37:33 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-10-20 17:37:33 ----A---- C:\Windows\system32\wups.dll
2014-10-20 17:37:33 ----A---- C:\Windows\system32\wudriver.dll
2014-10-20 17:37:33 ----A---- C:\Windows\system32\wuapi.dll
2014-10-20 17:37:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-10-20 17:37:14 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-10-20 17:37:14 ----A---- C:\Windows\system32\wuwebv.dll
2014-10-20 17:37:14 ----A---- C:\Windows\system32\wuapp.exe
2014-10-19 19:42:39 ----D---- C:\Windows\Migration
2014-10-18 16:11:14 ----D---- C:\ProgramData\EA8
======List of files/folders modified in the last 1 month======
2014-11-08 19:11:52 ----RD---- C:\Program Files
2014-11-08 19:04:10 ----HD---- C:\ProgramData
2014-11-08 18:38:14 ----D---- C:\Program Files (x86)
2014-11-08 18:33:20 ----HD---- C:\Program Files (x86)\Temp
2014-11-08 18:33:20 ----D---- C:\Windows\SysWOW64
2014-11-08 18:33:15 ----SHD---- C:\System Volume Information
2014-11-08 18:32:51 ----D---- C:\Program Files (x86)\Common Files
2014-11-08 18:32:45 ----D---- C:\Windows\system32\drivers
2014-11-08 18:32:45 ----D---- C:\Windows\inf
2014-11-08 18:30:44 ----SHD---- C:\Windows\Installer
2014-11-08 18:30:44 ----HDC---- C:\ProgramData\~0
2014-11-08 18:24:43 ----D---- C:\Windows\Temp
2014-11-08 18:16:26 ----D---- C:\Windows\system32\catroot2
2014-11-08 18:16:26 ----D---- C:\Windows\system32\catroot
2014-11-08 18:16:23 ----D---- C:\Windows\system32\DriverStore
2014-11-08 18:15:45 ----D---- C:\Windows\system32\Tasks
2014-11-08 18:15:24 ----D---- C:\Windows\winsxs
2014-11-08 18:15:23 ----D---- C:\Windows\System32
2014-11-08 18:15:22 ----D---- C:\Windows
2014-11-08 18:05:40 ----D---- C:\Users\Kamila\AppData\Roaming\Skype
2014-11-08 18:05:26 ----RD---- C:\Program Files (x86)\Skype
2014-11-08 18:04:52 ----D---- C:\Program Files (x86)\SearchCore for Browsers
2014-11-08 18:01:43 ----SD---- C:\Users\Kamila\AppData\Roaming\Microsoft
2014-11-08 18:01:38 ----RSD---- C:\Windows\Fonts
2014-11-08 18:00:50 ----D---- C:\Program Files (x86)\Winamp
2014-11-08 17:58:41 ----D---- C:\Program Files (x86)\Můj produkt
2014-11-08 17:58:17 ----D---- C:\ProgramData\Electronic Arts
2014-11-08 17:57:20 ----D---- C:\Windows\Tasks
2014-11-08 17:57:17 ----SD---- C:\ProgramData\Microsoft
2014-11-08 17:57:17 ----D---- C:\Program Files (x86)\Microsoft
2014-11-08 17:56:03 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-11-08 17:55:40 ----D---- C:\Windows\Prefetch
2014-11-08 17:50:43 ----D---- C:\Users\Kamila\AppData\Roaming\DVDVideoSoft
2014-11-08 17:50:00 ----RSD---- C:\Windows\assembly
2014-11-08 12:23:12 ----D---- C:\Windows\system32\config
2014-11-08 11:49:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-06 20:07:59 ----D---- C:\ProgramData\NortonInstaller
2014-11-06 19:44:14 ----D---- C:\ProgramData\Skype
2014-11-03 21:05:45 ----A---- C:\Windows\win.ini
2014-11-03 19:02:30 ----D---- C:\Windows\Microsoft.NET
2014-10-31 15:27:53 ----D---- C:\Program Files (x86)\Microsoft Office
2014-10-31 15:27:48 ----D---- C:\Users\Kamila\AppData\Roaming\SoftGrid Client
2014-10-31 15:23:40 ----D---- C:\Windows\ShellNew
2014-10-31 15:22:16 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-10-31 15:19:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-10-30 12:25:26 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-22 19:02:29 ----D---- C:\Windows\rescache
2014-10-21 20:17:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-10-21 20:17:19 ----D---- C:\Windows\system32\cs-CZ
2014-10-21 17:45:37 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-21 17:45:36 ----D---- C:\Windows\ehome
2014-10-21 17:45:36 ----D---- C:\Program Files\Windows Media Player
2014-10-21 17:45:34 ----D---- C:\Program Files\Internet Explorer
2014-10-21 17:45:34 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-21 17:45:30 ----D---- C:\Windows\SYSWOW64\migration
2014-10-21 17:45:29 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-21 17:45:27 ----D---- C:\Windows\system32\migration
2014-10-21 17:45:27 ----D---- C:\Windows\PolicyDefinitions
2014-10-21 17:45:22 ----D---- C:\Windows\system32\en-US
2014-10-21 17:45:19 ----D---- C:\Program Files\Windows Journal
2014-10-21 17:45:02 ----D---- C:\Windows\SYSWOW64\Dism
2014-10-21 17:45:02 ----D---- C:\Windows\system32\Dism
2014-10-21 17:44:51 ----D---- C:\Windows\AppPatch
2014-10-20 21:06:34 ----D---- C:\Windows\Logs
2014-10-20 20:13:26 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-10-20 19:52:34 ----D---- C:\Program Files\Microsoft Silverlight
2014-10-20 19:52:34 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-10-20 19:43:35 ----D---- C:\Windows\system32\MRT
2014-10-19 17:43:16 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2014-11-08 449936]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-11-08 267632]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\drivers\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-09-15 834544]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2014-11-08 28184]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-11-08 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-08 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-11-08 436624]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-11-08 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-11-08 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-11-08 116728]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 146432]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-11-08 65776]
S3 a1282d4z;a1282d4z; C:\Windows\system32\drivers\a1282d4z.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-05-24 253728]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-10 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-08 50344]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-08 104416]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-10-13 935208]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-07-16 2416040]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-23 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-10-20 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prevence
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prevence
Zdravím, smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Software Updater
Nero BackItUp Scheduler 4.0
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Plánovači úloh zakaž Google Update bude to tam několikrát.
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a dej mi sem z něj log.
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Software Updater
Nero BackItUp Scheduler 4.0
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Plánovači úloh zakaž Google Update bude to tam několikrát.
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Pak použij Mbam z mého podpisu a dej mi sem z něj log.
