Ve W7 neběží DPS služba. Nelze spustit ani ručně - chyba 5. přikládám log z Combofixu a z RSIT moc prosím o kontrolu.
Děkuji
Oldřich Bradáč
Logfile of random's system information tool 1.10 (written by random/random)
Run by Karel at 2015-04-03 14:54:50
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 198 GB (43%) free of 460 GB
Total RAM: 3982 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:54:58, on 3.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\O2\O2CZ\EMMSN.exe
C:\Program Files (x86)\O2\Nori\Nori.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\trend micro\Karel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.15.0.cab
O16 - DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} (FormApps Plug-in) - https://eportal.cssz.cz/fas/page/active ... bff_cs.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F1536-B161-4E08-8A48-3E5059F75E8D}: NameServer = 194.228.211.33 160.218.161.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{989A76BC-1779-41F9-86FE-2F3F6547153A}: NameServer = 212.71.169.42,212.71.128.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{7A2F1536-B161-4E08-8A48-3E5059F75E8D}: NameServer = 194.228.211.33 160.218.161.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: Sony Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10585 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
taskeng.exe {B1ACC19D-3754-4FBF-8B9A-0B88833BD2E7}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" /SysAutoRun
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6bf7b3ea-c234-4eff-acce-6ca4704ed5dd -SystemEventPortName:HostProcess-7552c325-3168-4429-9229-ed3e2e83477e -IoCancelEventPortName:HostProcess-f6916f24-4a9c-403b-8298-7b4442bf0c70 -NonStateChangingEventPortName:HostProcess-2730f8b0-cba7-435e-9760-093bc5189591 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a15f0029-cca1-4e27-a938-4a2a73eca739 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe -Embedding
{575B09D8-3060-4656-A25F-C9D90C1866CA}
{95CC5212-A330-4A2A-8C45-D7293E2BB2C7}
"C:\Program Files (x86)\O2\O2CZ\EMMSN.exe"
"C:\Program Files (x86)\O2\Nori\Nori.exe" -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.O2pripojse.cz
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3188 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
wmiadap.exe /R /T
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1146054311-4209735624-1860057676-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1146054311-4209735624-1860057676-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\wuauclt.exe"
taskeng.exe {29C4B770-7173-432A-897A-5A8E87111B16}
"C:\Users\Karel\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForKAREL-HP$.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForKAREL-HP$ (null)
C:\Windows\tasks\HPCeeScheduleForKarel.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForKarel (null)
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-04 612248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-01 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-01 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-01 256456]
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-01 194504]
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"=C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [2008-11-20 62768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-01-11 172144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-01-11 399984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-01-11 441968]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2012-08-28 247768]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2010-02-11 710656]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2014-12-16 2728472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-01-11 442880]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-04-03 14:54:50 ----D---- C:\rsit
2015-04-03 14:54:50 ----D---- C:\Program Files\trend micro
2015-04-02 22:28:09 ----SHD---- C:\$RECYCLE.BIN
2015-04-02 22:26:38 ----A---- C:\ComboFix.txt
2015-04-02 22:04:44 ----A---- C:\Windows\zip.exe
2015-04-02 22:04:44 ----A---- C:\Windows\SWSC.exe
2015-04-02 22:04:44 ----A---- C:\Windows\SWREG.exe
2015-04-02 22:04:44 ----A---- C:\Windows\sed.exe
2015-04-02 22:04:44 ----A---- C:\Windows\PEV.exe
2015-04-02 22:04:44 ----A---- C:\Windows\NIRCMD.exe
2015-04-02 22:04:44 ----A---- C:\Windows\MBR.exe
2015-04-02 22:04:44 ----A---- C:\Windows\grep.exe
2015-04-02 22:00:35 ----D---- C:\Qoobox
2015-04-02 21:58:54 ----D---- C:\Windows\erdnt
2015-03-22 09:55:39 ----A---- C:\Windows\system32\NiXPS.dll
2015-03-22 09:55:39 ----A---- C:\Windows\system32\602localui.dll
2015-03-22 09:55:39 ----A---- C:\Windows\system32\602localmon.dll
2015-03-22 09:55:39 ----A---- C:\Windows\system32\602convert.dll
2015-03-22 09:52:26 ----D---- C:\Program Files\Software602
2015-03-18 09:28:22 ----D---- C:\Program Files (x86)\TesterPREZakladni
2015-03-14 10:51:05 ----D---- C:\Windows\Downloaded Installations
2015-03-14 10:50:49 ----D---- C:\Program Files (x86)\Lenovo
2015-03-14 10:50:29 ----D---- C:\Users\Karel\AppData\Roaming\RHEng
======List of files/folders modified in the last 1 month======
2015-04-03 14:54:58 ----D---- C:\Windows\Prefetch
2015-04-03 14:54:50 ----D---- C:\Program Files
2015-04-03 14:54:07 ----D---- C:\Windows\Temp
2015-04-03 14:53:12 ----A---- C:\Windows\SYSWOW64\log.txt
2015-04-03 14:50:34 ----D---- C:\Windows\system32\config
