Havěť

Zpráva

Nexxy · #1 Příspěvek od **Nexxy** » 24 srp 2015 18:51

Ahoj, stáhl jsem si do počítače nějaké kraviny, nejdou vypnout přes správce úloh, napíše to, že přístup byl odepřen, odinstalovat taktéž nejdou.

FRST Log mi vytvořit nejde.
ADWCleaner nic nenašel.
Screen věcí ve správci úloh : https://gyazo.com/bccc59b544acd6fdb9c1dc46689bc8e5
RSIT :

RSIT : Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-08-24 19:48:16
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 207 GB (45%) free of 461 GB
Total RAM: 3835 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:45, on 24.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\ProgramData\Battle.net\Agent\Agent.4318\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.6087\Battle.net.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Temp\setup.exe
C:\Users\Petr\AppData\Local\Adobe\OOBE\PDApp\core\PDApp.exe
C:\Users\Petr\AppData\Local\Adobe\OOBE\PDApp\DECore\Setup.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMDeskTopGC.exe
C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRealTimeSpeedup.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMAutoClean.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SohuBHO - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files (x86)\????\SoHuAutoDetector.dll (file missing)
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [setup.exe -start] C:\Users\Petr\AppData\Local\Temp\setup.exe -start
O4 - HKLM\..\Run: [SohuVA] "C:\Program Files (x86)\????\SHPlayer.exe" /auto
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (User 'Default user')
O4 - Startup: MEGAsync.lnk = C:\Users\Petr\AppData\Local\MEGAsync\MEGAsync.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{F266592C-96FC-4C75-9FB1-044DA469F9AC}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
O23 - Service: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RAV\ravmond.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TAOFrame - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 12985 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
taskeng.exe {2BD92549-D2F6-47FF-9C9A-71456330D5D1}
"C:\Program Files (x86)\Garena Plus\ggdllhost.exe" "C:\Program Files (x86)\Garena Plus\ggspawn.dll",rundll_entry
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Gyazo\GyStation.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2608
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Users\Petr\AppData\Local\Steam\htmlcache" -steampid 4652 -buildid 1440016726 -steamid "0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>1843685420</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --device-scale-factor=1 --font-cache-shared-mem-suffix=2008 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --disable-accelerated-video-decode --disable-gpu-compositing --channel="2008.0.593194497\600572336" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart start ccc
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\ProgramData\Battle.net\Agent\Agent.4318\Agent.exe" --locale=enGB --session=350553187791997185
\??\C:\Windows\system32\conhost.exe "-334962074446107757156313936-2046207406-3542156462788453991736109038778788398
"C:\Program Files (x86)\Battle.net\Battle.net.6087\Battle.net.exe" "--gamepath=C:\Program Files (x86)\Hearthstone" --game=hs_beta
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2192.2.499375426\1122871738" --font-cache-shared-handle=2776 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2192.8.896959894\1126773821" --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\Petr\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159" --gpu-driver-bug-workarounds=2,22,45 --gpu-vendor-id=0x1002 --gpu-device-id=0x68e4 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.812.1.3000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-gpu-compositing --channel="2192.10.1028835618\1380316339" --font-cache-shared-handle=3468 /prefetch:673131151
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --device-scale-factor=1 --font-cache-shared-mem-suffix=2008 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --disable-accelerated-video-decode --disable-gpu-compositing --channel="2008.7.2058502497\1232248022" /prefetch:673131151
"taskhost.exe"
"C:\Program Files\Teamspeak\ts3client_win64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2192.146.662474096\407123378" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\Petr\AppData\Local\Temp\setup.exe" /VERYSILENT /SP-
"C:\Users\Petr\AppData\Local\Adobe\OOBE\PDApp\core\PDApp.exe" --media="C:\Users\Petr\Documents\Photoshop" --appletID="DWA_UI" --appletVersion="2.0" --requiredSize=149175
"C:\Users\Petr\AppData\Local\Adobe\OOBE\PDApp\DECore\Setup.exe" --deploymentFile="C:\Users\Petr\AppData\Local\Temp\{890585E7-0DB9-43B0-A8EE-0FCEB4D7DC48}\deploy.xml" --userASUPath="C:\Users\Petr\AppData\Local\Adobe\OOBE\PDApp" --DEVersion=8.0
"C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe"
"C:\Program Files (x86)\Rising\RAV\ravmond.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe"
"C:\Windows\system32\taskmgr.exe" /4
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRtp.exe" -r
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /elevated /regrun
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /slient /PLUGIN_管家蓝屏修复 /pcmgr
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMDeskTopGC.exe" /ShowUEFromInstall
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-gpu-compositing --channel="2192.171.794774908\735003121" --font-cache-shared-handle=5848 /prefetch:673131151
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-gpu-compositing --channel="2192.173.11003299\937529188" --font-cache-shared-handle=5836 /prefetch:673131151
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe" /regrun /elevated
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRealTimeSpeedup.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe44_ Global\UsGthrCtrlFltPipeMssGthrPipe44 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-gpu-compositing --channel="2192.176.210237886\980951272" --font-cache-shared-handle=4596 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-gpu-compositing --channel="2192.177.1203048719\589887624" --font-cache-shared-handle=3336 /prefetch:673131151
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMAutoClean.exe" garbageLimit:300|taskId:5|tipsId:5|taskType:5|depthGarbageLimit:1024
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
taskeng.exe {687B8E75-C467-4D0A-AA62-BC8923560761}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_91/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-gpu-compositing --channel="2192.180.259077382\90457591" --font-cache-shared-handle=1588 /prefetch:673131151
"C:\Program Files\CCleaner\CCleaner.exe" /uac
"C:\Program Files\CCleaner\CCleaner.exe" /uac
"C:\Users\Petr\Desktop\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForPetr.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForPetr (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\faqsxm5w.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr]
"Description"=QQPCMgr Detector
"Path"=C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\npQMExtensionsMozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising]
"Description"=
"Path"=C:\Program Files (x86)\Rising\RAV\nprising.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@sohu.com/npifox]
"Description"=ifox-plugin
"Path"=C:\Program Files (x86)\搜狐影音\npifox.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk]
"Description"=Garena Talk Plugin
"Path"=C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/npbattlelog,version=2.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat [2015-08-24 414560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}]
CSohuDetector Object - C:\Program Files (x86)\搜狐影音\SoHuAutoDetector.dll [2015-08-24 213432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-01-12 6602856]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-04-13 627360]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-04-13 379552]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2015-01-28 5595848]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]
"Gyazo"=C:\Program Files (x86)\Gyazo\GyStation.exe [2015-08-19 3098424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8]