Re: Prevence
ADW cleaner:
# AdwCleaner v4.100 - Report created 09/11/2014 at 03:40:34
# Updated 08/11/2014 by Xplode
# Database : 2014-11-07.1
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kamila - PC
# Running from : C:\Users\Kamila\Desktop\adwcleaner_4.100.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchCore for Browsers
Folder Found : C:\ProgramData\~0
Folder Found : C:\Users\Kamila\AppData\Local\Conduit
Folder Found : C:\Users\Kamila\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Kamila\AppData\Local\PackageAware
Folder Found : C:\Users\Kamila\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Kamila\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kamila\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Kamila\AppData\LocalLow\Datamngr
Folder Found : C:\Users\Kamila\AppData\LocalLow\imeshbandmltbpi
Folder Found : C:\Users\Kamila\AppData\Roaming\OpenCandy
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\mediabarim
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5D17CC-D69B-47C7-9FBF-524C78D6A7D3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\SearchCore for Browsers
Key Found : [x64] HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5D17CC-D69B-47C7-9FBF-524C78D6A7D3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : [x64] HKCU\Software\SearchCore for Browsers
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
-\\ Chromium v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [4678 octets] - [09/11/2014 03:40:34]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4738 octets] ##########
MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9.11.2014
Scan Time: 3:45:42
Logfile: log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.09.01
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kamila
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314212
Time Elapsed: 14 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 7
PUP.Optional.Mediabar.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}, , [e9ccb584cdaf0f27d22b714121e19769],
PUP.Optional.Mediabar.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}, , [e9ccb584cdaf0f27d22b714121e19769],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{872b5b88-9db5-4310-bdd0-ac189557e5f5}, , [843175c44636bd79edf51d922cd6d42c],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [6a4bcc6d4636d6605f85aca029da08f8],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [278e6ccd483436006e206817d430e020],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [8d2856e3235995a16c21a3dcde261ae6],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, , [3184a7921e5edb5b4c12ff3641c22fd1],
Registry Values: 2
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{28387537-E3F9-4ED7-860C-11E69AF4A8A0}, MediaBar, , [e9ccb584cdaf0f27d22b714121e19769]
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{28387537-e3f9-4ed7-860c-11e69af4a8a0}, , [2293ad8c99e38da90cf1842e6a9815eb],
Registry Data: 0
(No malicious items detected)
Folders: 9
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\01550BC36CE34155BAA9D7E58A689416, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\A6D55C9FBD4E482B8DB89E993F6F7669, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\E9544127D7C44EB7B91B70367726AA88, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\OpenCandy_A6D55C9FBD4E482B8DB89E993F6F7669, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.Datamngr.A, C:\Users\Kamila\AppData\LocalLow\DataMngr, , [5263cb6ebebe979fb9416e96ce351be5],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers, , [d0e595a4a9d36fc7222f2309ea196898],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers, , [d0e595a4a9d36fc7222f2309ea196898],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64, , [d0e595a4a9d36fc7222f2309ea196898],
Files: 7
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\01550BC36CE34155BAA9D7E58A689416\PokkiPACK_Stp2v7.exe, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\A6D55C9FBD4E482B8DB89E993F6F7669\1193.ico, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\A6D55C9FBD4E482B8DB89E993F6F7669\pcspeedup_oc.exe, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\E9544127D7C44EB7B91B70367726AA88\PCSU_SL_3.1.2.exe, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.Datamngr.A, C:\Users\Kamila\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [5263cb6ebebe979fb9416e96ce351be5],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll, , [d0e595a4a9d36fc7222f2309ea196898],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\DnsBHO.dll, , [d0e595a4a9d36fc7222f2309ea196898],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v4.100 - Report created 09/11/2014 at 03:40:34
# Updated 08/11/2014 by Xplode
# Database : 2014-11-07.1
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kamila - PC
# Running from : C:\Users\Kamila\Desktop\adwcleaner_4.100.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchCore for Browsers
Folder Found : C:\ProgramData\~0
Folder Found : C:\Users\Kamila\AppData\Local\Conduit
Folder Found : C:\Users\Kamila\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Kamila\AppData\Local\PackageAware
Folder Found : C:\Users\Kamila\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Kamila\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kamila\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Kamila\AppData\LocalLow\Datamngr
Folder Found : C:\Users\Kamila\AppData\LocalLow\imeshbandmltbpi
Folder Found : C:\Users\Kamila\AppData\Roaming\OpenCandy
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\mediabarim
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5D17CC-D69B-47C7-9FBF-524C78D6A7D3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\SearchCore for Browsers
Key Found : [x64] HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5D17CC-D69B-47C7-9FBF-524C78D6A7D3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : [x64] HKCU\Software\SearchCore for Browsers
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
-\\ Chromium v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [4678 octets] - [09/11/2014 03:40:34]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4738 octets] ##########
MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9.11.2014
Scan Time: 3:45:42
Logfile: log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.09.01
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kamila
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314212
Time Elapsed: 14 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 7
PUP.Optional.Mediabar.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}, , [e9ccb584cdaf0f27d22b714121e19769],
PUP.Optional.Mediabar.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}, , [e9ccb584cdaf0f27d22b714121e19769],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{872b5b88-9db5-4310-bdd0-ac189557e5f5}, , [843175c44636bd79edf51d922cd6d42c],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [6a4bcc6d4636d6605f85aca029da08f8],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [278e6ccd483436006e206817d430e020],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [8d2856e3235995a16c21a3dcde261ae6],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-884606549-3633913737-2442893738-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, , [3184a7921e5edb5b4c12ff3641c22fd1],
Registry Values: 2
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{28387537-E3F9-4ED7-860C-11E69AF4A8A0}, MediaBar, , [e9ccb584cdaf0f27d22b714121e19769]
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{28387537-e3f9-4ed7-860c-11e69af4a8a0}, , [2293ad8c99e38da90cf1842e6a9815eb],
Registry Data: 0
(No malicious items detected)
Folders: 9
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\01550BC36CE34155BAA9D7E58A689416, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\A6D55C9FBD4E482B8DB89E993F6F7669, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\E9544127D7C44EB7B91B70367726AA88, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\OpenCandy_A6D55C9FBD4E482B8DB89E993F6F7669, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.Datamngr.A, C:\Users\Kamila\AppData\LocalLow\DataMngr, , [5263cb6ebebe979fb9416e96ce351be5],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers, , [d0e595a4a9d36fc7222f2309ea196898],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers, , [d0e595a4a9d36fc7222f2309ea196898],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64, , [d0e595a4a9d36fc7222f2309ea196898],
Files: 7
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\01550BC36CE34155BAA9D7E58A689416\PokkiPACK_Stp2v7.exe, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\A6D55C9FBD4E482B8DB89E993F6F7669\1193.ico, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\A6D55C9FBD4E482B8DB89E993F6F7669\pcspeedup_oc.exe, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.OpenCandy, C:\Users\Kamila\AppData\Roaming\OpenCandy\E9544127D7C44EB7B91B70367726AA88\PCSU_SL_3.1.2.exe, , [4372f0498cf0f0461e95ae50af539b65],
PUP.Optional.Datamngr.A, C:\Users\Kamila\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [5263cb6ebebe979fb9416e96ce351be5],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll, , [d0e595a4a9d36fc7222f2309ea196898],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\DnsBHO.dll, , [d0e595a4a9d36fc7222f2309ea196898],
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Prevence
Znovu spusť AdwCleaner ale tentokrát klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zase zkopíruj Report.