2015-04-03 14:38:56 ----D---- C:\Windows\tracing
2015-04-03 11:02:59 ----D---- C:\Windows\System32
2015-04-03 11:02:59 ----D---- C:\Windows\inf
2015-04-03 11:02:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-02 22:27:38 ----D---- C:\Windows\system32\drivers
2015-04-02 22:24:55 ----D---- C:\Windows\system32\Tasks
2015-04-02 22:24:54 ----D---- C:\Windows\Tasks
2015-04-02 22:19:53 ----D---- C:\Windows
2015-04-02 22:19:53 ----A---- C:\Windows\system.ini
2015-04-02 22:17:37 ----D---- C:\Windows\system32\drivers\etc
2015-04-02 22:15:10 ----D---- C:\ProgramData
2015-04-02 22:15:10 ----D---- C:\Program Files (x86)
2015-04-02 22:12:31 ----D---- C:\Windows\SYSWOW64\drivers
2015-04-02 22:12:31 ----D---- C:\Windows\SysWOW64
2015-04-02 22:12:31 ----D---- C:\Windows\AppPatch
2015-04-02 22:12:30 ----D---- C:\Program Files (x86)\Common Files
2015-04-02 07:39:29 ----D---- C:\Windows\system32\wbem
2015-04-02 07:38:52 ----D---- C:\Windows\winsxs
2015-04-02 07:38:52 ----D---- C:\Windows\system32\DriverStore
2015-04-02 07:38:51 ----D---- C:\Windows\system32\catroot2
2015-04-02 07:38:44 ----D---- C:\Windows\registration
2015-04-02 07:36:38 ----SHD---- C:\System Volume Information
2015-04-02 07:03:00 ----D---- C:\Windows\ehome
2015-04-02 07:02:59 ----D---- C:\Windows\SYSWOW64\Macromed
2015-04-02 07:02:59 ----D---- C:\Windows\system32\Macromed
2015-04-02 07:02:58 ----D---- C:\Users\Karel\AppData\Roaming\GHISLER
2015-03-22 17:50:53 ----D---- C:\Windows\Downloaded Program Files
2015-03-22 17:43:36 ----D---- C:\Program Files (x86)\Software602
2015-03-22 09:56:02 ----D---- C:\Users\Karel\AppData\Roaming\Software602
2015-03-22 09:56:02 ----D---- C:\Users\Karel\AppData\Roaming\602XML
2015-03-22 09:55:46 ----D---- C:\Users\Karel\AppData\Roaming\602Installer
2015-03-22 09:55:43 ----SHD---- C:\Windows\Installer
2015-03-18 09:28:22 ----D---- C:\ProgramData\ROVS
2015-03-14 10:51:17 ----RSD---- C:\Windows\assembly
2015-03-14 10:50:45 ----D---- C:\Program Files (x86)\Youtube Downloader HD
2015-03-10 23:11:53 ----D---- C:\Users\Karel\AppData\Roaming\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 224896]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-22 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 427360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-04 92008]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-01-11 5353888]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-16 3074664]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\drivers\HECIx64.sys [2012-04-11 60184]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 676968]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-04-11 277784]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2014-12-16 487960]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 HPAuto;HP Auto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-01-11 277616]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-08 194032]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 111616]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SOHDms;Sony Digital Media Server; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16 495248]
S3 SOHDs;Sony Device Searcher; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-12-03 79000]
S3 SpfService;VAIO Entertainment Common Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
-----------------EOF-----------------
COMBOFIX:
ComboFix 15-04-01.01 - Karel 02.04.2015 22:08:29.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3982.2899 [GMT 2:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adblocker
c:\program files (x86)\SW-Booster
c:\programdata\Adblocker
c:\programdata\Adblocker\BDz5.dat
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Karel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Karel\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Karel\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\background.html
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\content.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\lsdb.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\manifest.json
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\dchjcnedocdnplnnlocggpjmjbccajic\2.14\uuw4.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\background.html
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\content.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\D6Iqgw.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\lsdb.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\jmohkcehmkkdgapkkcffgnlpmcolcbcf\2.14\manifest.json
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\background.html
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\content.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\lsdb.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\manifest.json
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\kggeilfbaakkabebgogboeonclfamlhn\1.0\uB2_U.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\background.html
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\content.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\lsdb.js
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\manifest.json
c:\users\Karel\AppData\Local\Torch\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek\231\rq8WQRfOo.js
c:\users\Paja\258.jpg
c:\users\Paja\258b.jpg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-02 do 2015-04-02 )))))))))))))))))))))))))))))))
.