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2014-10-08 843480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2014-12-16 3618648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [2014-10-27 9974576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Petr\AppData\Roaming\Spotify\spotify.exe [2015-01-10 6737976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Petr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2015-01-10 1676344]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-04 336384]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-03-05 578944]
"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19 379960]
"setup.exe -start"=C:\Users\Petr\AppData\Local\Temp\setup.exe [2015-08-24 122880]
"SohuVA"=C:\Program Files (x86)\????\SHPlayer.exe /auto []
"RSDTRAY"=C:\Program Files (x86)\Rising\RSD\popwndexe.exe [2012-09-25 126808]
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe [2015-08-24 355296]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MEGAsync.lnk - C:\Users\Petr\AppData\Local\MEGAsync\MEGAsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2015-02-17 275360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-24 19:45:00 ----D---- C:\Program Files (x86)\Adobe
2015-08-24 19:42:48 ----D---- C:\ProgramData\TXQMPC
2015-08-24 19:41:50 ----A---- C:\Windows\system32\drivers\TAOAccelerator64.sys
2015-08-24 19:41:07 ----D---- C:\Program Files\Common Files\Tencent
2015-08-24 19:40:05 ----A---- C:\Windows\system32\drivers\TSSKX64.sys
2015-08-24 19:39:38 ----A---- C:\Windows\system32\drivers\TAOKernel64.sys
2015-08-24 19:38:52 ----A---- C:\Windows\system32\drivers\TFsFltX64.sys
2015-08-24 19:36:43 ----RSH---- C:\rising.ini
2015-08-24 19:35:02 ----N---- C:\Windows\system32\drivers\sysmon.sys
2015-08-24 19:35:02 ----N---- C:\Windows\system32\drivers\rsutils.sys
2015-08-24 19:35:02 ----N---- C:\Windows\system32\drivers\rsndisp.sys
2015-08-24 19:34:31 ----D---- C:\Users\Petr\AppData\Roaming\Tencent
2015-08-24 19:34:31 ----D---- C:\Program Files (x86)\Tencent
2015-08-24 19:34:05 ----D---- C:\Program Files (x86)\Rising
2015-08-24 19:34:04 ----D---- C:\ProgramData\Rising
2015-08-24 19:33:53 ----D---- C:\ProgramData\Tencent
2015-08-24 19:24:56 ----D---- C:\ProgramData\Adobe
2015-08-24 19:22:24 ----D---- C:\AdwCleaner
2015-08-24 19:13:31 ----HD---- C:\sohucache
2015-08-24 19:13:20 ----D---- C:\SHDownload
2015-08-24 19:12:39 ----D---- C:\Program Files (x86)\搜狐影音
2015-08-18 21:22:33 ----D---- C:\Users\Petr\AppData\Roaming\HearthstoneDeckTracker
2015-08-18 11:49:38 ----D---- C:\Users\Petr\AppData\Roaming\TS3Client
2015-08-18 11:48:59 ----D---- C:\Program Files\Teamspeak
2015-08-17 21:05:20 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 21:05:20 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 20:28:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-08-17 20:28:40 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-08-17 20:28:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-08-17 20:28:40 ----A---- C:\Windows\system32\iertutil.dll
2015-08-17 20:28:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-08-17 20:28:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-08-17 20:28:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-08-17 20:28:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-08-17 20:28:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-08-17 20:28:39 ----A---- C:\Windows\system32\iernonce.dll
2015-08-17 20:28:39 ----A---- C:\Windows\system32\ie4uinit.exe
2015-08-17 20:28:38 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-08-17 20:28:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-08-17 20:28:38 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-08-17 20:28:38 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-08-17 20:28:38 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-08-17 20:28:38 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-17 20:28:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-08-17 20:28:35 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-08-17 20:28:35 ----A---- C:\Windows\system32\urlmon.dll
2015-08-17 20:28:35 ----A---- C:\Windows\system32\iedkcs32.dll
2015-08-17 20:28:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-08-17 20:28:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-08-17 20:28:34 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-08-17 20:28:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-08-17 20:28:34 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-17 20:28:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-08-17 20:28:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-08-17 20:28:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-08-17 20:28:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-08-17 20:28:33 ----A---- C:\Windows\system32\msfeeds.dll
2015-08-17 20:28:33 ----A---- C:\Windows\system32\dxtrans.dll
2015-08-17 20:28:32 ----A---- C:\Windows\system32\iesetup.dll
2015-08-17 20:28:32 ----A---- C:\Windows\system32\ieapfltr.dll
2015-08-17 20:28:29 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-08-17 20:28:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-08-17 20:28:29 ----A---- C:\Windows\system32\vbscript.dll
2015-08-17 20:28:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-08-17 20:28:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-08-17 20:28:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-08-17 20:28:28 ----A---- C:\Windows\system32\jsproxy.dll
2015-08-17 20:28:28 ----A---- C:\Windows\system32\ieUnatt.exe
2015-08-17 20:28:27 ----A---- C:\Windows\system32\dxtmsft.dll
2015-08-17 20:28:26 ----A---- C:\Windows\system32\ieui.dll
2015-08-17 20:28:26 ----A---- C:\Windows\system32\ieframe.dll
2015-08-17 20:28:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-08-17 20:28:25 ----A---- C:\Windows\system32\mshtmled.dll
2015-08-17 20:28:24 ----A---- C:\Windows\system32\jscript9diag.dll
2015-08-17 20:28:24 ----A---- C:\Windows\system32\jscript.dll
2015-08-17 20:28:23 ----A---- C:\Windows\system32\jscript9.dll
2015-08-17 20:28:22 ----A---- C:\Windows\system32\wininet.dll
2015-08-17 20:28:21 ----A---- C:\Windows\system32\msrating.dll
2015-08-17 20:28:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-08-17 20:28:20 ----A---- C:\Windows\system32\mshtml.dll
2015-08-17 20:28:16 ----A---- C:\Windows\SYSWOW64\ole32.dll
2015-08-17 20:28:16 ----A---- C:\Windows\system32\ole32.dll
2015-08-17 20:28:15 ----A---- C:\Windows\system32\wksprt.exe
2015-08-17 20:28:15 ----A---- C:\Windows\system32\mstscax.dll
2015-08-17 20:28:13 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-08-17 20:28:11 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2015-08-17 20:28:11 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2015-08-17 20:28:11 ----A---- C:\Windows\system32\tsgqec.dll
2015-08-17 20:28:11 ----A---- C:\Windows\system32\rdvidcrl.dll
2015-08-17 20:28:03 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-08-17 20:28:03 ----A---- C:\Windows\system32\msi.dll
2015-08-17 20:28:03 ----A---- C:\Windows\system32\authui.dll
2015-08-17 20:28:02 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2015-08-17 20:28:02 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2015-08-17 20:28:02 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2015-08-17 20:28:02 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-08-17 20:28:02 ----A---- C:\Windows\system32\msimsg.dll
2015-08-17 20:28:02 ----A---- C:\Windows\system32\msihnd.dll
2015-08-17 20:28:02 ----A---- C:\Windows\system32\msiexec.exe
2015-08-17 20:28:02 ----A---- C:\Windows\system32\consent.exe
2015-08-17 20:28:02 ----A---- C:\Windows\system32\appinfo.dll
2015-08-17 20:27:51 ----A---- C:\Windows\system32\gdi32.dll
2015-08-17 20:27:50 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-08-17 20:27:49 ----A---- C:\Windows\system32\msxml3.dll
2015-08-17 20:27:48 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2015-08-17 20:27:48 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-08-17 20:27:48 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-08-17 20:27:48 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-08-17 20:27:48 ----A---- C:\Windows\system32\msxml6r.dll
2015-08-17 20:27:48 ----A---- C:\Windows\system32\msxml6.dll
2015-08-17 20:27:48 ----A---- C:\Windows\system32\msxml3r.dll
2015-08-17 20:27:34 ----A---- C:\Windows\system32\rpcrt4.dll
