Dobrý den,
Mám takový problém. Bohužel se mi do počítače dostal Cryptolocker, který mi zašifroval obrázky, hudbu, dokumenty, atd...takže všechny soubory mají příponu .EnCiPhErEd
Tady je ten txt soubor, co mi to píše:
VIRUS CRYPT0LOCKER +
VSECHNA DATA ZASIFROVANA 2045bitovou SIFROU!!!pdf*fotky*txt*rar*atd...
MAS POUZE 15 POKUSU ZADANI KODU PRO DESIFROVANI POTOM SE DATA ZNICI!!NENAVRATNE
ZAPLAT 3000kc NA TENTO UCET
Bitcoin : 14KmxKrAUJFMaL1S9tv22xiuJFpdCvrp5X
PRI PREVODU UVED VLASTNI EMAIL
HNED POSLEME DESIFROVACI HESLO!!
VSE BUDE ZASE OK
//////////////////////////////////////////////////////////////////////////////////////
3000kc NEBO PRIDES O DATA FOTKY VSEChNO!!!
14KmxKrAUJFMaL1S9tv22xiuJFpdCvrp5X
MAS POUZE 15 POKUSU ZADANI KODU PRO DESIFROVANI
Bohužel antivir nic nehlásil, (AVG 2014) a došlo infikaci. Hned potom jsem stáhnul další antiviry a antimalware, abych to odstranil (malwarebytes anti-malware, YET, Kaspersky Internet Security). Bohužel soubory jsou stále zašifrované. Pročítal jsem fórum a snažil se stáhnout z tohoto ftp://ftp.drweb.com/pub/drweb/tools/te94decrypt.exe ten nástroj bohužel neznám ověřovací údaje.
Potřeboval bych prosím dešifrovat data, neboť je nemám z velké části zálohované. Předem mnohokrát děkuji za jakoukoliv pomoc
Výpis logu (RSITx64) je zde:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Janka at 2014-08-12 14:20:43
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 112 GB (51%) free of 217 GB
Total RAM: 4027 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:20:50, on 12.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iSafe\iSafe.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Janka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Office-2013 crack cz.exe] C:\Users\Janka\AppData\Local\Temp\Rar$EXa0.418\Office-2013 crack cz.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HOW TO DECRYPT FILES.txt
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: i1Profiler Tray.lnk = C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
O4 - Global Startup: XRGamma.lnk = C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus Service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iSafeService - Elex do Brasil Participaçoes Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater3.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\vuagent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X-Rite Device Services Manager (xrdd.exe) - X-Rite Inc. - C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
--
End of file - 13530 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\Windows\system32\nvvsvc.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
"C:\Program Files (x86)\iSafe\iSafeSvc.exe"
winlogon.exe
"C:\Program Files (x86)\iSafe\iSafeSvc2.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\Windows\system32\nvvsvc.exe -session -first
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
c:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe"
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
c:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=5a692574-e861-401c-b7b4-70567d515758 /coreSdkOptions=4126 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\990f5516-8033-467f-a12a-c55ce0423b56-da8-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-92b387f9-99b9-4286-8243-65a6200fcbae -SystemEventPortName:HostProcess-b312bd49-be19-437a-8450-f42408370b04 -IoCancelEventPortName:HostProcess-f8507166-0103-4cfa-93fb-438339bb873f -NonStateChangingEventPortName:HostProcess-224eddbf-4657-434e-ad82-14d9a25e46c6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e1838697-aa22-4f82-b888-957e8a6251fa -DeviceGroupId:
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe" -hidden /prefetch:1
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\iSafe\iSafeTray.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ctfmon.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=19131851-3b8b-4229-b2f7-1a72aaf2107a /coreSdkOptions=4114 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\caca014f-c8d9-4f16-8639-9157a0b70064-934-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
c:\windows\system32\svchost.exe -k localservicepeernet
"C:\Program Files (x86)\iSafe\ipcdl.exe" --channel_name="968.0.1522461288\2098155442"
taskeng.exe {3A455FD2-63FE-47FC-82A7-7F58D48564CC}
"C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe" /Stationary
"C:\Program Files\Sony\VAIO Update\vuagent.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6324.0.629034927\2012467293" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,5,16,43 --gpu-vendor-id=0x10de --gpu-device-id=0x06e5 --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.15.11.8684 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/QUIC/Disabled/SPDY/SpdyDisabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="6324.1.382137739\978690906" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/QUIC/Disabled/SPDY/SpdyDisabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="6324.2.583895132\928482434" /prefetch:673131151