.
2015-04-02 20:15 . 2015-04-02 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-22 07:55 . 2014-02-05 13:51 36864 ----a-w- c:\windows\system32\602localmon.dll
2015-03-22 07:55 . 2014-02-05 13:51 22528 ----a-w- c:\windows\system32\602localui.dll
2015-03-22 07:55 . 2014-02-05 13:48 1512944 ----a-w- c:\windows\system32\602convert.dll
2015-03-22 07:55 . 2011-01-18 12:49 4940800 ----a-w- c:\windows\system32\NiXPS.dll
2015-03-22 07:52 . 2015-03-22 07:52 -------- d-----w- c:\program files\Software602
2015-03-18 07:28 . 2015-03-18 07:28 -------- d-----w- c:\program files (x86)\TesterPREZakladni
2015-03-14 09:57 . 2015-03-14 10:01 -------- d-----w- c:\users\Karel\AppData\Local\Lenovo
2015-03-14 08:51 . 2015-03-14 08:51 -------- d-----w- c:\windows\Downloaded Installations
2015-03-14 08:50 . 2015-03-14 08:51 -------- d-----w- c:\program files (x86)\Lenovo
2015-03-14 08:50 . 2015-03-14 08:50 -------- d-----w- c:\users\Karel\AppData\Roaming\RHEng
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 08:28 . 2012-07-04 00:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 08:28 . 2012-07-04 00:12 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-29 16:49 . 2012-07-19 09:20 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-16 07:30 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-16 07:30 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-16 07:30 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-16 07:30 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-16 07:30 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-16 07:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-16 07:30 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-16 07:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-16 07:30 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-16 07:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-16 07:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-16 07:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-16 07:30 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-16 07:30 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-16 07:30 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-16 07:30 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-16 07:29 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-16 07:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-16 07:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-16 07:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:44 . 2015-02-16 07:29 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-16 07:29 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-16 07:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-16 07:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-16 07:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-09 02:03 . 2015-02-16 07:26 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-12-15 2728472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 20:43 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 08:28]
.
2015-03-22 c:\windows\Tasks\HPCeeScheduleForKAREL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-04-02 c:\windows\Tasks\HPCeeScheduleForKarel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 19:56 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{989A76BC-1779-41F9-86FE-2F3F6547153A}: NameServer = 212.71.169.42,212.71.128.8
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-OPSE reminder - c:\program files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
Wow6432Node-HKLM-Run-RestartNeroSetup - c:\users\Karel\AppData\Local\Temp\Nero Web\SetupXu.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
AddRemove-bi_uninstaller - c:\users\Karel\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-Fotostar Offline client4 - c:\program files (x86)\Fotostar\Fotostar Offline client4\uninstall.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\Adblocker\BDz5.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} - c:\progra~2\SW-BOO~1\ASSIST~1.DLL
AddRemove-{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} - c:\programdata\savae onn\_o_.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-04-02 22:26:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-02 20:26
.
Před spuštěním: Volných bajtů: 204 963 655 680
Po spuštění: Volných bajtů: 206 257 803 264
.