2015-08-17 20:27:34 ----A---- C:\Windows\system32\lsasrv.dll
2015-08-17 20:27:34 ----A---- C:\Windows\system32\kerberos.dll
2015-08-17 20:27:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-08-17 20:27:33 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-08-17 20:27:33 ----A---- C:\Windows\system32\schannel.dll
2015-08-17 20:27:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-08-17 20:27:33 ----A---- C:\Windows\system32\ntdll.dll
2015-08-17 20:27:33 ----A---- C:\Windows\system32\msv1_0.dll
2015-08-17 20:27:32 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-08-17 20:27:32 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-08-17 20:27:32 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-08-17 20:27:32 ----A---- C:\Windows\system32\kernel32.dll
2015-08-17 20:27:32 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-08-17 20:27:32 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-08-17 20:27:31 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-08-17 20:27:31 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-08-17 20:27:31 ----A---- C:\Windows\system32\sysmain.dll
2015-08-17 20:27:31 ----A---- C:\Windows\system32\adtschema.dll
2015-08-17 20:27:30 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-08-17 20:27:30 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-08-17 20:27:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-08-17 20:27:30 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-08-17 20:27:30 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-08-17 20:27:30 ----A---- C:\Windows\system32\wdigest.dll
2015-08-17 20:27:30 ----A---- C:\Windows\system32\TSpkg.dll
2015-08-17 20:27:30 ----A---- C:\Windows\system32\ncrypt.dll
2015-08-17 20:27:30 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-08-17 20:27:30 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-08-17 20:27:30 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-08-17 20:27:30 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-08-17 20:27:29 ----A---- C:\Windows\system32\wow64.dll
2015-08-17 20:27:29 ----A---- C:\Windows\system32\rstrui.exe
2015-08-17 20:27:29 ----A---- C:\Windows\system32\KernelBase.dll
2015-08-17 20:27:28 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-08-17 20:27:28 ----A---- C:\Windows\system32\winsrv.dll
2015-08-17 20:27:28 ----A---- C:\Windows\system32\srcore.dll
2015-08-17 20:27:28 ----A---- C:\Windows\system32\csrsrv.dll
2015-08-17 20:27:28 ----A---- C:\Windows\system32\cryptbase.dll
2015-08-17 20:27:28 ----A---- C:\Windows\system32\conhost.exe
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-08-17 20:27:27 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-08-17 20:27:27 ----A---- C:\Windows\system32\sspisrv.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\sspicli.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\srclient.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\smss.exe
2015-08-17 20:27:27 ----A---- C:\Windows\system32\secur32.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\ntvdm64.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\msmmsp.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\msaudite.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\lsass.exe
2015-08-17 20:27:27 ----A---- C:\Windows\system32\credssp.dll
2015-08-17 20:27:27 ----A---- C:\Windows\system32\auditpol.exe
2015-08-17 20:27:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-17 20:27:26 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-17 20:27:26 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-08-17 20:27:26 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-08-17 20:27:26 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-08-17 20:27:26 ----A---- C:\Windows\system32\wow64win.dll
2015-08-17 20:27:26 ----A---- C:\Windows\system32\wow64cpu.dll
2015-08-17 20:27:26 ----A---- C:\Windows\system32\msobjs.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-17 20:27:25 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-17 20:27:25 ----A---- C:\Windows\SYSWOW64\user.exe
2015-08-17 20:27:25 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-08-17 20:27:25 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-08-17 20:27:25 ----A---- C:\Windows\system32\apisetschema.dll
2015-08-17 20:26:42 ----A---- C:\Windows\system32\basesrv.dll
2015-08-17 20:26:17 ----A---- C:\Windows\system32\invagent.dll
2015-08-17 20:26:17 ----A---- C:\Windows\system32\generaltel.dll
2015-08-17 20:26:17 ----A---- C:\Windows\system32\devinv.dll
2015-08-17 20:26:17 ----A---- C:\Windows\system32\appraiser.dll
2015-08-17 20:26:17 ----A---- C:\Windows\system32\aeinv.dll
2015-08-17 20:26:17 ----A---- C:\Windows\system32\acmigration.dll
2015-08-17 20:26:16 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-08-17 20:26:16 ----A---- C:\Windows\system32\aepdu.dll
2015-08-17 20:25:47 ----A---- C:\Windows\system32\FntCache.dll
2015-08-17 20:25:46 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-08-17 20:25:46 ----A---- C:\Windows\system32\win32k.sys
2015-08-17 20:25:46 ----A---- C:\Windows\system32\DWrite.dll
2015-08-17 20:25:46 ----A---- C:\Windows\system32\atmfd.dll
2015-08-17 20:25:45 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-08-17 20:25:42 ----A---- C:\Windows\system32\lpk.dll
2015-08-17 20:25:41 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-08-17 20:25:41 ----A---- C:\Windows\system32\d3d10warp.dll
2015-08-17 20:25:41 ----A---- C:\Windows\system32\atmlib.dll
2015-08-17 20:25:40 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2015-08-17 20:25:39 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-08-17 20:25:39 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-08-17 20:25:39 ----A---- C:\Windows\system32\fontsub.dll
2015-08-17 20:25:39 ----A---- C:\Windows\system32\dciman32.dll
2015-08-17 20:25:38 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-08-17 20:25:35 ----A---- C:\Windows\SYSWOW64\cewmdm.dll
2015-08-17 20:25:35 ----A---- C:\Windows\system32\cewmdm.dll
2015-08-17 20:25:25 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-17 20:25:25 ----A---- C:\Windows\system32\rdpcorets.dll
2015-08-17 20:25:18 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-08-17 20:25:18 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-08-17 20:25:18 ----A---- C:\Windows\system32\cryptsvc.dll
2015-08-17 20:25:17 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-08-17 20:25:17 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-08-17 20:25:17 ----A---- C:\Windows\system32\wintrust.dll
2015-08-17 20:25:17 ----A---- C:\Windows\system32\cryptnet.dll
2015-08-17 20:25:17 ----A---- C:\Windows\system32\crypt32.dll
2015-08-17 20:25:08 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2015-08-17 20:25:08 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2015-08-17 20:25:08 ----A---- C:\Windows\system32\WebClnt.dll
2015-08-17 20:25:08 ----A---- C:\Windows\system32\davclnt.dll
2015-08-17 20:24:11 ----A---- C:\Windows\SYSWOW64\notepad.exe
2015-08-17 20:24:11 ----A---- C:\Windows\system32\notepad.exe
2015-08-17 20:24:11 ----A---- C:\Windows\notepad.exe
2015-08-17 20:10:26 ----A---- C:\Windows\system32\shell32.dll
2015-08-17 20:10:23 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-08-17 20:09:20 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-08-17 20:09:20 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-08-17 20:09:20 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-08-17 20:09:20 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-08-17 20:09:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-08-17 20:09:20 ----A---- C:\Windows\system32\wucltux.dll
2015-08-17 20:09:20 ----A---- C:\Windows\system32\wuauclt.exe
2015-08-17 20:09:20 ----A---- C:\Windows\system32\wuapp.exe
2015-08-17 20:09:20 ----A---- C:\Windows\system32\wuapi.dll
2015-08-17 20:09:20 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-08-17 20:09:19 ----A---- C:\Windows\system32\wuwebv.dll
2015-08-17 20:09:19 ----A---- C:\Windows\system32\wups2.dll
2015-08-17 20:09:19 ----A---- C:\Windows\system32\wups.dll
2015-08-17 20:09:19 ----A---- C:\Windows\system32\wudriver.dll
2015-08-17 20:09:19 ----A---- C:\Windows\system32\wuaueng.dll
2015-08-17 20:09:19 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-08-17 19:55:18 ----D---- C:\ProgramData\Gyazo