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe" --parent-window=0 chrome-extension://dbhjdbfgekjfcfkkfjjmlmojhbllhbho/ < \\.\pipe\chrome.nativeMessaging.in.1102cb2061b69456 > \\.\pipe\chrome.nativeMessaging.out.1102cb2061b69456
\??\C:\Windows\system32\conhost.exe "12434000581400157766-778589718176344552419363478-177900193-718785226-684719662
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe" --parent-window=0 chrome-extension://dbhjdbfgekjfcfkkfjjmlmojhbllhbho/
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/QUIC/Disabled/SPDY/SpdyDisabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="6324.7.319660933\1553718937" /prefetch:673131151
"C:\Program Files (x86)\iSafe\iSafe.exe" -flag=00000002 -param0=00000000 -param1=00000000 -param2=00000000 -param3=(null)
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/QUIC/Disabled/SPDY/SpdyDisabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="6324.21.1658940588\1553113363" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Janka\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\X-Rite Device Services Software Updater.job - C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21 218784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 878784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-12 1419936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 583360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 881880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2014-06-10 2335960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 1109696]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-05-21 153248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 709312]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-12 1176736]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-23 707800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2014-06-10 1730264]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-16 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 891072]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-07-16 7833120]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2014-07-16 1833504]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-07-16 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-07-16 387608]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-07-16 365592]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-22 16336416]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21650016]
"Office-2013 crack cz.exe"=C:\Users\Janka\AppData\Local\Temp\Rar$EXa0.418\Office-2013 crack cz.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-07-10 5187088]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-07-08 152392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
i1Profiler Tray.lnk - C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
XRGamma.lnk - C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe
C:\Users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HOW TO DECRYPT FILES.txt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-07-16 259584]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-08-12 14:20:44 ----D---- C:\Program Files\trend micro
2014-08-12 14:20:43 ----D---- C:\rsit
2014-08-12 03:33:39 ----D---- C:\ProgramData\RegRun
2014-08-12 03:33:23 ----A---- C:\Windows\system32\Partizan.exe
2014-08-12 03:30:12 ----RASHOT---- C:\Windows\winstart.bat
2014-08-12 03:30:01 ----D---- C:\Program Files (x86)\UnHackMe
2014-08-12 03:18:50 ----D---- C:\Users\Janka\AppData\Roaming\TeamViewer
2014-08-12 03:18:44 ----D---- C:\Program Files (x86)\TeamViewer
2014-08-12 03:07:05 ----A---- C:\XoristDecryptor.2.3.38.0_12.08.2014_03.07.05_log.txt
2014-08-12 03:06:47 ----A---- C:\XoristDecryptor.2.3.4.0_12.08.2014_03.06.47_log.txt
2014-08-12 02:40:17 ----D---- C:\Users\Janka\AppData\Roaming\eCyber
2014-08-12 02:39:44 ----A---- C:\Windows\system32\drivers\iSafeKrnlBoot.sys
2014-08-12 02:39:43 ----D---- C:\Windows\system32\log
2014-08-12 02:39:23 ----D---- C:\Program Files (x86)\iSafe
2014-08-12 02:39:03 ----D---- C:\Users\Janka\AppData\Roaming\iSafe
2014-08-12 02:14:44 ----A---- C:\Windows\system32\klfphc.dll
2014-08-12 02:14:33 ----D---- C:\Windows\ELAMBKUP
2014-08-12 02:14:32 ----D---- C:\ProgramData\Kaspersky Lab
2014-08-12 02:14:32 ----D---- C:\Program Files (x86)\Kaspersky Lab
2014-08-12 02:14:25 ----A---- C:\Windows\system32\drivers\klif.sys
2014-08-12 02:14:25 ----A---- C:\Windows\system32\drivers\klhk.sys
2014-08-12 02:14:25 ----A---- C:\Windows\system32\drivers\klflt.sys
2014-08-12 02:07:41 ----A---- C:\RannohDecryptor.1.4.0.0_12.08.2014_02.07.41_log.txt
2014-08-12 01:25:02 ----A---- C:\RannohDecryptor.1.4.0.0_12.08.2014_01.25.02_log.txt