- - End Of File - - CA3809BA5F2810B9FD793325C55A0D0F
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu (RSIT a Combofix)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
Zdravím!
Proč spouštíte ComboFix, profesionální utilitiu bez doporučení rádce? Hodláte si nabořit systém, nebo některou aplikaci? Co jste spouštěl dříve? CF, nebo RSIT?
Proč spouštíte ComboFix, profesionální utilitiu bez doporučení rádce? Hodláte si nabořit systém, nebo některou aplikaci? Co jste spouštěl dříve? CF, nebo RSIT?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Dobrý den,
bohužel jsem hledal řešení online a narazil na článek, kde combofix doporučovali. Na forum.viry.cz jsem se dostal až následně. Podruhé již bych tuto chybu neopakoval
.
Nejdřív byl spuštěn Combofix.
bohužel jsem hledal řešení online a narazil na článek, kde combofix doporučovali. Na forum.viry.cz jsem se dostal až následně. Podruhé již bych tuto chybu neopakoval
.Nejdřív byl spuštěn Combofix.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Driver::
BBUpdate
BBSvc
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Děkuji za odpověď. Posílám výsledný log:
ComboFix 15-04-01.01 - Karel 03.04.2015 20:28:27.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3982.2575 [GMT 2:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karel\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BBSvc
-------\Service_BBUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-03 do 2015-04-03 )))))))))))))))))))))))))))))))
.
.
2015-04-03 18:33 . 2015-04-03 18:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-03 18:33 . 2015-04-03 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-03 18:33 . 2015-04-03 18:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-03 12:54 . 2015-04-03 12:55 -------- d-----w- C:\rsit
2015-04-03 12:54 . 2015-04-03 12:54 -------- d-----w- c:\program files\trend micro
2015-03-22 07:55 . 2014-02-05 13:51 36864 ----a-w- c:\windows\system32\602localmon.dll
2015-03-22 07:55 . 2014-02-05 13:51 22528 ----a-w- c:\windows\system32\602localui.dll
2015-03-22 07:55 . 2014-02-05 13:48 1512944 ----a-w- c:\windows\system32\602convert.dll
2015-03-22 07:55 . 2011-01-18 12:49 4940800 ----a-w- c:\windows\system32\NiXPS.dll
2015-03-22 07:52 . 2015-03-22 07:52 -------- d-----w- c:\program files\Software602
2015-03-18 07:28 . 2015-03-18 07:28 -------- d-----w- c:\program files (x86)\TesterPREZakladni
2015-03-14 09:57 . 2015-03-14 10:01 -------- d-----w- c:\users\Karel\AppData\Local\Lenovo
2015-03-14 08:51 . 2015-03-14 08:51 -------- d-----w- c:\windows\Downloaded Installations
2015-03-14 08:50 . 2015-03-14 08:51 -------- d-----w- c:\program files (x86)\Lenovo
2015-03-14 08:50 . 2015-03-14 08:50 -------- d-----w- c:\users\Karel\AppData\Roaming\RHEng
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 08:28 . 2012-07-04 00:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 08:28 . 2012-07-04 00:12 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-29 16:49 . 2012-07-19 09:20 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-16 07:30 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-16 07:30 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-16 07:30 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-16 07:30 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-16 07:30 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-16 07:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-16 07:30 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-16 07:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-16 07:30 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-16 07:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-16 07:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-16 07:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-16 07:30 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-16 07:30 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-16 07:30 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-16 07:30 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-16 07:29 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-16 07:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-16 07:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-16 07:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:44 . 2015-02-16 07:29 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-16 07:29 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-16 07:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-16 07:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-16 07:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-09 02:03 . 2015-02-16 07:26 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-12-15 2728472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 20:43 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 08:28]
.
2015-03-22 c:\windows\Tasks\HPCeeScheduleForKAREL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-04-02 c:\windows\Tasks\HPCeeScheduleForKarel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 19:56 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{989A76BC-1779-41F9-86FE-2F3F6547153A}: NameServer = 212.71.169.42,212.71.128.8
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-bi_uninstaller - c:\users\Karel\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-Fotostar Offline client4 - c:\program files (x86)\Fotostar\Fotostar Offline client4\uninstall.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\Adblocker\BDz5.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} - c:\progra~2\SW-BOO~1\ASSIST~1.DLL
AddRemove-{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} - c:\programdata\savae onn\_o_.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-04-03 20:38:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-03 18:38
ComboFix2.txt 2015-04-02 20:26
.