======List of files/folders modified in the last 1 month======

2015-08-24 19:48:39 ----D---- C:\Windows\Temp
2015-08-24 19:48:35 ----D---- C:\Program Files\trend micro
2015-08-24 19:48:17 ----D---- C:\Users\Petr\AppData\Roaming\Adobe
2015-08-24 19:45:00 ----RD---- C:\Program Files (x86)
2015-08-24 19:42:48 ----HD---- C:\ProgramData
2015-08-24 19:41:50 ----D---- C:\Windows\system32\drivers
2015-08-24 19:41:07 ----D---- C:\Program Files\Common Files
2015-08-24 19:39:54 ----RSD---- C:\Windows\Fonts
2015-08-24 19:38:49 ----D---- C:\Program Files (x86)\Common Files
2015-08-24 19:32:37 ----SHD---- C:\Windows\Installer
2015-08-24 19:32:36 ----SHD---- C:\Config.Msi
2015-08-24 19:32:35 ----D---- C:\Windows\SysWOW64
2015-08-24 19:32:09 ----SHD---- C:\System Volume Information
2015-08-24 19:32:09 ----D---- C:\ProgramData\Package Cache
2015-08-24 14:51:33 ----D---- C:\Program Files (x86)\Steam
2015-08-24 10:52:22 ----D---- C:\ProgramData\PDFC
2015-08-24 10:02:28 ----D---- C:\Windows\system32\config
2015-08-24 09:51:31 ----D---- C:\Windows\system32\Tasks
2015-08-20 20:02:37 ----D---- C:\Program Files (x86)\Gyazo
2015-08-19 21:33:15 ----D---- C:\Program Files (x86)\Opera
2015-08-19 20:22:27 ----D---- C:\Windows\Microsoft.NET
2015-08-19 12:26:21 ----RSD---- C:\Windows\assembly
2015-08-18 20:17:18 ----D---- C:\Program Files (x86)\Hearthstone
2015-08-18 19:47:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-08-18 11:49:05 ----RD---- C:\Program Files
2015-08-18 11:47:32 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2015-08-18 07:17:33 ----D---- C:\Windows\winsxs
2015-08-18 07:14:51 ----D---- C:\Program Files (x86)\Battle.net
2015-08-17 21:14:30 ----SD---- C:\Windows\system32\CompatTel
2015-08-17 21:14:24 ----D---- C:\Windows\system32\wbem
2015-08-17 21:14:24 ----D---- C:\Windows\system32\appraiser
2015-08-17 21:14:24 ----D---- C:\Windows\System32
2015-08-17 21:14:22 ----D---- C:\Windows\AppPatch
2015-08-17 21:14:11 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-08-17 21:14:07 ----D---- C:\Windows\system32\drivers\cs-CZ
2015-08-17 21:14:07 ----D---- C:\Windows\system32\cs-CZ
2015-08-17 21:13:59 ----SD---- C:\Windows\SYSWOW64\GWX
2015-08-17 21:13:59 ----SD---- C:\Windows\system32\GWX
2015-08-17 21:13:42 ----D---- C:\Program Files\Internet Explorer
2015-08-17 21:13:40 ----D---- C:\Windows\SYSWOW64\en-US
2015-08-17 21:13:37 ----D---- C:\Windows\system32\en-US
2015-08-17 21:13:33 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-17 21:13:05 ----D---- C:\Windows
2015-08-17 21:10:30 ----D---- C:\FRST
2015-08-17 21:10:29 ----D---- C:\Windows\Tasks
2015-08-17 21:03:00 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-17 21:03:00 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-17 21:02:34 ----D---- C:\Windows\Prefetch
2015-08-17 20:48:29 ----D---- C:\Windows\system32\MRT
2015-08-17 20:23:33 ----D---- C:\Windows\system32\catroot2
2015-07-28 10:59:08 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sysmon;sysmon; C:\Windows\system32\DRIVERS\sysmon.sys [2014-09-10 119344]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-03-10 246000]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-03-10 169792]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-02-28 26528]
R1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys [2015-08-24 62264]
R1 rsutils;rsutils; C:\Windows\system32\DRIVERS\rsutils.sys [2014-08-15 69336]
R1 TSDefenseBt;TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [2015-08-24 28472]
R1 TSSysKit;TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSSysKit64.sys [2015-08-24 87352]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-10-08 122072]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2015-03-10 159480]
R2 QQSysMonX64;QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys [2015-08-24 138040]
R2 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\Windows\system32\Drivers\TAOAccelerator64.sys [2015-08-24 74040]
R2 TAOKernelDriver;Tencent TAO kernel driver.; \??\C:\Windows\system32\Drivers\TAOKernel64.sys [2015-08-24 274232]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-05 8283136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-03-04 295424]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-04-13 36000]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-06-20 3678720]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-04-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-04-13 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-04-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-04-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-04-13 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-04-13 281760]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-12 2709224]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 TFsFlt;TFsFlt; C:\Windows\system32\Drivers\TFsFltX64.sys [2015-08-24 87864]
R3 TSSKX64;TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [2015-08-24 38200]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-01-19 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-11-28 1866080]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2015-01-19 30208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-03-04 203776]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-13 146592]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-04-13 77984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-10-08 388824]
R2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-10-08 782040]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-01-28 1349576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-12-15 9216]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-02-03 76888]
R2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [2015-08-24 301728]
R2 RsMgrSvc;Rsd Service; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [2014-09-02 179992]
R2 RsRavMon;Rav Service; C:\Program Files (x86)\Rising\RAV\ravmond.exe [2014-05-15 277552]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-04-17 5448976]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-09-01 991288]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-08-19 838336]
R3 TAOFrame;TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe [2015-08-24 293856]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-10-08 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05 107848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18 269000]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-05-03 148080]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-27 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-16 1900400]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 24 srp 2015 19:15