2014-08-12 01:14:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-08-12 01:03:05 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 01:02:42 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 01:02:42 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-08-12 01:02:42 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-08-12 01:01:55 ----D---- C:\Users\Janka\AppData\Roaming\Malwarebytes
2014-08-12 01:01:46 ----D---- C:\ProgramData\Malwarebytes
2014-08-12 01:01:46 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-08-12 00:25:00 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-08-12 00:24:45 ----D---- C:\Windows\PCHEALTH
2014-08-12 00:24:45 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2014-08-12 00:23:35 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2014-08-12 00:23:20 ----D---- C:\ProgramData\Microsoft Help
2014-08-12 00:23:02 ----D---- C:\Program Files (x86)\Microsoft Office
2014-08-12 00:22:45 ----D---- C:\Program Files\Microsoft Office
2014-08-12 00:11:09 ----D---- C:\Windows\system32\appmgmt
2014-08-08 20:29:54 ----D---- C:\Users\Janka\AppData\Roaming\Skype
2014-08-08 20:29:49 ----RD---- C:\Program Files (x86)\Skype
2014-08-08 20:29:47 ----D---- C:\ProgramData\Skype
2014-08-02 16:49:57 ----A---- C:\Windows\system32\drivers\avgtpx64.sys
2014-08-02 16:49:21 ----D---- C:\ProgramData\AVG Web TuneUp
2014-08-02 16:49:21 ----D---- C:\Program Files (x86)\AVG Web TuneUp
2014-08-02 16:48:33 ----D---- C:\Users\Janka\AppData\Roaming\Apple Computer
2014-08-02 16:48:30 ----DC---- C:\Windows\system32\DRVSTORE
2014-08-02 16:48:30 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2014-08-02 16:48:21 ----D---- C:\Program Files\iPod
2014-08-02 16:48:20 ----D---- C:\ProgramData\Apple Computer
2014-08-02 16:48:20 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-02 16:48:20 ----D---- C:\Program Files\iTunes
2014-08-02 16:48:20 ----D---- C:\Program Files (x86)\iTunes
2014-08-02 16:47:04 ----D---- C:\Program Files (x86)\Apple Software Update
2014-08-02 16:47:00 ----D---- C:\Program Files\Common Files\Apple
2014-08-02 16:46:53 ----D---- C:\Program Files\Bonjour
2014-08-02 16:46:53 ----D---- C:\Program Files (x86)\Bonjour
2014-08-02 16:46:42 ----D---- C:\ProgramData\Apple
2014-07-17 15:24:38 ----D---- C:\Users\Janka\AppData\Roaming\Macromedia
2014-07-17 14:51:19 ----D---- C:\Program Files\Common Files\Adobe
2014-07-17 14:50:53 ----D---- C:\Program Files\Adobe
2014-07-17 14:41:44 ----D---- C:\Program Files (x86)\Adobe
2014-07-17 14:41:37 ----D---- C:\ProgramData\Adobe
2014-07-17 13:47:18 ----D---- C:\Users\Janka\AppData\Roaming\AVG
2014-07-17 13:46:45 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-17 13:46:42 ----D---- C:\ProgramData\AVG
2014-07-17 13:40:25 ----D---- C:\Users\Janka\AppData\Roaming\AVG2014
2014-07-17 13:39:47 ----D---- C:\Users\Janka\AppData\Roaming\TuneUp Software
2014-07-17 13:39:40 ----HD---- C:\$AVG
2014-07-17 13:39:40 ----D---- C:\ProgramData\AVG2014
2014-07-17 13:39:27 ----D---- C:\Program Files (x86)\AVG
2014-07-17 13:37:36 ----HD---- C:\ProgramData\Common Files
2014-07-17 13:37:36 ----D---- C:\ProgramData\MFAData
2014-07-16 15:31:25 ----D---- C:\Program Files\VideoLAN
2014-07-16 15:29:56 ----D---- C:\Users\Janka\AppData\Roaming\vlc
2014-07-16 15:29:38 ----D---- C:\Users\Janka\AppData\Roaming\WinRAR
2014-07-16 15:29:16 ----D---- C:\Program Files\WinRAR
2014-07-16 14:26:11 ----D---- C:\Users\Janka\AppData\Roaming\X-Rite
2014-07-16 14:24:01 ----A---- C:\Windows\system32\drivers\aksdf.sys
2014-07-16 14:24:00 ----A---- C:\Windows\system32\hasplms.exe
2014-07-16 14:24:00 ----A---- C:\Windows\system32\drivers\aksfridge.sys
2014-07-16 14:24:00 ----A---- C:\Windows\system32\aksllmtp.exe
2014-07-16 14:23:56 ----A---- C:\Windows\system32\drivers\hardlock.sys
2014-07-16 14:22:11 ----A---- C:\Windows\SYSWOW64\drivers\DDCDrv.sys
2014-07-16 14:22:11 ----A---- C:\Windows\SYSWOW64\DDCHelperX.dll
2014-07-16 14:22:11 ----A---- C:\Windows\SYSWOW64\DDCHelper.dll
2014-07-16 14:22:11 ----A---- C:\Windows\system32\drivers\DDCDrv.sys
2014-07-16 14:22:11 ----A---- C:\Windows\system32\DDCHelperX.dll
2014-07-16 14:22:11 ----A---- C:\Windows\system32\DDCHelper.dll
2014-07-16 14:21:33 ----D---- C:\ProgramData\X-Rite
2014-07-16 14:21:33 ----D---- C:\Program Files (x86)\X-Rite
2014-07-16 02:34:33 ----D---- C:\Program Files\Sony
2014-07-16 02:31:42 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2014-07-16 02:31:42 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2014-07-16 02:31:42 ----A---- C:\Windows\SYSWOW64\mfc80u.dll
2014-07-16 02:24:31 ----A---- C:\Windows\system32\nvuninst.exe
2014-07-16 02:24:17 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2014-07-16 02:24:17 ----A---- C:\Windows\SYSWOW64\igdumdx32.dll
2014-07-16 02:24:17 ----A---- C:\Windows\SYSWOW64\igdumd32.dll
2014-07-16 02:24:17 ----A---- C:\Windows\SYSWOW64\igd10umd32.dll
2014-07-16 02:24:17 ----A---- C:\Windows\SYSWOW64\ig4icd32.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\nvudisp.exe