To co Mbam našel nech vše smazat.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zase zkopíruj Report.
To co Mbam našel nech vše smazat.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prevence
AdwCleaner report:
# AdwCleaner v4.100 - Report created 09/11/2014 at 17:26:57
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kamila - PC
# Running from : C:\Users\Kamila\Desktop\adwcleaner_4.100.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchCore for Browsers
Folder Deleted : C:\Users\Kamila\AppData\Local\Conduit
Folder Deleted : C:\Users\Kamila\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Kamila\AppData\Local\PackageAware
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\imeshbandmltbpi
Folder Deleted : C:\Users\Kamila\AppData\Roaming\OpenCandy
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5D17CC-D69B-47C7-9FBF-524C78D6A7D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
-\\ Chromium v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [4882 octets] - [09/11/2014 03:40:34]
AdwCleaner[R1].txt - [4942 octets] - [09/11/2014 17:23:52]
AdwCleaner[S0].txt - [3744 octets] - [09/11/2014 17:26:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3804 octets] ##########
# AdwCleaner v4.100 - Report created 09/11/2014 at 17:26:57
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kamila - PC
# Running from : C:\Users\Kamila\Desktop\adwcleaner_4.100.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchCore for Browsers
Folder Deleted : C:\Users\Kamila\AppData\Local\Conduit
Folder Deleted : C:\Users\Kamila\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Kamila\AppData\Local\PackageAware
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Kamila\AppData\LocalLow\imeshbandmltbpi
Folder Deleted : C:\Users\Kamila\AppData\Roaming\OpenCandy
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5D17CC-D69B-47C7-9FBF-524C78D6A7D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v38.0.2125.111
-\\ Chromium v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [4882 octets] - [09/11/2014 03:40:34]
AdwCleaner[R1].txt - [4942 octets] - [09/11/2014 17:23:52]
AdwCleaner[S0].txt - [3744 octets] - [09/11/2014 17:26:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3804 octets] ##########
Re: Prevence
Combo Fix report:
ComboFix 14-11-09.01 - Kamila 09.11.2014 17:57:24.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.718 [GMT 1:00]
Spuštěný z: c:\users\Kamila\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru.json
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\app.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonfs.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonmgr.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonStatus.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backgroundImages.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backup.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\blacklist.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\bookmarks.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\branding.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\clids.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\cloudsource.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\colors.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\databaseMigration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\dataprovider.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\fastdial.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\favicons.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\frontendHelper.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\installer.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\internalStructure.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\layout.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\metrika.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\install.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_12.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_13.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_3.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_9.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\package.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\protocolSupport.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\safebrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\screenshots.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\screenshotsGrabber.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchExample.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchSuggest.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\strbundle.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\sync.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncPinned.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncTopHistory.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\thumbs.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\usageHistory.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\ycookie.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\components\core.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\config.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\preferences\yandex-vb.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\vendor\vendor.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome.manifest
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome\yandex-vb.jar
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\install.rdf
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\AddonManager.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\DataURI.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Foundation.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\async.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\database.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\ecustom.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\fileutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\misc.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\netutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\patterns.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\promise.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\strutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\sysutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\task.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\xmlutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Log4Moz.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Preferences.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleProtocol.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Stemmer.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WindowListener.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WinReg.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru.json
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\bar.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonfs.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonmgr.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonStatus.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\anonymousStatistic.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\autoinst.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\bookmarksStat.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\brand_prov.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\branding.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\browserTheme.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\browserUsage.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\clids.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\compsusage.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\contentEnvironment.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\defender.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\distribution.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\incoming.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\installer.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\integration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\mailruStat.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\install.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-5_2_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-6_4_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_0_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_6_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_1.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_0_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_1_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_3_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\barplugin.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\brandsvc.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\compapi.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\ncparser.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\npwidget.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\sliceapi.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native_comps.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\notifications.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\overlay_prov.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\pacman.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\cachedres.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\manifest.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\package.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset-with-manifest.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\unit.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\safeBrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\slices.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\strbundle.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\update.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\urlRewrite.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\vendorCookie.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\widgetlib.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\ycookie.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\core.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsIYaSearch.xpt
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsSearchSuggestions.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsYaSearch.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\xbProtocol.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\config.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\brand\ua\safebrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\safebrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\preferences\yasearch.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault-partner.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Ftb.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fua.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\vendor\vendor.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome.manifest
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome\yasearch.jar
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\install.rdf
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\AddonManager.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\DataURI.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Foundation.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\async.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\database.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\dlqueue.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\ecustom.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\fileutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\legacy.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\misc.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\netutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\patterns.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\promise.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\strutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\sysutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\task.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\xmlutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Log4Moz.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Preferences.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleProtocol.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Stemmer.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WindowListener.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WinReg.jsm
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-09 do 2014-11-09 )))))))))))))))))))))))))))))))
.
.