Před spuštěním: Volných bajtů: 208 066 453 504
Po spuštění: Volných bajtů: 207 662 616 576
.
- - End Of File - - FCB460092B88876A1344E3C7B274900B
ComboFix 15-04-01.01 - Karel 03.04.2015 20:28:27.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3982.2575 [GMT 2:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karel\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BBSvc
-------\Service_BBUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-03 do 2015-04-03 )))))))))))))))))))))))))))))))
.
.
2015-04-03 18:33 . 2015-04-03 18:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-03 18:33 . 2015-04-03 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-03 18:33 . 2015-04-03 18:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-03 12:54 . 2015-04-03 12:55 -------- d-----w- C:\rsit
2015-04-03 12:54 . 2015-04-03 12:54 -------- d-----w- c:\program files\trend micro
2015-03-22 07:55 . 2014-02-05 13:51 36864 ----a-w- c:\windows\system32\602localmon.dll
2015-03-22 07:55 . 2014-02-05 13:51 22528 ----a-w- c:\windows\system32\602localui.dll
2015-03-22 07:55 . 2014-02-05 13:48 1512944 ----a-w- c:\windows\system32\602convert.dll
2015-03-22 07:55 . 2011-01-18 12:49 4940800 ----a-w- c:\windows\system32\NiXPS.dll
2015-03-22 07:52 . 2015-03-22 07:52 -------- d-----w- c:\program files\Software602
2015-03-18 07:28 . 2015-03-18 07:28 -------- d-----w- c:\program files (x86)\TesterPREZakladni
2015-03-14 09:57 . 2015-03-14 10:01 -------- d-----w- c:\users\Karel\AppData\Local\Lenovo
2015-03-14 08:51 . 2015-03-14 08:51 -------- d-----w- c:\windows\Downloaded Installations
2015-03-14 08:50 . 2015-03-14 08:51 -------- d-----w- c:\program files (x86)\Lenovo
2015-03-14 08:50 . 2015-03-14 08:50 -------- d-----w- c:\users\Karel\AppData\Roaming\RHEng
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 08:28 . 2012-07-04 00:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 08:28 . 2012-07-04 00:12 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-29 16:49 . 2012-07-19 09:20 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-16 07:30 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-16 07:30 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-16 07:30 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-16 07:30 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-16 07:30 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-16 07:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-16 07:30 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-16 07:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-16 07:30 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-16 07:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-16 07:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-16 07:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-16 07:30 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-16 07:30 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-16 07:30 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-16 07:30 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-16 07:29 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-16 07:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-16 07:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-16 07:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:44 . 2015-02-16 07:29 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-16 07:29 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-16 07:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-16 07:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-16 07:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-09 02:03 . 2015-02-16 07:26 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-12-15 2728472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 20:43 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 08:28]
.
2015-03-22 c:\windows\Tasks\HPCeeScheduleForKAREL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-04-02 c:\windows\Tasks\HPCeeScheduleForKarel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 19:56 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{989A76BC-1779-41F9-86FE-2F3F6547153A}: NameServer = 212.71.169.42,212.71.128.8
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-bi_uninstaller - c:\users\Karel\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-Fotostar Offline client4 - c:\program files (x86)\Fotostar\Fotostar Offline client4\uninstall.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\Adblocker\BDz5.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} - c:\progra~2\SW-BOO~1\ASSIST~1.DLL
AddRemove-{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} - c:\programdata\savae onn\_o_.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-04-03 20:38:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-03 18:38
ComboFix2.txt 2015-04-02 20:26
.
Před spuštěním: Volných bajtů: 208 066 453 504
Po spuštění: Volných bajtů: 207 662 616 576
.
- - End Of File - - FCB460092B88876A1344E3C7B274900B
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
CFScript jste uložil chybně (CFScript.txt..txt). Uložte správně (CFScript.txt) a zkuste ještě jednou.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Omlouvám se, tentokrát snad správně:
ComboFix 15-04-01.01 - Karel 03.04.2015 21:49:54.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3982.2788 [GMT 2:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-03 do 2015-04-03 )))))))))))))))))))))))))))))))
.