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxtray.exe
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxTMM.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxsrvc.exe
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxsrvc.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxress.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxpph.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxpers.exe
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxext.exe
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxexps.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxdo.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igfxdev.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igdumd64.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\igd10umd64.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\ig4icd64.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\hkcmd.exe
2014-07-16 02:24:17 ----A---- C:\Windows\system32\hccutils.dll
2014-07-16 02:24:17 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2014-07-16 02:24:17 ----A---- C:\Windows\system32\difx64.exe
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\oemdspif.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvencodemft.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2014-07-16 02:06:47 ----A---- C:\Windows\SYSWOW64\ig4dev32.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvoglv64.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvdecodemft.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvd3dumx.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvcuvid.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvcuda.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvcod163.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvcod.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\nvapi64.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\igfxcfg.exe
2014-07-16 02:06:47 ----A---- C:\Windows\system32\ig4dev64.dll
2014-07-16 02:06:47 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-07-16 02:06:47 ----A---- C:\Windows\system32\dpinst.exe
2014-07-16 02:01:31 ----D---- C:\Users\Janka\AppData\Roaming\Sony Corporation
2014-07-16 01:52:26 ----D---- C:\ProgramData\Sony Corporation
2014-07-16 01:52:26 ----D---- C:\Program Files (x86)\Sony
2014-07-16 01:26:19 ----D---- C:\Windows\SYSWOW64\RTCOM
2014-07-16 01:26:19 ----D---- C:\Program Files\Realtek
2014-07-16 01:26:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-07-16 01:26:12 ----D---- C:\Program Files (x86)\Realtek
2014-07-16 01:26:12 ----A---- C:\Windows\system32\SRSWOW64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\SRSTSX64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\SRSTSH64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\SRSHP64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RtPgEx64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RtkCfg64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RtkAPO64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RtkApi64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RTCOM64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RP3DHT64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RP3DAA64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\RCoInst64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\FMAPO64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2014-07-16 01:26:12 ----A---- C:\Windows\system32\AERTAR64.dll
2014-07-16 01:26:12 ----A---- C:\Windows\system32\AERTAC64.dll
2014-07-16 01:26:11 ----HD---- C:\Program Files (x86)\Temp
2014-07-16 01:26:11 ----A---- C:\Windows\RtlExUpd.dll
2014-07-16 01:24:32 ----D---- C:\Program Files (x86)\Intel
2014-07-16 01:24:32 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2014-07-16 01:21:59 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2014-07-16 01:21:59 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2014-07-16 01:21:59 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2014-07-16 01:21:59 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2014-07-16 01:21:54 ----D---- C:\Program Files\WIDCOMM
2014-07-16 01:20:27 ----D---- C:\Upgrade
2014-07-16 01:10:07 ----D---- C:\ProgramData\NVIDIA
2014-07-16 01:03:21 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-07-16 01:03:17 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-07-16 01:03:17 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-07-16 01:03:17 ----A---- C:\Windows\SYSWOW64\java.exe
2014-07-16 01:03:13 ----D---- C:\Program Files (x86)\Java
2014-07-16 01:00:21 ----D---- C:\ProgramData\Oracle
2014-07-16 00:59:47 ----D---- C:\ProgramData\Sun
2014-07-16 00:59:45 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-07-16 00:59:45 ----A---- C:\Windows\system32\mstscax.dll
2014-07-16 00:54:57 ----D---- C:\Program Files (x86)\Google
2014-07-16 00:54:49 ----D---- C:\Windows\SYSWOW64\Wat
2014-07-16 00:54:49 ----D---- C:\Windows\system32\Wat