Krasny den Vam preju

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
ukoncete vsechny programy
kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!

po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Program Files (x86)\Tencent

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"setup.exe -start"=-
"SohuVA"=-
" QQPCTray"=-

Nexxy · #3 Příspěvek od **Nexxy** » 24 srp 2015 19:39

altrok píše:Krasny den Vam preju

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe

ukoncete vsechny programy

kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)

obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log
Kód: Vybrat vše
:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Program Files (x86)\Tencent

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"setup.exe -start"=-
"SohuVA"=-
" QQPCTray"=-

Počítač se restartuje sám? Jelikož mě to nic nedělá, OTM se zastavilo, ale restart neprobíhá.

E: OTM se zaseklo :/ neodpovídá
E2: Už odpovídá, ještě to asi nedojelo. Fail, omlouvám se

Nexxy · #4 Příspěvek od **Nexxy** » 24 srp 2015 19:45

Ale v správci úloh jsou ještě 2 programy od této služby přikládám screen : https://gyazo.com/8ac6b2e4a25274154528b776734f150e

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Petr
->Temp folder emptied: 3242 bytes
->Temporary Internet Files folder emptied: 4747 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6363489 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1010626 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Petr
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Petr
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

Error creating restore point.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Program Files (x86)\Tencent\QQPCMgr\Plugins\PluginsSetupBak folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\Plugins folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk\Data folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk\1.0.0.1\def folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk\1.0.0.1 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAO folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\SoftMgr\data folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\SoftMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQMgrFix folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QOLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\DataUpdateFile folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUpdate folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qqwifitrayplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMWebFWCtrl folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMVulPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmupdatemodule folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmudiskmgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTrojanPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmtrayinfo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTrayDetector folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTPKTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTPIEStartPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMSysOptimizeAssist folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMSXTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMStartupMonitorNotify folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMSpecTips folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmsoftplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmrtpplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMQQLoginPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMPToolTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmpredownload folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMPerfCtrl folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMNewsTips folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMMobileTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMLogCtrl folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMKCheck folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMHwFloatWnd folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMDnsMonitor folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMClinicTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMBJTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmavtrayplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMAutoTaskPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO\I18N\2052 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO\I18N folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO\Bin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin\speeduprocket folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin\phonerocket\dock_5.7.0.2 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin\phonerocket folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmsoftmgrupdate folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMLoader folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\TraceClear folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysstartupmgrjmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysspeeduprtpplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysspeedupjmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysSpeedUp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysOptimize folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysmalwarejmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysHomePage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysgarbagejmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysCleanPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\StartupMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SoftUninstall folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\smanalyplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\RtpPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCWifiSafe folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCUpgradeJump folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCUninstallJump folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSoftMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox\Icon\Small folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox\Icon\Normal folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox\Icon folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCLeakScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\qqpclaunch folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCClinicSys folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCClinicNetRepair folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCClinicNet folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCB1AndroidJmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMTrojanScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMSCVulPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMSCGeneralPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMSCEntrancePlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMRouterPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetSpeedTest folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMobileFlux folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetflowOpti folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetConnect folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMMobileSettingCenter folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMIEMalRtpPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\qmcloudinter folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMClinicsettingcenter folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMBluescreenFixer folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMArpMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\PluginPackage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\PioneerLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\malware\logo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\malware folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\IEStartPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\HPScanUIPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\FileSmash folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\DownloaderMgrUI folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\ClassicLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\adplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\Plugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\PAS folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\Images folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\Image folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\QMHPGarbageScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPVulScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hptrojanscan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPSysScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hpswscanplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPInternalScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hpiestartpagescan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPExternalScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hpclinicscanplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMHardwareDetectPlugin\Config\GameLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMHardwareDetectPlugin\Config folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMHardwareDetectPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMGameUpgradePlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMGameAcceleratePlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileMon\x64 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileMon\i386 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileMon folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6542 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6541 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6526 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6523 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6521 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6520 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6518 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6515 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6514 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6512 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6505 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6502 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6500 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6498 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6496 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6494 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6492 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6489 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6488 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6486 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6466 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6456 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6454 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6452 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6449 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6448 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6447 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6423 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6416 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6413 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6400 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6389 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6360 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6354 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6351 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6345 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6343 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6337 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6335 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6325 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6323 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6315 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6309 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6297 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6280 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6279 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6272 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6246 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6042 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5925 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5816 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5589 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5066 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5011 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\3889 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\Sections folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData\script folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData\pic folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData\config folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\CacheBlueScreenFix folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\avira folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\adfilterlib folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr folder moved successfully.
C:\Program Files (x86)\Tencent folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\setup.exe -start deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SohuVA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 08242015_203707

Files moved on Reboot...
C:\Users\Petr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Nexxy · #5 Příspěvek od **Nexxy** » 24 srp 2015 19:45

Ale v správci úloh jsou ještě 2 programy od této služby přikládám screen : https://gyazo.com/8ac6b2e4a25274154528b776734f150e

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Petr
->Temp folder emptied: 3242 bytes
->Temporary Internet Files folder emptied: 4747 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6363489 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1010626 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Petr
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Petr
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