.
2015-04-03 19:54 . 2015-04-03 19:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-03 19:54 . 2015-04-03 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-03 19:54 . 2015-04-03 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-03 12:54 . 2015-04-03 12:55 -------- d-----w- C:\rsit
2015-04-03 12:54 . 2015-04-03 12:54 -------- d-----w- c:\program files\trend micro
2015-03-22 07:55 . 2014-02-05 13:51 36864 ----a-w- c:\windows\system32\602localmon.dll
2015-03-22 07:55 . 2014-02-05 13:51 22528 ----a-w- c:\windows\system32\602localui.dll
2015-03-22 07:55 . 2014-02-05 13:48 1512944 ----a-w- c:\windows\system32\602convert.dll
2015-03-22 07:55 . 2011-01-18 12:49 4940800 ----a-w- c:\windows\system32\NiXPS.dll
2015-03-22 07:52 . 2015-03-22 07:52 -------- d-----w- c:\program files\Software602
2015-03-18 07:28 . 2015-03-18 07:28 -------- d-----w- c:\program files (x86)\TesterPREZakladni
2015-03-14 09:57 . 2015-03-14 10:01 -------- d-----w- c:\users\Karel\AppData\Local\Lenovo
2015-03-14 08:51 . 2015-03-14 08:51 -------- d-----w- c:\windows\Downloaded Installations
2015-03-14 08:50 . 2015-03-14 08:51 -------- d-----w- c:\program files (x86)\Lenovo
2015-03-14 08:50 . 2015-03-14 08:50 -------- d-----w- c:\users\Karel\AppData\Roaming\RHEng
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 08:28 . 2012-07-04 00:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 08:28 . 2012-07-04 00:12 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-29 16:49 . 2012-07-19 09:20 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-16 07:30 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-16 07:30 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-16 07:30 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-16 07:30 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-16 07:30 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-16 07:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-16 07:30 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-16 07:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-16 07:30 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-16 07:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-16 07:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-16 07:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-16 07:30 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-16 07:30 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-16 07:30 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-16 07:30 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-16 07:29 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-16 07:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-16 07:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-16 07:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:44 . 2015-02-16 07:29 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-16 07:29 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-16 07:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-16 07:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-16 07:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-09 02:03 . 2015-02-16 07:26 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-12-15 2728472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 20:43 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 08:28]
.
2015-03-22 c:\windows\Tasks\HPCeeScheduleForKAREL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-04-02 c:\windows\Tasks\HPCeeScheduleForKarel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 19:56 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{989A76BC-1779-41F9-86FE-2F3F6547153A}: NameServer = 212.71.169.42,212.71.128.8
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-bi_uninstaller - c:\users\Karel\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-Fotostar Offline client4 - c:\program files (x86)\Fotostar\Fotostar Offline client4\uninstall.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\Adblocker\BDz5.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} - c:\progra~2\SW-BOO~1\ASSIST~1.DLL
AddRemove-{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} - c:\programdata\savae onn\_o_.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-04-03 21:59:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-03 19:59
ComboFix2.txt 2015-04-03 18:38
ComboFix3.txt 2015-04-02 20:26
.
Před spuštěním: Volných bajtů: 207 734 542 336
Po spuštění: Volných bajtů: 207 427 440 640
.
- - End Of File - - DB559B0A02BE4C6766C7B8B6B7AB3EAA
ComboFix 15-04-01.01 - Karel 03.04.2015 21:49:54.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3982.2788 [GMT 2:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-03 do 2015-04-03 )))))))))))))))))))))))))))))))
.
.