2014-07-16 00:18:25 ----SD---- C:\Windows\system32\CompatTel
2014-07-15 23:58:06 ----D---- C:\Windows\Panther
2014-07-15 23:30:40 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-07-15 23:30:02 ----D---- C:\Windows\Migration
2014-07-15 23:30:02 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-07-15 23:29:57 ----SHD---- C:\Windows\Installer
2014-07-15 23:27:30 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-15 23:27:29 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-07-15 23:27:29 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-15 23:27:29 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-15 23:27:29 ----A---- C:\Windows\system32\tsgqec.dll
2014-07-15 23:27:29 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-07-15 23:27:28 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-07-15 23:27:28 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-07-15 23:27:28 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-07-15 23:27:28 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-07-15 23:27:28 ----A---- C:\Windows\system32\wksprtPS.dll
2014-07-15 23:27:28 ----A---- C:\Windows\system32\wksprt.exe
2014-07-15 23:27:28 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-07-15 23:27:28 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-07-15 23:27:28 ----A---- C:\Windows\system32\mstsc.exe
2014-07-15 23:27:28 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-07-15 23:26:36 ----D---- C:\Program Files\AuthenTec
2014-07-15 23:25:03 ----D---- C:\Windows\system32\MRT
2014-07-15 23:24:07 ----A---- C:\Windows\system32\browserchoice.exe
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-15 23:21:28 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\wdigest.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\schannel.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\kerberos.dll
2014-07-15 23:21:28 ----A---- C:\Windows\system32\credssp.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-15 23:21:26 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-15 23:21:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-15 23:21:26 ----A---- C:\Windows\system32\iernonce.dll
2014-07-15 23:21:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-15 23:21:26 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-15 23:21:25 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-15 23:21:25 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-15 23:21:25 ----A---- C:\Windows\system32\urlmon.dll
2014-07-15 23:21:24 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-15 23:21:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-15 23:21:24 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-15 23:21:24 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-15 23:21:24 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-15 23:21:24 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-15 23:21:24 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-15 23:21:24 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-15 23:21:24 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-15 23:21:24 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-15 23:21:23 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-15 23:21:23 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-15 23:21:23 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-15 23:21:23 ----A---- C:\Windows\system32\iesetup.dll
2014-07-15 23:21:23 ----A---- C:\Windows\system32\iertutil.dll
2014-07-15 23:21:22 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-15 23:21:22 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-15 23:21:22 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-15 23:21:22 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-15 23:21:22 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-15 23:21:22 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-15 23:21:22 ----A---- C:\Windows\system32\ieui.dll
2014-07-15 23:21:22 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-15 23:21:21 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-15 23:21:21 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-15 23:21:21 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-15 23:21:21 ----A---- C:\Windows\system32\jscript9.dll
2014-07-15 23:21:21 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-15 23:21:21 ----A---- C:\Windows\system32\ieframe.dll
2014-07-15 23:21:20 ----A---- C:\Windows\system32\wininet.dll
2014-07-15 23:21:20 ----A---- C:\Windows\system32\vbscript.dll
2014-07-15 23:21:20 ----A---- C:\Windows\system32\msrating.dll
2014-07-15 23:21:20 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-15 23:21:20 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-15 23:21:19 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-15 23:21:19 ----A---- C:\Windows\system32\mshtml.dll