Error creating restore point.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Program Files (x86)\Tencent\QQPCMgr\Plugins\PluginsSetupBak folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\Plugins folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk\Data folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk\1.0.0.1\def folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk\1.0.0.1 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tpk folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAO folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\SoftMgr\data folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\SoftMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQMgrFix folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QOLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\DataUpdateFile folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUpdate folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qqwifitrayplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMWebFWCtrl folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMVulPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmupdatemodule folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmudiskmgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTrojanPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmtrayinfo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTrayDetector folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTPKTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMTPIEStartPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMSysOptimizeAssist folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMSXTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMStartupMonitorNotify folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMSpecTips folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmsoftplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmrtpplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMQQLoginPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMPToolTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmpredownload folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMPerfCtrl folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMNewsTips folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMMobileTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMLogCtrl folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMKCheck folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMHwFloatWnd folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMDnsMonitor folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMClinicTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMBJTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\qmavtrayplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin\QMAutoTaskPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMTrayPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO\I18N\2052 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO\I18N folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO\Bin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMSSO folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin\speeduprocket folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin\phonerocket\dock_5.7.0.2 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin\phonerocket folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmspeedupplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\qmsoftmgrupdate folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMLoader folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\TraceClear folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysstartupmgrjmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysspeeduprtpplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysspeedupjmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysSpeedUp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysOptimize folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysmalwarejmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysHomePage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\sysgarbagejmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SysCleanPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\StartupMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\SoftUninstall folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\smanalyplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\RtpPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCWifiSafe folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCUpgradeJump folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCUninstallJump folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSoftMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox\Icon\Small folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox\Icon\Normal folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox\Icon folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCSafebox folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCLeakScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\qqpclaunch folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCClinicSys folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCClinicNetRepair folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCClinicNet folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QQPCB1AndroidJmp folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMTrojanScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMSCVulPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMSCGeneralPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMSCEntrancePlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMRouterPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetSpeedTest folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMobileFlux folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetflowOpti folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetConnect folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMMobileSettingCenter folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMIEMalRtpPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\qmcloudinter folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMClinicsettingcenter folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMBluescreenFixer folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMArpMgr folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\PluginPackage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\PioneerLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\malware\logo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\malware folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\IEStartPage folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\HPScanUIPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\FileSmash folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\DownloaderMgrUI folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\ClassicLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\adplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\Plugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\PAS folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\Images folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\Image folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\QMHPGarbageScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPVulScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hptrojanscan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPSysScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hpswscanplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPInternalScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hpiestartpagescan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\HPExternalScan folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin\hpclinicscanplugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\HPScannerPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMHardwareDetectPlugin\Config\GameLogo folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMHardwareDetectPlugin\Config folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMHardwareDetectPlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMGameUpgradePlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins\QMGameAcceleratePlugin folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\gamespeedupappplugins folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileMon\x64 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileMon\i386 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileMon folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6542 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6541 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6526 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6523 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6521 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6520 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6518 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6515 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6514 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6512 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6505 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6502 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6500 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6498 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6496 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6494 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6492 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6489 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6488 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6486 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6466 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6456 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6454 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6452 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6449 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6448 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6447 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6423 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6416 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6413 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6400 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6389 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6360 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6354 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6351 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6345 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6343 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6337 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6335 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6325 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6323 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6315 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6309 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6297 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6280 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6279 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6272 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6246 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\6042 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5925 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5816 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5589 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5066 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\5011 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup\3889 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\SectionsBackup folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate\Sections folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\FileGroupUpdate folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData\script folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData\pic folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData\config folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\ClinicData folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\CacheBlueScreenFix folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\avira folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\adfilterlib folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227 folder moved successfully.
C:\Program Files (x86)\Tencent\QQPCMgr folder moved successfully.
C:\Program Files (x86)\Tencent folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\setup.exe -start deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SohuVA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 08242015_203707

Files moved on Reboot...
C:\Users\Petr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Velice se omlouvám za doublepost, nějak se mi seklo forum a nedalo se to odeslat.

#6 Příspěvek od **altrok** » 24 srp 2015 19:53

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE

Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete antiviry a vsechny real-time ochrany
spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
s licencnimi podminkami souhlaste - Ano
pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Nexxy · #7 Příspěvek od **Nexxy** » 24 srp 2015 20:46

Combofix : ComboFix 15-08-24.01 - Petr 24.08.2015 21:06:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3835.2536 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Rising Software Deployment System *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Rising Software Deployment System *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petr\AppData\Local\Msgbox.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-24 do 2015-08-24 )))))))))))))))))))))))))))))))
.
.
2015-08-24 20:01 . 2015-08-24 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-24 18:28 . 2015-08-24 18:28 -------- d-----w- C:\_OTM
2015-08-24 18:27 . 2015-08-24 18:35 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-08-24 17:51 . 2015-08-24 17:51 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-08-24 17:42 . 2015-08-24 17:42 -------- d-----w- c:\programdata\TXQMPC
2015-08-24 17:41 . 2015-08-24 17:37 74040 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-08-24 17:41 . 2015-08-24 17:41 -------- d-----w- c:\program files\Common Files\Tencent
2015-08-24 17:40 . 2015-08-24 17:37 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-08-24 17:39 . 2015-08-24 17:37 274232 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-08-24 17:38 . 2015-08-24 17:37 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-08-24 17:38 . 2015-08-24 17:38 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2015-08-24 17:35 . 2014-09-10 06:11 119344 ------w- c:\windows\system32\drivers\sysmon.sys
2015-08-24 17:35 . 2014-08-15 01:22 69336 ------w- c:\windows\system32\drivers\rsutils.sys
2015-08-24 17:35 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-08-24 17:34 . 2015-08-24 18:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Tencent
2015-08-24 17:34 . 2015-08-24 17:34 -------- d-----w- c:\program files (x86)\Rising
2015-08-24 17:34 . 2015-08-24 17:36 -------- d-----w- c:\programdata\Rising
2015-08-24 17:33 . 2015-08-24 17:44 -------- d-----w- c:\programdata\Tencent
2015-08-24 17:25 . 2015-08-24 17:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-08-24 17:22 . 2015-08-24 17:22 -------- d-----w- C:\AdwCleaner
2015-08-24 17:13 . 2015-08-24 17:13 -------- d-----w- C:\sohucache
2015-08-24 17:13 . 2015-08-24 17:13 -------- d-----w- C:\SHDownload
2015-08-24 17:12 . 2015-08-24 17:13 -------- d-----w- c:\progra~2\CA8F~1
2015-08-24 17:12 . 2015-08-24 17:12 -------- d-----w- c:\users\Petr\AppData\Local\Temp?
2015-08-18 19:22 . 2015-08-21 10:29 -------- d-----w- c:\users\Petr\AppData\Roaming\HearthstoneDeckTracker
2015-08-18 10:30 . 2015-08-18 10:30 -------- d-----w- c:\users\Petr\AppData\Local\Mega Limited
2015-08-18 10:29 . 2015-08-18 10:30 -------- d-----w- c:\users\Petr\AppData\Local\MEGAsync
2015-08-18 09:49 . 2015-08-24 18:17 -------- d-----w- c:\users\Petr\AppData\Roaming\TS3Client
2015-08-18 09:48 . 2015-08-18 09:49 -------- d-----w- c:\program files\Teamspeak
2015-08-17 19:05 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 19:05 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 18:27 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-08-17 18:26 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-17 18:26 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-17 18:26 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-17 18:26 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-17 18:26 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-17 18:26 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-17 18:26 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-17 18:26 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-17 18:26 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-17 18:24 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-17 18:24 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-17 18:24 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-17 18:10 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-17 17:55 . 2015-08-17 17:56 -------- d-----w- c:\programdata\Gyazo
2015-08-17 17:11 . 2015-08-17 17:11 -------- d-----w- c:\users\Petr\AppData\Local\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-18 17:47 . 2014-11-07 20:54 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-18 17:47 . 2014-11-07 20:54 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-28 08:59 . 2014-10-27 07:15 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-15 18:10 . 2015-08-17 18:27 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-17 18:27 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-17 18:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}]
c:\program files (x86)\????\SoHuAutoDetector.dll [?]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-19 3098424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-01-31 656920]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\Petr\AppData\Local\MEGAsync\MEGAsync.exe [2015-8-16 4720072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
@="service"
.
R1 QMUdisk;tencent QMUdisk;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys [x]
R1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [x]
R2 QQSysMonX64;QQSysMonX64;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TAOFrame;TAOFrame;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe [x]
R3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFltX64.sys;c:\windows\SYSNATIVE\Drivers\TFsFltX64.sys [x]
R3 TS888x64;TS888x64;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1; [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S1 TAOKernelDriver;Tencent TAO kernel driver.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\ravmond.exe;c:\program files (x86)\Rising\RAV\ravmond.exe [x]
S2 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator64.sys;c:\windows\SYSNATIVE\Drivers\TAOAccelerator64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 16:18 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07 17:47]
.
2015-08-23 c:\windows\Tasks\HPCeeScheduleForPetr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-13 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-13 379552]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{F266592C-96FC-4C75-9FB1-044DA469F9AC}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\faqsxm5w.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-Run-Advanced SystemCare 8 - c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-???? - c:\program files (x86)\????\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-24 22:05:35
ComboFix-quarantined-files.txt 2015-08-24 20:05
.
Před spuštěním: Volných bajtů: 216 811 659 264
Po spuštění: Volných bajtů: 216 407 851 008
.
- - End Of File - - 6169B6BC1019115CF377E87A1564DF9E
A36C5E4F47E84449FF07ED3517B43A31