2014-11-09 17:05 . 2014-11-09 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-09 16:34 . 2014-11-09 16:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-09 08:52 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38FAF8E9-AD4E-4807-860E-4BAFF74D19A4}\mpengine.dll
2014-11-09 02:44 . 2014-11-09 16:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-09 02:44 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\programdata\Malwarebytes
2014-11-09 02:44 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-09 02:44 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\users\Kamila\AppData\Local\Programs
2014-11-09 02:40 . 2014-11-09 16:27 -------- d-----w- C:\AdwCleaner
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- c:\program files\trend micro
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- C:\rsit
2014-11-08 17:22 . 2014-11-08 17:22 -------- d-----w- c:\users\Kamila\AppData\Roaming\AVAST Software
2014-11-08 17:15 . 2014-11-08 17:15 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-08 17:15 . 2014-11-08 17:15 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-08 17:15 . 2014-11-08 17:15 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-08 17:15 . 2014-11-08 17:15 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-08 17:15 . 2014-11-08 17:15 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-08 17:15 . 2014-11-08 17:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-08 17:15 . 2014-11-08 17:15 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-08 17:15 . 2014-11-08 17:14 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-08 17:15 . 2014-11-08 17:14 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-11-08 17:15 . 2014-11-08 17:15 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-08 17:15 . 2014-11-08 17:15 43152 ----a-w- c:\windows\avastSS.scr
2014-11-08 17:14 . 2014-11-08 17:14 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-11-08 17:12 . 2014-11-08 17:12 -------- d-----w- c:\program files\AVAST Software
2014-11-08 17:10 . 2014-11-08 17:12 -------- d-----w- c:\programdata\AVAST Software
2014-11-08 11:04 . 2014-11-08 11:04 -------- d-----w- c:\program files\CCleaner
2014-11-06 19:09 . 2014-11-06 19:09 -------- d-----w- c:\users\Kamila\AppData\Local\IsolatedStorage
2014-11-06 18:58 . 2014-11-06 19:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-11-06 18:46 . 2014-11-08 16:45 -------- d-----w- c:\users\Kamila\AppData\Local\Yandex
2014-11-06 18:46 . 2014-11-06 19:08 -------- d-----w- c:\programdata\Norton
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Roaming\Opera Software
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Local\Chromium
2014-11-06 18:45 . 2014-11-08 16:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\Yandex
2014-11-06 18:45 . 2014-11-08 10:58 -------- dc-h--w- c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-06 18:44 . 2014-11-06 18:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\ImperiaOnline
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\users\Kamila\AppData\Local\Skype
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieUserList
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieSiteList
2014-11-02 19:54 . 2014-11-02 19:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\users\Kamila\AppData\Local\Microsoft Help
2014-10-31 14:17 . 2014-11-03 20:11 -------- d-----w- c:\programdata\Microsoft Help
2014-10-31 14:17 . 2014-10-31 14:17 -------- d-----r- C:\MSOCache
2014-10-24 15:00 . 2014-10-24 18:23 -------- d-----w- c:\users\Kamila\AppData\Roaming\vlc
2014-10-24 14:58 . 2014-10-24 14:58 -------- d-----w- c:\program files (x86)\VideoLAN
2014-10-22 19:04 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-10-21 17:29 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-10-21 17:29 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-10-21 16:45 . 2014-10-21 16:45 -------- d-s---w- c:\windows\system32\CompatTel
2014-10-20 20:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-10-20 20:06 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-10-20 19:55 . 2014-10-20 19:55 67072 ----a-w- c:\program files\Internet Explorer\JSProfilerCore.dll
2014-10-20 18:45 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-20 18:45 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-20 18:33 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-20 18:33 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-20 18:33 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-20 18:33 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-20 18:33 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-20 18:33 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\users\Kamila\AppData\Local\LogMeIn
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\programdata\LogMeIn
2014-10-20 17:28 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-10-20 17:27 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-20 17:26 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-10-20 17:25 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-20 17:24 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-20 17:24 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-20 17:24 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-20 17:24 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-20 17:24 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-10-20 17:22 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-10-20 17:22 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-10-20 17:22 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-10-20 17:22 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-10-20 17:22 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-10-20 17:22 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-10-20 17:22 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-10-20 17:22 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-10-20 17:20 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-20 17:20 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 17:20 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-20 17:20 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-20 17:20 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-10-20 17:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-10-20 17:20 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-20 17:20 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-10-19 18:42 . 2014-10-19 18:42 -------- d-----w- c:\windows\Migration
2014-10-19 16:43 . 2014-10-19 16:43 -------- d-----w- c:\users\Kamila\AppData\Local\ElevatedDiagnostics
2014-10-18 15:11 . 2014-10-18 15:11 -------- d-----w- c:\programdata\EA8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 16:34 . 2011-10-15 12:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2011-02-25 13:15 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-03 08:02 . 2011-11-12 10:11 103265616 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-15 39408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-30 6501656]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-10-18 801816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-23 30524000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"istis2"="c:\istis2\xfigsys2.exe" [2007-02-26 1095680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-08 5225064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 14:10 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 16:34]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 16:48]
.
2014-11-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-13 11:41]
.
2014-11-09 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-08 17:15 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=6826
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{8D37071B-EF08-4FBB-8501-831538F2EB01}: DhcpNameServer = 213.46.172.37 213.46.172.36
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Zoner Photo Studio Service 16 - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEc:\program files\Zoner\Photo Studio 16\Program32\ZPSService.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Kamila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Kamila\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKLM-Run-PAC7302_Monitor - c:\windows\PixArt\PAC7302\Monitor.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-11-09 18:09:13
ComboFix-quarantined-files.txt 2014-11-09 17:09
.
Před spuštěním: Volných bajtů: 348 203 327 488
Po spuštění: Volných bajtů: 347 643 269 120
.
- - End Of File - - 073D34BE1E2878AB655D08F5D99F9B10
A36C5E4F47E84449FF07ED3517B43A31
Mimochodem děkuji moc za ochotu a pomoc!
ComboFix 14-11-09.01 - Kamila 09.11.2014 17:57:24.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.718 [GMT 1:00]
Spuštěný z: c:\users\Kamila\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru.json
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\app.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonfs.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonmgr.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonStatus.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backgroundImages.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backup.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\blacklist.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\bookmarks.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\branding.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\clids.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\cloudsource.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\colors.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\databaseMigration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\dataprovider.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\fastdial.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\favicons.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\frontendHelper.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\installer.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\internalStructure.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\layout.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\metrika.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\install.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_12.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_13.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_3.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_9.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\package.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\protocolSupport.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\safebrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\screenshots.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\screenshotsGrabber.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchExample.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchSuggest.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\strbundle.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\sync.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncPinned.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncTopHistory.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\thumbs.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\usageHistory.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\ycookie.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\components\core.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\config.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\preferences\yandex-vb.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\vendor\vendor.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome.manifest
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome\yandex-vb.jar
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\install.rdf
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\AddonManager.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\DataURI.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Foundation.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\async.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\database.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\ecustom.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\fileutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\misc.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\netutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\patterns.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\promise.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\strutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\sysutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\task.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\xmlutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Log4Moz.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Preferences.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleProtocol.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Stemmer.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WindowListener.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WinReg.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru.json
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\bar.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonfs.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonmgr.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonStatus.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\anonymousStatistic.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\autoinst.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\bookmarksStat.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\brand_prov.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\branding.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\browserTheme.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\browserUsage.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\clids.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\compsusage.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\contentEnvironment.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\defender.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\distribution.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\incoming.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\installer.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\integration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\mailruStat.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\install.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-5_2_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-6_4_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_0_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_6_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_1.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_0_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_1_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_3_0.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\barplugin.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\brandsvc.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\compapi.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\ncparser.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\npwidget.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\sliceapi.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native_comps.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\notifications.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\overlay_prov.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\pacman.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\cachedres.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\manifest.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\package.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset-with-manifest.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\unit.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\safeBrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\slices.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\strbundle.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\update.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\urlRewrite.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\vendorCookie.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\widgetlib.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\ycookie.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\core.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsIYaSearch.xpt
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsSearchSuggestions.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsYaSearch.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\xbProtocol.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\config.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\brand\ua\safebrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\safebrowsing.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\preferences\yasearch.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault-partner.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Ftb.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fua.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\vendor\vendor.xml
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome.manifest
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome\yasearch.jar
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\install.rdf
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\AddonManager.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\DataURI.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Foundation.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\async.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\database.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\dlqueue.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\ecustom.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\fileutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\legacy.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\misc.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\netutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\patterns.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\promise.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\strutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\sysutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\task.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\xmlutils.js
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Log4Moz.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Preferences.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleProtocol.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Stemmer.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WindowListener.jsm
c:\users\Kamila\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WinReg.jsm
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-09 do 2014-11-09 )))))))))))))))))))))))))))))))
.