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-07-15 23:21:13 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-07-15 23:21:13 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-07-15 23:21:13 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-07-15 23:21:13 ----A---- C:\Windows\system32\secproc_isv.dll
2014-07-15 23:21:13 ----A---- C:\Windows\system32\secproc.dll
2014-07-15 23:21:13 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-15 23:21:13 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-07-15 23:21:13 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-07-15 23:21:13 ----A---- C:\Windows\system32\RMActivate.exe
2014-07-15 23:21:13 ----A---- C:\Windows\system32\msdrm.dll
2014-07-15 23:21:12 ----A---- C:\Windows\system32\aepdu.dll
2014-07-15 23:21:12 ----A---- C:\Windows\system32\aeinv.dll
2014-07-15 23:21:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\winlogon.exe
2014-07-15 23:21:10 ----A---- C:\Windows\system32\wincredprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\objsel.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-07-15 23:21:10 ----A---- C:\Windows\system32\KernelBase.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\dimsroam.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\cngprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\capiprovider.dll
2014-07-15 23:21:10 ----A---- C:\Windows\system32\adprovider.dll
2014-07-15 23:21:08 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-15 23:21:08 ----A---- C:\Windows\system32\rdpcorets.dll
2014-07-15 23:21:06 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-07-15 23:21:06 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-07-15 23:21:06 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-07-15 23:21:06 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-07-15 23:21:06 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-07-15 23:21:06 ----A---- C:\Windows\system32\msxml6r.dll
2014-07-15 23:21:06 ----A---- C:\Windows\system32\msxml6.dll
2014-07-15 23:21:06 ----A---- C:\Windows\system32\msxml3r.dll
2014-07-15 23:21:06 ----A---- C:\Windows\system32\msxml3.dll
2014-07-15 23:21:06 ----A---- C:\Windows\system32\d3d10warp.dll
2014-07-15 23:21:06 ----A---- C:\Windows\system32\d2d1.dll
2014-07-15 23:21:05 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-15 23:21:05 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-07-15 23:21:05 ----A---- C:\Windows\system32\win32k.sys
2014-07-15 23:21:05 ----A---- C:\Windows\system32\osk.exe
2014-07-15 23:21:04 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-07-15 23:21:04 ----A---- C:\Windows\system32\shell32.dll
2014-07-15 23:21:03 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-07-15 23:21:03 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-07-15 23:21:03 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-07-15 23:21:03 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-07-15 23:21:03 ----A---- C:\Windows\system32\wow64win.dll
2014-07-15 23:21:03 ----A---- C:\Windows\system32\wow64cpu.dll
2014-07-15 23:21:03 ----A---- C:\Windows\system32\wow64.dll
2014-07-15 23:21:03 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-07-15 23:21:03 ----A---- C:\Windows\system32\ntvdm64.dll
2014-07-15 23:21:03 ----A---- C:\Windows\system32\kernel32.dll
2014-07-15 23:21:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-07-15 23:21:02 ----A---- C:\Windows\SYSWOW64\user.exe
2014-07-15 23:21:02 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-07-15 23:21:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-07-15 23:21:02 ----A---- C:\Windows\system32\iologmsg.dll
2014-07-15 23:21:02 ----A---- C:\Windows\system32\drivers\storport.sys
2014-07-15 23:21:02 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-07-15 23:21:02 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-07-15 23:21:01 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-07-15 23:21:01 ----A---- C:\Windows\system32\drivers\netio.sys
2014-07-15 23:21:01 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-07-15 23:21:01 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-15 23:21:00 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-07-15 23:21:00 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2014-07-15 23:21:00 ----A---- C:\Windows\system32\usp10.dll
2014-07-15 23:21:00 ----A---- C:\Windows\system32\poqexec.exe
2014-07-15 23:21:00 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-07-15 23:21:00 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-07-15 23:21:00 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-07-15 23:21:00 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-07-15 23:21:00 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-07-15 23:21:00 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-07-15 23:20:59 ----A---- C:\Windows\system32\wwansvc.dll