Nexxy · #8 Příspěvek od **Nexxy** » 24 srp 2015 21:07

Rkill : Rkill 2.8.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/24/2015 08:58:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

#9 Příspěvek od **altrok** » 24 srp 2015 21:21

Pokuste se odinstalovat Rising Software Deployment System

Nexxy · #10 Příspěvek od **Nexxy** » 25 srp 2015 07:34

Hotovo, stále jsou v správci úloh 2 ty soubory, které jsem již posílal.

#11 Příspěvek od **altrok** » 25 srp 2015 20:50

Havet je neobvykle hodne rozlezla, doporucuji cele cisteni dokoncit.

Pokud jeste nemate, presunte ComboFix na plochu.

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

Driver::
QMUdisk
TSDefenseBt
QQPCRTP
QQSysMonX64
XobniService
TAOFrame
TS888x64
RsMgrSvc
RsRavMon

Folder::
c:\program files (x86)\Tencent
c:\program files (x86)\Xobni
c:\program files (x86)\Rising

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RSDTRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Nexxy · #12 Příspěvek od **Nexxy** » 25 srp 2015 20:59

Mám tedy zaplý combofix, při startu mibto zase ukázalo, že se tam blokuje nějaký rising antivirus, ale nainstalovaný žádný není. Spustil jsem to i přesto, píšu z mobilu. Ve správci úloh jsou stále 2 programy normálně a 2 programy zapsané jako systém. Nic nejde vypnout.

#13 Příspěvek od **altrok** » 25 srp 2015 22:03

Pockame na vysledek ComboFixu a budem mazat dal.