.
2014-11-09 17:05 . 2014-11-09 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-09 16:34 . 2014-11-09 16:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-09 08:52 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38FAF8E9-AD4E-4807-860E-4BAFF74D19A4}\mpengine.dll
2014-11-09 02:44 . 2014-11-09 16:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-09 02:44 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\programdata\Malwarebytes
2014-11-09 02:44 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-09 02:44 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\users\Kamila\AppData\Local\Programs
2014-11-09 02:40 . 2014-11-09 16:27 -------- d-----w- C:\AdwCleaner
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- c:\program files\trend micro
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- C:\rsit
2014-11-08 17:22 . 2014-11-08 17:22 -------- d-----w- c:\users\Kamila\AppData\Roaming\AVAST Software
2014-11-08 17:15 . 2014-11-08 17:15 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-08 17:15 . 2014-11-08 17:15 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-08 17:15 . 2014-11-08 17:15 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-08 17:15 . 2014-11-08 17:15 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-08 17:15 . 2014-11-08 17:15 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-08 17:15 . 2014-11-08 17:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-08 17:15 . 2014-11-08 17:15 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-08 17:15 . 2014-11-08 17:14 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-08 17:15 . 2014-11-08 17:14 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-11-08 17:15 . 2014-11-08 17:15 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-08 17:15 . 2014-11-08 17:15 43152 ----a-w- c:\windows\avastSS.scr
2014-11-08 17:14 . 2014-11-08 17:14 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-11-08 17:12 . 2014-11-08 17:12 -------- d-----w- c:\program files\AVAST Software
2014-11-08 17:10 . 2014-11-08 17:12 -------- d-----w- c:\programdata\AVAST Software
2014-11-08 11:04 . 2014-11-08 11:04 -------- d-----w- c:\program files\CCleaner
2014-11-06 19:09 . 2014-11-06 19:09 -------- d-----w- c:\users\Kamila\AppData\Local\IsolatedStorage
2014-11-06 18:58 . 2014-11-06 19:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-11-06 18:46 . 2014-11-08 16:45 -------- d-----w- c:\users\Kamila\AppData\Local\Yandex
2014-11-06 18:46 . 2014-11-06 19:08 -------- d-----w- c:\programdata\Norton
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Roaming\Opera Software
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Local\Chromium
2014-11-06 18:45 . 2014-11-08 16:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\Yandex
2014-11-06 18:45 . 2014-11-08 10:58 -------- dc-h--w- c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-06 18:44 . 2014-11-06 18:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\ImperiaOnline
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\users\Kamila\AppData\Local\Skype
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieUserList
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieSiteList
2014-11-02 19:54 . 2014-11-02 19:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\users\Kamila\AppData\Local\Microsoft Help
2014-10-31 14:17 . 2014-11-03 20:11 -------- d-----w- c:\programdata\Microsoft Help
2014-10-31 14:17 . 2014-10-31 14:17 -------- d-----r- C:\MSOCache
2014-10-24 15:00 . 2014-10-24 18:23 -------- d-----w- c:\users\Kamila\AppData\Roaming\vlc
2014-10-24 14:58 . 2014-10-24 14:58 -------- d-----w- c:\program files (x86)\VideoLAN
2014-10-22 19:04 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-10-21 17:29 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-10-21 17:29 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-10-21 16:45 . 2014-10-21 16:45 -------- d-s---w- c:\windows\system32\CompatTel
2014-10-20 20:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-10-20 20:06 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-10-20 19:55 . 2014-10-20 19:55 67072 ----a-w- c:\program files\Internet Explorer\JSProfilerCore.dll
2014-10-20 18:45 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-20 18:45 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-20 18:33 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-20 18:33 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-20 18:33 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-20 18:33 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-20 18:33 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-20 18:33 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\users\Kamila\AppData\Local\LogMeIn
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\programdata\LogMeIn
2014-10-20 17:28 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-10-20 17:27 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-20 17:26 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-10-20 17:25 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-20 17:24 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-20 17:24 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-20 17:24 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-20 17:24 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-20 17:24 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-10-20 17:22 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-10-20 17:22 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-10-20 17:22 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-10-20 17:22 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-10-20 17:22 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-10-20 17:22 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-10-20 17:22 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-10-20 17:22 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-10-20 17:20 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-20 17:20 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 17:20 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-20 17:20 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-20 17:20 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-10-20 17:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-10-20 17:20 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-20 17:20 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-10-19 18:42 . 2014-10-19 18:42 -------- d-----w- c:\windows\Migration
2014-10-19 16:43 . 2014-10-19 16:43 -------- d-----w- c:\users\Kamila\AppData\Local\ElevatedDiagnostics
2014-10-18 15:11 . 2014-10-18 15:11 -------- d-----w- c:\programdata\EA8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 16:34 . 2011-10-15 12:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2011-02-25 13:15 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-03 08:02 . 2011-11-12 10:11 103265616 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-15 39408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-30 6501656]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-10-18 801816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-23 30524000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"istis2"="c:\istis2\xfigsys2.exe" [2007-02-26 1095680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-08 5225064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 14:10 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 16:34]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 16:48]
.
2014-11-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-13 11:41]
.
2014-11-09 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-08 17:15 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=6826
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{8D37071B-EF08-4FBB-8501-831538F2EB01}: DhcpNameServer = 213.46.172.37 213.46.172.36
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Zoner Photo Studio Service 16 - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEc:\program files\Zoner\Photo Studio 16\Program32\ZPSService.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Kamila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Kamila\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKLM-Run-PAC7302_Monitor - c:\windows\PixArt\PAC7302\Monitor.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-11-09 18:09:13
ComboFix-quarantined-files.txt 2014-11-09 17:09
.
Před spuštěním: Volných bajtů: 348 203 327 488
Po spuštění: Volných bajtů: 347 643 269 120
.
- - End Of File - - 073D34BE1E2878AB655D08F5D99F9B10
A36C5E4F47E84449FF07ED3517B43A31
Mimochodem děkuji moc za ochotu a pomoc!
Re: Prevence
Ještě doladíme.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Prevence
Zde log po aplikaci skriptu:
ComboFix 14-11-09.01 - Kamila 11.11.2014 15:24:02.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.742 [GMT 1:00]
Spuštěný z: c:\users\Kamila\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kamila\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-11 do 2014-11-11 )))))))))))))))))))))))))))))))
.
.