2014-07-15 23:20:59 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-07-15 23:20:58 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-07-15 23:20:58 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-15 23:20:58 ----A---- C:\Windows\system32\wer.dll
2014-07-15 23:20:58 ----A---- C:\Windows\system32\qedit.dll
2014-07-15 23:20:55 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-15 23:20:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-15 23:20:55 ----A---- C:\Windows\system32\sspisrv.dll
2014-07-15 23:20:55 ----A---- C:\Windows\system32\sspicli.dll
2014-07-15 23:20:55 ----A---- C:\Windows\system32\secur32.dll
2014-07-15 23:20:55 ----A---- C:\Windows\system32\lsass.exe
2014-07-15 23:20:55 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-15 23:20:55 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-07-15 23:20:55 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-07-15 23:19:31 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-07-15 23:19:30 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-07-15 23:09:17 ----D---- C:\Users\Janka\AppData\Roaming\Adobe
2014-07-15 23:09:10 ----D---- C:\Users\Janka\AppData\Roaming\Identities
2014-07-15 23:09:07 ----SD---- C:\Users\Janka\AppData\Roaming\Microsoft
2014-07-15 23:09:07 ----D---- C:\Users\Janka\AppData\Roaming\Media Center Programs
2014-07-15 23:08:59 ----SHD---- C:\Recovery
2014-07-15 23:08:59 ----SHD---- C:\ProgramData\Šablony
2014-07-15 23:08:59 ----SHD---- C:\ProgramData\Plocha
2014-07-15 23:08:59 ----SHD---- C:\ProgramData\Oblíbené položky
2014-07-15 23:08:59 ----SHD---- C:\ProgramData\Nabídka Start
2014-07-15 23:08:59 ----SHD---- C:\ProgramData\Dokumenty
2014-07-15 23:08:59 ----SHD---- C:\ProgramData\Data aplikací
2014-07-15 23:07:17 ----D---- C:\Windows\SoftwareDistribution
2014-07-15 22:58:38 ----D---- C:\Windows\Prefetch
======List of files/folders modified in the last 1 month======
2014-08-12 14:20:44 ----RD---- C:\Program Files
2014-08-12 14:14:08 ----D---- C:\Windows\Temp
2014-08-12 12:58:23 ----D---- C:\Windows\System32
2014-08-12 12:58:23 ----D---- C:\Windows\inf
2014-08-12 12:58:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-12 12:55:53 ----D---- C:\Windows\system32\wdi
2014-08-12 12:54:07 ----SHD---- C:\System Volume Information
2014-08-12 03:47:58 ----D---- C:\Windows\system32\config
2014-08-12 03:36:57 ----D---- C:\Program Files (x86)\Common Files
2014-08-12 03:35:37 ----D---- C:\Windows\SYSWOW64\drivers
2014-08-12 03:33:39 ----HD---- C:\ProgramData
2014-08-12 03:33:23 ----D---- C:\Windows\SysWOW64
2014-08-12 03:30:12 ----D---- C:\Windows
2014-08-12 03:30:08 ----D---- C:\Windows\system32\Tasks
2014-08-12 03:30:01 ----RD---- C:\Program Files (x86)
2014-08-12 03:18:51 ----RSD---- C:\Windows\Fonts
2014-08-12 02:39:44 ----D---- C:\Windows\system32\drivers
2014-08-12 02:14:45 ----D---- C:\Windows\system32\catroot
2014-08-12 02:14:41 ----D---- C:\Windows\system32\DriverStore
2014-08-12 01:39:41 ----D---- C:\Windows\Microsoft.NET
2014-08-12 01:39:40 ----RSD---- C:\Windows\assembly
2014-08-12 01:20:45 ----D---- C:\Windows\addins
2014-08-12 01:18:40 ----D---- C:\Windows\winsxs
2014-08-12 01:11:07 ----A---- C:\Windows\win.ini
2014-08-12 00:46:44 ----D---- C:\Windows\Tasks
2014-08-12 00:45:21 ----D---- C:\Update
2014-08-12 00:45:21 ----D---- C:\totalcmd
2014-08-12 00:45:08 ----D---- C:\Install
2014-08-12 00:45:08 ----D---- C:\Infineon
2014-08-12 00:45:08 ----D---- C:\FftTool
2014-08-12 00:45:08 ----D---- C:\Documentation
2014-08-12 00:25:17 ----D---- C:\Windows\ShellNew
2014-08-12 00:23:27 ----SD---- C:\ProgramData\Microsoft
2014-08-12 00:23:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-08-02 16:51:18 ----D---- C:\Windows\system32\drivers\UMDF
2014-08-02 16:47:00 ----D---- C:\Program Files\Common Files
2014-07-17 19:33:16 ----D---- C:\Windows\rescache
2014-07-17 15:28:16 ----SHD---- C:\Boot
2014-07-16 14:23:53 ----D---- C:\Windows\system32\Setup
2014-07-16 14:23:52 ----D---- C:\Windows\system32\catroot2
2014-07-16 02:15:34 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-07-16 02:15:34 ----D---- C:\Windows\system32\cs-CZ
2014-07-16 02:15:34 ----D---- C:\Windows\cs-CZ
2014-07-16 02:07:16 ----D---- C:\Windows\Help
2014-07-16 01:21:57 ----SD---- C:\Windows\system32\Microsoft
2014-07-16 01:12:56 ----D---- C:\Windows\LiveKernelReports
2014-07-16 00:54:01 ----D---- C:\Windows\system32\LogFiles
2014-07-16 00:18:26 ----D---- C:\Windows\SYSWOW64\wbem
2014-07-16 00:18:26 ----D---- C:\Windows\system32\wbem
2014-07-16 00:18:26 ----D---- C:\Windows\system32\drivers\en-US
2014-07-16 00:18:26 ----D---- C:\Program Files\Windows Journal
2014-07-16 00:18:25 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-16 00:18:25 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-16 00:18:25 ----D---- C:\Windows\system32\en-US
2014-07-16 00:18:25 ----D---- C:\Windows\system32\Dism
2014-07-16 00:18:25 ----D---- C:\Windows\PolicyDefinitions
2014-07-16 00:18:25 ----D---- C:\Windows\ehome
2014-07-16 00:18:25 ----D---- C:\Windows\AppPatch