2015-04-03 19:54 . 2015-04-03 19:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-03 19:54 . 2015-04-03 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-03 19:54 . 2015-04-03 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-03 12:54 . 2015-04-03 12:55 -------- d-----w- C:\rsit
2015-04-03 12:54 . 2015-04-03 12:54 -------- d-----w- c:\program files\trend micro
2015-03-22 07:55 . 2014-02-05 13:51 36864 ----a-w- c:\windows\system32\602localmon.dll
2015-03-22 07:55 . 2014-02-05 13:51 22528 ----a-w- c:\windows\system32\602localui.dll
2015-03-22 07:55 . 2014-02-05 13:48 1512944 ----a-w- c:\windows\system32\602convert.dll
2015-03-22 07:55 . 2011-01-18 12:49 4940800 ----a-w- c:\windows\system32\NiXPS.dll
2015-03-22 07:52 . 2015-03-22 07:52 -------- d-----w- c:\program files\Software602
2015-03-18 07:28 . 2015-03-18 07:28 -------- d-----w- c:\program files (x86)\TesterPREZakladni
2015-03-14 09:57 . 2015-03-14 10:01 -------- d-----w- c:\users\Karel\AppData\Local\Lenovo
2015-03-14 08:51 . 2015-03-14 08:51 -------- d-----w- c:\windows\Downloaded Installations
2015-03-14 08:50 . 2015-03-14 08:51 -------- d-----w- c:\program files (x86)\Lenovo
2015-03-14 08:50 . 2015-03-14 08:50 -------- d-----w- c:\users\Karel\AppData\Roaming\RHEng
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 08:28 . 2012-07-04 00:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 08:28 . 2012-07-04 00:12 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-29 16:49 . 2012-07-19 09:20 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-16 07:30 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-16 07:30 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-16 07:30 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-16 07:30 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-16 07:30 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-16 07:30 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-16 07:30 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-16 07:30 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-16 07:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-16 07:30 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-16 07:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-16 07:30 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-16 07:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-16 07:30 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-16 07:30 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-16 07:30 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-16 07:30 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-16 07:29 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-16 07:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-16 07:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-16 07:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:44 . 2015-02-16 07:29 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-16 07:29 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-16 07:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-16 07:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-16 07:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-09 02:03 . 2015-02-16 07:26 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-12-15 2728472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 20:43 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 08:28]
.
2015-03-22 c:\windows\Tasks\HPCeeScheduleForKAREL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-04-02 c:\windows\Tasks\HPCeeScheduleForKarel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 19:56 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{989A76BC-1779-41F9-86FE-2F3F6547153A}: NameServer = 212.71.169.42,212.71.128.8
DPF: {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} - hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-bi_uninstaller - c:\users\Karel\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-Fotostar Offline client4 - c:\program files (x86)\Fotostar\Fotostar Offline client4\uninstall.exe
AddRemove-zulagames - c:\program files (x86)\Zula Games\uninst.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\Adblocker\BDz5.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} - c:\progra~2\SW-BOO~1\ASSIST~1.DLL
AddRemove-{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} - c:\programdata\savae onn\_o_.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-04-03 21:59:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-03 19:59
ComboFix2.txt 2015-04-03 18:38
ComboFix3.txt 2015-04-02 20:26
.
Před spuštěním: Volných bajtů: 207 734 542 336
Po spuštění: Volných bajtů: 207 427 440 640
.
- - End Of File - - DB559B0A02BE4C6766C7B8B6B7AB3EAA
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
Log je již OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Bohužel se k internetu stále nejde připojit - neběží služba DPS. Nejde spustit ani ručně - chyba 1079:Účet uvedený pro tuto službu je jiný, než účet uvedený dalšími službami běžícími v témž procesu.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
Zkuste obnovu systému k datu, kdy korektně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Bohužel stále služba DPS neběží. Bezdrátový internet se připojí, ale kabel vůbec.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
Zkuste použít FixIt: http://www.stahuj.centrum.cz/utility_a_ ... it-center/ .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Bohužel Fixit se nenainstaloval a píše:
This MSI can only be installed on the X86 platform
This MSI can only be installed on the X86 platform
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (RSIT a Combofix)
Pak postupujte podle tohoto návodu: http://www.zive.cz/poradna/nelze-se-pri ... tanswers=1 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
oldrichbradac
- Návštěvník
- Příspěvky: 8
- Registrován: 02 dub 2015 21:48
Re: Prosím o kontrolu logu (RSIT a Combofix)
Velké díky za pomoc. Již je vše OK a internet běží.
Ještě jednou moc děkuji.
Ještě jednou moc děkuji.
Přispějete na provoz fóra?