2014-11-11 14:33 . 2014-11-11 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-11 14:30 . 2014-11-11 14:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4241652-917F-46A0-BB12-F9F63ED777C4}\offreg.dll
2014-11-11 14:22 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4241652-917F-46A0-BB12-F9F63ED777C4}\mpengine.dll
2014-11-09 16:34 . 2014-11-09 16:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-09 02:44 . 2014-11-11 14:11 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-09 02:44 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\programdata\Malwarebytes
2014-11-09 02:44 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-09 02:44 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\users\Kamila\AppData\Local\Programs
2014-11-09 02:40 . 2014-11-09 16:27 -------- d-----w- C:\AdwCleaner
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- c:\program files\trend micro
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- C:\rsit
2014-11-08 17:22 . 2014-11-08 17:22 -------- d-----w- c:\users\Kamila\AppData\Roaming\AVAST Software
2014-11-08 17:15 . 2014-11-08 17:15 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-08 17:15 . 2014-11-08 17:15 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-08 17:15 . 2014-11-08 17:15 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-08 17:15 . 2014-11-08 17:15 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-08 17:15 . 2014-11-08 17:15 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-08 17:15 . 2014-11-08 17:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-08 17:15 . 2014-11-08 17:15 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-08 17:15 . 2014-11-08 17:14 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-08 17:15 . 2014-11-08 17:14 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-11-08 17:15 . 2014-11-08 17:15 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-08 17:15 . 2014-11-08 17:15 43152 ----a-w- c:\windows\avastSS.scr
2014-11-08 17:14 . 2014-11-08 17:14 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-11-08 17:12 . 2014-11-08 17:12 -------- d-----w- c:\program files\AVAST Software
2014-11-08 17:10 . 2014-11-08 17:12 -------- d-----w- c:\programdata\AVAST Software
2014-11-08 11:04 . 2014-11-08 11:04 -------- d-----w- c:\program files\CCleaner
2014-11-06 19:09 . 2014-11-06 19:09 -------- d-----w- c:\users\Kamila\AppData\Local\IsolatedStorage
2014-11-06 18:58 . 2014-11-06 19:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-11-06 18:46 . 2014-11-08 16:45 -------- d-----w- c:\users\Kamila\AppData\Local\Yandex
2014-11-06 18:46 . 2014-11-06 19:08 -------- d-----w- c:\programdata\Norton
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Roaming\Opera Software
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Local\Chromium
2014-11-06 18:45 . 2014-11-08 16:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\Yandex
2014-11-06 18:45 . 2014-11-08 10:58 -------- dc-h--w- c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-06 18:44 . 2014-11-06 18:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\ImperiaOnline
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\users\Kamila\AppData\Local\Skype
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieUserList
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieSiteList
2014-11-02 19:54 . 2014-11-02 19:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\users\Kamila\AppData\Local\Microsoft Help
2014-10-31 14:17 . 2014-11-03 20:11 -------- d-----w- c:\programdata\Microsoft Help
2014-10-31 14:17 . 2014-10-31 14:17 -------- d-----r- C:\MSOCache
2014-10-24 15:00 . 2014-10-24 18:23 -------- d-----w- c:\users\Kamila\AppData\Roaming\vlc
2014-10-24 14:58 . 2014-10-24 14:58 -------- d-----w- c:\program files (x86)\VideoLAN
2014-10-22 19:04 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-10-21 17:29 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-10-21 17:29 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-10-21 16:45 . 2014-10-21 16:45 -------- d-s---w- c:\windows\system32\CompatTel
2014-10-20 20:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-10-20 20:06 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-10-20 19:55 . 2014-10-20 19:55 67072 ----a-w- c:\program files\Internet Explorer\JSProfilerCore.dll
2014-10-20 18:45 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-20 18:45 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-20 18:33 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-20 18:33 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-20 18:33 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-20 18:33 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-20 18:33 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-20 18:33 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\users\Kamila\AppData\Local\LogMeIn
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\programdata\LogMeIn
2014-10-20 17:28 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-10-20 17:27 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-20 17:26 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-10-20 17:25 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-20 17:24 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-20 17:24 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-20 17:24 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-20 17:24 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-20 17:24 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-10-20 17:22 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-10-20 17:22 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-10-20 17:22 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-10-20 17:22 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-10-20 17:22 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-10-20 17:22 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-10-20 17:22 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-10-20 17:22 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-10-20 17:20 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-20 17:20 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 17:20 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-20 17:20 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-20 17:20 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-10-20 17:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-10-20 17:20 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-20 17:20 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-10-19 18:42 . 2014-10-19 18:42 -------- d-----w- c:\windows\Migration
2014-10-19 16:43 . 2014-10-19 16:43 -------- d-----w- c:\users\Kamila\AppData\Local\ElevatedDiagnostics
2014-10-18 15:11 . 2014-10-18 15:11 -------- d-----w- c:\programdata\EA8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 16:34 . 2011-10-15 12:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2011-02-25 13:15 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-03 08:02 . 2011-11-12 10:11 103265616 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-15 39408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-30 6501656]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-10-18 801816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-23 30524000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"istis2"="c:\istis2\xfigsys2.exe" [2007-02-26 1095680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-08 5225064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 14:10 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 16:34]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 16:48]
.
2014-11-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-13 11:41]
.
2014-11-09 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-08 17:15 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=6826
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{8D37071B-EF08-4FBB-8501-831538F2EB01}: DhcpNameServer = 213.46.172.37 213.46.172.36
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2014-11-11 15:37:03
ComboFix-quarantined-files.txt 2014-11-11 14:37
ComboFix2.txt 2014-11-09 17:09
.
Před spuštěním: Volných bajtů: 353 319 960 576
Po spuštění: Volných bajtů: 352 963 657 728
.
- - End Of File - - EDF31046D422E924D777890E4A497242
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-11-09.01 - Kamila 11.11.2014 15:24:02.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1791.742 [GMT 1:00]
Spuštěný z: c:\users\Kamila\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kamila\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-11 do 2014-11-11 )))))))))))))))))))))))))))))))
.
.