2014-07-16 00:18:25 ----D---- C:\Program Files\Internet Explorer
2014-07-16 00:18:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-16 00:07:34 ----D---- C:\Windows\Logs
2014-07-15 23:58:01 ----RASH---- C:\BOOTSECT.BAK
2014-07-15 23:26:36 ----D---- C:\Windows\system32\WinBioPlugIns
2014-07-15 23:25:03 ----D---- C:\Windows\debug
2014-07-15 23:20:38 ----D---- C:\Windows\system32\CodeIntegrity
2014-07-15 23:15:51 ----D---- C:\Windows\system32\restore
2014-07-15 23:09:09 ----SHD---- C:\$Recycle.Bin
2014-07-15 23:09:05 ----RD---- C:\Users
2014-07-15 23:08:59 ----D---- C:\Windows\system32\Recovery
2014-07-15 23:08:59 ----D---- C:\Program Files\Windows NT
2014-07-15 23:00:05 ----D---- C:\Windows\system32\sysprep
2014-07-15 22:58:37 ----D---- C:\Windows\CSC
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-17 190744]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-06-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-06-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-20 457824]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-30 152344]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-06-17 242968]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-06-17 235800]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-06-17 269080]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-08-02 50464]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-08-08 247488]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver; \??\C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-08-08 78016]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [2014-08-08 65216]
R1 iSafeNetFilter;iSafeNetFilter NDIS Driver; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-08-06 49320]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2014-04-10 243808]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2014-08-12 792128]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2014-02-25 30304]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 15456]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2014-03-25 55904]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-03-26 179296]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2010-04-12 74496]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2010-04-13 131072]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-03-13 318464]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-12-17 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2014-07-16 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2014-07-16 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2014-07-16 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2014-07-16 21160]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-07-16 1762080]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2014-08-12 140352]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-08-08 29280]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-08-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
R3 SPI;Sony Programmable I/O Control Device; C:\Windows\system32\DRIVERS\SonyPI.sys [2007-08-03 17536]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-12-17 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EyeOne;EyeOne; C:\Windows\System32\Drivers\i1_x64.sys [2013-06-21 51600]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-07-16 7370176]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys [2014-08-08 45248]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-17 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2013-12-17 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-12-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-06-10 54784]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-06-12 43336]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-07-10 1417160]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-07-10 3244048]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-07-10 289328]
R2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2009-12-16 3750400]
R2 iSafeService;iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-08-08 118048]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-22 382496]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-07-16 177696]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-08-06 5052224]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-07-08 641352]
R3 VUAgent;VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [2014-02-27 1642544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-07-16 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Cryptolocker (enciphered)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
- stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Cryptolocker (enciphered)
Uzivatel sa obratil na nasu platenu sluzbu
www.neslape.cz
Pocitac vycisteny, subory desifrovane.
Temu zatvaram.
www.neslape.cz
Pocitac vycisteny, subory desifrovane.

Temu zatvaram.