2014-11-11 14:33 . 2014-11-11 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-11 14:30 . 2014-11-11 14:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4241652-917F-46A0-BB12-F9F63ED777C4}\offreg.dll
2014-11-11 14:22 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4241652-917F-46A0-BB12-F9F63ED777C4}\mpengine.dll
2014-11-09 16:34 . 2014-11-09 16:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-09 02:44 . 2014-11-11 14:11 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-09 02:44 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\programdata\Malwarebytes
2014-11-09 02:44 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-09 02:44 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-09 02:44 . 2014-11-09 02:44 -------- d-----w- c:\users\Kamila\AppData\Local\Programs
2014-11-09 02:40 . 2014-11-09 16:27 -------- d-----w- C:\AdwCleaner
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- c:\program files\trend micro
2014-11-08 18:11 . 2014-11-08 18:12 -------- d-----w- C:\rsit
2014-11-08 17:22 . 2014-11-08 17:22 -------- d-----w- c:\users\Kamila\AppData\Roaming\AVAST Software
2014-11-08 17:15 . 2014-11-08 17:15 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-08 17:15 . 2014-11-08 17:15 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-08 17:15 . 2014-11-08 17:15 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-08 17:15 . 2014-11-08 17:15 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-08 17:15 . 2014-11-08 17:15 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-08 17:15 . 2014-11-08 17:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-08 17:15 . 2014-11-08 17:15 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-08 17:15 . 2014-11-08 17:14 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-08 17:15 . 2014-11-08 17:14 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-11-08 17:15 . 2014-11-08 17:15 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-08 17:15 . 2014-11-08 17:15 43152 ----a-w- c:\windows\avastSS.scr
2014-11-08 17:14 . 2014-11-08 17:14 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-11-08 17:12 . 2014-11-08 17:12 -------- d-----w- c:\program files\AVAST Software
2014-11-08 17:10 . 2014-11-08 17:12 -------- d-----w- c:\programdata\AVAST Software
2014-11-08 11:04 . 2014-11-08 11:04 -------- d-----w- c:\program files\CCleaner
2014-11-06 19:09 . 2014-11-06 19:09 -------- d-----w- c:\users\Kamila\AppData\Local\IsolatedStorage
2014-11-06 18:58 . 2014-11-06 19:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-11-06 18:46 . 2014-11-08 16:45 -------- d-----w- c:\users\Kamila\AppData\Local\Yandex
2014-11-06 18:46 . 2014-11-06 19:08 -------- d-----w- c:\programdata\Norton
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Roaming\Opera Software
2014-11-06 18:45 . 2014-11-06 18:45 -------- d-----w- c:\users\Kamila\AppData\Local\Chromium
2014-11-06 18:45 . 2014-11-08 16:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\Yandex
2014-11-06 18:45 . 2014-11-08 10:58 -------- dc-h--w- c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-06 18:44 . 2014-11-06 18:44 -------- d-----w- c:\users\Kamila\AppData\Roaming\ImperiaOnline
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\users\Kamila\AppData\Local\Skype
2014-11-06 18:42 . 2014-11-06 18:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieUserList
2014-11-06 18:22 . 2014-11-06 18:22 -------- d-sh--w- c:\users\Kamila\AppData\Local\EmieSiteList
2014-11-02 19:54 . 2014-11-02 19:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-10-31 14:18 . 2014-10-31 14:18 -------- d-----w- c:\users\Kamila\AppData\Local\Microsoft Help
2014-10-31 14:17 . 2014-11-03 20:11 -------- d-----w- c:\programdata\Microsoft Help
2014-10-31 14:17 . 2014-10-31 14:17 -------- d-----r- C:\MSOCache
2014-10-24 15:00 . 2014-10-24 18:23 -------- d-----w- c:\users\Kamila\AppData\Roaming\vlc
2014-10-24 14:58 . 2014-10-24 14:58 -------- d-----w- c:\program files (x86)\VideoLAN
2014-10-22 19:04 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-10-21 17:29 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-10-21 17:29 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-10-21 17:29 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-10-21 17:29 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-10-21 16:45 . 2014-10-21 16:45 -------- d-s---w- c:\windows\system32\CompatTel
2014-10-20 20:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-10-20 20:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-10-20 20:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-10-20 20:06 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-10-20 19:55 . 2014-10-20 19:55 67072 ----a-w- c:\program files\Internet Explorer\JSProfilerCore.dll
2014-10-20 18:45 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-20 18:45 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-20 18:33 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-20 18:33 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-20 18:33 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-20 18:33 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-20 18:33 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-20 18:33 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-20 18:33 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\users\Kamila\AppData\Local\LogMeIn
2014-10-20 17:35 . 2014-10-20 17:35 -------- d-----w- c:\programdata\LogMeIn
2014-10-20 17:28 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-10-20 17:27 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-20 17:26 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-10-20 17:25 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-20 17:24 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-20 17:24 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-20 17:24 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-20 17:24 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-20 17:24 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-10-20 17:22 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-10-20 17:22 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-10-20 17:22 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-10-20 17:22 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-10-20 17:22 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-10-20 17:22 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-10-20 17:22 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-10-20 17:22 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-10-20 17:22 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-10-20 17:20 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-20 17:20 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 17:20 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-20 17:20 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-20 17:20 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-10-20 17:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-10-20 17:20 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-20 17:20 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-10-19 18:42 . 2014-10-19 18:42 -------- d-----w- c:\windows\Migration
2014-10-19 16:43 . 2014-10-19 16:43 -------- d-----w- c:\users\Kamila\AppData\Local\ElevatedDiagnostics
2014-10-18 15:11 . 2014-10-18 15:11 -------- d-----w- c:\programdata\EA8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 16:34 . 2011-10-15 12:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2011-02-25 13:15 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-03 08:02 . 2011-11-12 10:11 103265616 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-15 39408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-30 6501656]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-10-18 801816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-23 30524000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"istis2"="c:\istis2\xfigsys2.exe" [2007-02-26 1095680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-08 5225064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 14:10 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 16:34]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 16:48]
.
2014-11-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-13 11:41]
.
2014-11-09 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-08 17:15 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=6826
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{8D37071B-EF08-4FBB-8501-831538F2EB01}: DhcpNameServer = 213.46.172.37 213.46.172.36
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2014-11-11 15:37:03
ComboFix-quarantined-files.txt 2014-11-11 14:37
ComboFix2.txt 2014-11-09 17:09
.
Před spuštěním: Volných bajtů: 353 319 960 576
Po spuštění: Volných bajtů: 352 963 657 728
.
- - End Of File - - EDF31046D422E924D777890E4A497242
A36C5E4F47E84449FF07ED3517B43A31
Re: Prevence
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: Prevence
Takže Combofix odinstalován, T-cleaner jsem nechal projet a snad smazal co měl.
Ještě jsem trochu pročistil plochu a přesunul z ní soubory, abych dosáhl velikosti dat na ploše na méně jak 200-300Mb.
Ještě bych měl ale dotaz k jednomu programu, který jsem našel v C:/istis2.
Na první pohled byl prázdný, ale poté co jsem nechal zobrazit skryté soubory a složky se objevily:
aplikace xfigsys2.exe
soubor itysys.gyy
a složka xfigsyslg -> složka Computer1 -> A v ní složky pojmenované pojmenované dle data a v jednotlivých složkách screeny z daného dne. Především pořízené z plochy. Rozhodně nebyly pořizované cíleně a spíše to odhaduji na nějaký program, který monitoruje aktivitu?
Tento počítač prošel více rukama, tak nevím kdy se tam mohlo něco takového objevit. Rozhodně to tam teď ale nechci a chtěl bych se zeptat na radu, jak se ho opravdu definitivně zbavit. Setkávám se s tímto programem poprvé. Ještě poznámka - spouští se sám při spuštění a musím ho vypínat přes správce úloh. Nikde jinde se jeho aktivita nezobrazuje.
Mimochodem mezi možnostmi k odinstalaci ve windows nebo v Ccleaner se tento program nezobrazuje jako možnost k odinstalaci.
Děkuji moc za radu
Ještě jsem trochu pročistil plochu a přesunul z ní soubory, abych dosáhl velikosti dat na ploše na méně jak 200-300Mb.
Ještě bych měl ale dotaz k jednomu programu, který jsem našel v C:/istis2.
Na první pohled byl prázdný, ale poté co jsem nechal zobrazit skryté soubory a složky se objevily:
aplikace xfigsys2.exe
soubor itysys.gyy
a složka xfigsyslg -> složka Computer1 -> A v ní složky pojmenované pojmenované dle data a v jednotlivých složkách screeny z daného dne. Především pořízené z plochy. Rozhodně nebyly pořizované cíleně a spíše to odhaduji na nějaký program, který monitoruje aktivitu?
Tento počítač prošel více rukama, tak nevím kdy se tam mohlo něco takového objevit. Rozhodně to tam teď ale nechci a chtěl bych se zeptat na radu, jak se ho opravdu definitivně zbavit. Setkávám se s tímto programem poprvé. Ještě poznámka - spouští se sám při spuštění a musím ho vypínat přes správce úloh. Nikde jinde se jeho aktivita nezobrazuje.
Mimochodem mezi možnostmi k odinstalaci ve windows nebo v Ccleaner se tento program nezobrazuje jako možnost k odinstalaci.
Děkuji moc za radu
Re: Prevence
Já bych z Plochy ubral co nejvíc, rychleji pak najíždí PC.Marial píše:Ještě jsem trochu pročistil plochu a přesunul z ní soubory, abych dosáhl velikosti dat na ploše na méně jak 200-300Mb
Pokud to tam nemáš úmyslně smáznem ho (XTS Activity Manager - monitoruje aktivitu na PC).Marial píše:Ještě bych měl ale dotaz k jednomu programu, který jsem našel v C:/istis2
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\istis2
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"istis2"=-
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Re: Prevence
Tak restart počítače program vyžadoval.
Ten program již po restartu nenaskočil a složka je z C:/ také pryč.
Na ploše jsem nechal jen 17Mb.
Ještě bych se chtěl zeptat na program Mbam jestli ho mám nechávat nebo ho mám smazat.
Zde Log z OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
c:\istis2\xfigsyslg\Computer1\31102014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\31102014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\29072014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\29072014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\21062014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\21062014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\16072014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\16072014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13052014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11052014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07082014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07082014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\04122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\04122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03072014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03072014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02052014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02022014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02022014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01052014 #Kamila folder moved successfully.
Folder move failed. c:\istis2\xfigsyslg\Computer1 scheduled to be moved on reboot.
c:\istis2\xfigsyslg folder moved successfully.
c:\istis2 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\istis2 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kamila
->Temp folder emptied: 55378 bytes
->Temporary Internet Files folder emptied: 1762106 bytes
->Java cache emptied: 13842934 bytes
->Google Chrome cache emptied: 359031394 bytes
->Flash cache emptied: 57230 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2797233 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13648943 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 98644695 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 467,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 11132014_180653
Files moved on Reboot...
File c:\istis2\xfigsyslg\Computer1 not found!
C:\Users\Kamila\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kamila\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Ten program již po restartu nenaskočil a složka je z C:/ také pryč.
Na ploše jsem nechal jen 17Mb.
Ještě bych se chtěl zeptat na program Mbam jestli ho mám nechávat nebo ho mám smazat.
Zde Log z OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
c:\istis2\xfigsyslg\Computer1\31102014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\31102014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\29072014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\29072014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\21062014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\21062014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\16072014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\16072014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\13052014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\12112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\11052014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\10112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\09092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\08112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07082014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\07082014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\06092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05092014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\05092014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\04122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\04122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03072014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\03072014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02112014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02112014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02052014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02022014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\02022014 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01122013 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01122013 #Kamila folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01052014 #Kamila\ss folder moved successfully.
c:\istis2\xfigsyslg\Computer1\01052014 #Kamila folder moved successfully.
Folder move failed. c:\istis2\xfigsyslg\Computer1 scheduled to be moved on reboot.
c:\istis2\xfigsyslg folder moved successfully.
c:\istis2 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\istis2 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kamila
->Temp folder emptied: 55378 bytes
->Temporary Internet Files folder emptied: 1762106 bytes
->Java cache emptied: 13842934 bytes
->Google Chrome cache emptied: 359031394 bytes
->Flash cache emptied: 57230 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2797233 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13648943 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 98644695 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 467,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 11132014_180653
Files moved on Reboot...
File c:\istis2\xfigsyslg\Computer1 not found!
C:\Users\Kamila\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kamila\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Prevence
Mimochodem najíždění programů trvá stále docela dlouho. Nyní když jsem pouštěl Ccleaner na kontrolu tak při prvním puštění trvá jeho náběh klidně přes 10sec. Při dalších spuštěních už naběhne do těch 3sec.
Re: Prevence
Proto jsme to také dělaliMarial píše:Ten program již po restartu nenaskočil a složka je z C:/ také pryč
Marial píše:Na ploše jsem nechal jen 17Mb.
Můžeš ho klidně odinstalovat.Marial píše:Ještě bych se chtěl zeptat na program Mbam jestli ho mám nechávat nebo ho mám smazat.
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!
tímto po sobě uklidí.
No tak v rámci možností mrknem na hardware.Marial píše:Mimochodem najíždění programů trvá stále docela dlouho.
Stáhni HD Tune a otestuj HDD.
Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.
Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.
Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.
Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.
Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.
Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.
Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.
Stáhni MEMTEST
soubor rozbal a spusť exe soubor.
Připoj flashdisk pozor vše co na něm je bude smazáno !,
v okénku Select your USB Flash Drive vyber tento disk a dej Create.
Během chvilky se Memtest nainstaluje.
Flashdisk nech v USB, restartuj PC a nabootuj z něj.
Před tím samozřemě musíš v Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :
* DEL
* F2
* F1
* F10
záleží na PC, ale vždy je to na monitoru napsáno,
otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.
Na první místo nastav Flashdisk,
na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.
Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,
pak ještě stisknutím Save and Exit se dostaneš z Biosu.
Test nech projet minimálně jednou, ideálně však několikrát třeba přes noc a s každým RAM modulem zvlášť.
Pak dej vědět jak to všechno dopadlo.
Re: Prevence
K danému počítači se dostanu až někdy během příštího týdne. Tak tam poté provedu všechny pokyny a dám vědět. Omlouvám se za toto přerušení a snad na mě nezapomenete.
Za všechny dosud provedené úkony a rady moc děkuji a jsem vám velmi vděčný
Za všechny dosud provedené úkony a rady moc děkuji a jsem vám velmi vděčný
Přispějete na provoz fóra?