Nexxy · #14 Příspěvek od **Nexxy** » 25 srp 2015 22:27

ComboFix 15-08-24.01 - Petr 25.08.2015 21:59:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3835.2510 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Rising Antivirus *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Rising Antivirus *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Rising
c:\program files (x86)\Rising\RAV\12345678.000
c:\program files (x86)\Rising\RAV\accountprot.dll
c:\program files (x86)\Rising\RAV\alert.wav
c:\program files (x86)\Rising\RAV\antipromotionmon.dll
c:\program files (x86)\Rising\RAV\atl90.dll
c:\program files (x86)\Rising\RAV\bacore.dll
c:\program files (x86)\Rising\RAV\bawhite.dat
c:\program files (x86)\Rising\RAV\bawhite.dll
c:\program files (x86)\Rising\RAV\boottm.dll
c:\program files (x86)\Rising\RAV\browserruncount.dat
c:\program files (x86)\Rising\RAV\brscan.dll
c:\program files (x86)\Rising\RAV\btoptvw.dll
c:\program files (x86)\Rising\RAV\CCenter.db
c:\program files (x86)\Rising\RAV\cfgxml\adefmon.mond
c:\program files (x86)\Rising\RAV\cfgxml\bfilemon.mond
c:\program files (x86)\Rising\RAV\cfgxml\boottm.mond
c:\program files (x86)\Rising\RAV\cfgxml\boottm.mondcoms
c:\program files (x86)\Rising\RAV\cfgxml\brscan.rscom
c:\program files (x86)\Rising\RAV\cfgxml\brscan.rstray
c:\program files (x86)\Rising\RAV\cfgxml\cloudmp.rscom
c:\program files (x86)\Rising\RAV\cfgxml\cloudmp.rstray
c:\program files (x86)\Rising\RAV\cfgxml\cmailmon.mond
c:\program files (x86)\Rising\RAV\cfgxml\mond.xml
c:\program files (x86)\Rising\RAV\cfgxml\mondcoms.xml
c:\program files (x86)\Rising\RAV\cfgxml\ravlite.xml
c:\program files (x86)\Rising\RAV\cfgxml\repairmanager.mond
c:\program files (x86)\Rising\RAV\cfgxml\repairmanager.mondcoms
c:\program files (x86)\Rising\RAV\cfgxml\rscom.xml
c:\program files (x86)\Rising\RAV\cfgxml\rsconfig.xml
c:\program files (x86)\Rising\RAV\cfgxml\rsdelaylauncher.xml
c:\program files (x86)\Rising\RAV\cfgxml\rslogvw.xml
c:\program files (x86)\Rising\RAV\cfgxml\rsmain.xml
c:\program files (x86)\Rising\RAV\cfgxml\rsmginfo.xml
c:\program files (x86)\Rising\RAV\cfgxml\rsmgr.xml
c:\program files (x86)\Rising\RAV\cfgxml\rsrp.xml
c:\program files (x86)\Rising\RAV\cfgxml\rstlist.xml
c:\program files (x86)\Rising\RAV\cfgxml\rstray.xml
c:\program files (x86)\Rising\RAV\cfgxml\rswizard.xml
c:\program files (x86)\Rising\RAV\cfgxml\scantray.xml
c:\program files (x86)\Rising\RAV\cfgxml\smrtscan.xml
c:\program files (x86)\Rising\RAV\cfgxml\sysfirm.xml
c:\program files (x86)\Rising\RAV\cfgxml\TrayIcon.xml
c:\program files (x86)\Rising\RAV\cfgxml\TrayMenu.xml
c:\program files (x86)\Rising\RAV\cfgxml\TrayShutdown.rscom
c:\program files (x86)\Rising\RAV\cfgxml\TrayShutdown.rstray
c:\program files (x86)\Rising\RAV\cfgxml\urlfilter.mond
c:\program files (x86)\Rising\RAV\cfgxml\userdata.mond
c:\program files (x86)\Rising\RAV\cfgxml\userdata.rstray
c:\program files (x86)\Rising\RAV\cfgxml\virlibupdater.rscom
c:\program files (x86)\Rising\RAV\cfgxml\virlibupdater.xml
c:\program files (x86)\Rising\RAV\cfgxml\vpatchmon.mond
c:\program files (x86)\Rising\RAV\cfgxml\wbprotect.rstray
c:\program files (x86)\Rising\RAV\cfgxml\wbshld64.rstray
c:\program files (x86)\Rising\RAV\cloudcom.dll
c:\program files (x86)\Rising\RAV\CloudMP.dll
c:\program files (x86)\Rising\RAV\cloudmpw.dll
c:\program files (x86)\Rising\RAV\cloudnet.dll
c:\program files (x86)\Rising\RAV\cloudnotifier.dll
c:\program files (x86)\Rising\RAV\cloudqry.dll
c:\program files (x86)\Rising\RAV\cloudsta.dll
c:\program files (x86)\Rising\RAV\cloudstore.dll
c:\program files (x86)\Rising\RAV\CloudSys.exe
c:\program files (x86)\Rising\RAV\cloudsysext.dll
c:\program files (x86)\Rising\RAV\cloudtfc.dll
c:\program files (x86)\Rising\RAV\Cloudv3.dll
c:\program files (x86)\Rising\RAV\cloudwork.dll
c:\program files (x86)\Rising\RAV\CMPA.dll
c:\program files (x86)\Rising\RAV\CMPA.exe
c:\program files (x86)\Rising\RAV\CMPB.dll
c:\program files (x86)\Rising\RAV\CMPCUsb.dll
c:\program files (x86)\Rising\RAV\cnt08.dll
c:\program files (x86)\Rising\RAV\cnt09.dll
c:\program files (x86)\Rising\RAV\commfunc.dll
c:\program files (x86)\Rising\RAV\commrout.dll
c:\program files (x86)\Rising\RAV\CompsVer.inf
c:\program files (x86)\Rising\RAV\comserv.dll
c:\program files (x86)\Rising\RAV\comx3.dll
c:\program files (x86)\Rising\RAV\config.dll
c:\program files (x86)\Rising\RAV\Data\BootRun.db
c:\program files (x86)\Rising\RAV\Data\bootrunscan.xml
c:\program files (x86)\Rising\RAV\Data\os.xml
c:\program files (x86)\Rising\RAV\dataups.dat
c:\program files (x86)\Rising\RAV\def\cl.def
c:\program files (x86)\Rising\RAV\def\rfwdb.cfg
c:\program files (x86)\Rising\RAV\def\virboot.def
c:\program files (x86)\Rising\RAV\def\vircom.def
c:\program files (x86)\Rising\RAV\def\virelf.def
c:\program files (x86)\Rising\RAV\def\virfish.bas
c:\program files (x86)\Rising\RAV\def\virinfo.def
c:\program files (x86)\Rising\RAV\def\virmacr.def
c:\program files (x86)\Rising\RAV\def\virmps.def
c:\program files (x86)\Rising\RAV\def\virmurl.bas
c:\program files (x86)\Rising\RAV\def\virmz.def
c:\program files (x86)\Rising\RAV\def\virnew.def
c:\program files (x86)\Rising\RAV\def\virnorm.def
c:\program files (x86)\Rising\RAV\def\virpe.def
c:\program files (x86)\Rising\RAV\def\virsct.def
c:\program files (x86)\Rising\RAV\def\virusdb.cfg
c:\program files (x86)\Rising\RAV\def\virvm.def
c:\program files (x86)\Rising\RAV\defcfg.dll
c:\program files (x86)\Rising\RAV\defmon.dll
c:\program files (x86)\Rising\RAV\defview.dll
c:\program files (x86)\Rising\RAV\desktop.ini
c:\program files (x86)\Rising\RAV\dfw.dll
c:\program files (x86)\Rising\RAV\engext.dll
c:\program files (x86)\Rising\RAV\extalgo.dll
c:\program files (x86)\Rising\RAV\extarch.dll
c:\program files (x86)\Rising\RAV\extcomp.dll
c:\program files (x86)\Rising\RAV\extcryp.dll
c:\program files (x86)\Rising\RAV\ExtMail.dll
c:\program files (x86)\Rising\RAV\ExtOLE.dll
c:\program files (x86)\Rising\RAV\extsfx.dll
c:\program files (x86)\Rising\RAV\ffr.dll
c:\program files (x86)\Rising\RAV\filecent.dll
c:\program files (x86)\Rising\RAV\filemon.dll
c:\program files (x86)\Rising\RAV\FileMonTk.log
c:\program files (x86)\Rising\RAV\firm.xml
c:\program files (x86)\Rising\RAV\fixeng.dll
c:\program files (x86)\Rising\RAV\GatFile.dll
c:\program files (x86)\Rising\RAV\hookbase.dll
c:\program files (x86)\Rising\RAV\chinese.cpf
c:\program files (x86)\Rising\RAV\idiom.dat
c:\program files (x86)\Rising\RAV\Ilscu.dll
c:\program files (x86)\Rising\RAV\InDTszB.dll
c:\program files (x86)\Rising\RAV\InDTszB.dll.backup
c:\program files (x86)\Rising\RAV\InDTszB.dll.dat
c:\program files (x86)\Rising\RAV\item.xml
c:\program files (x86)\Rising\RAV\KaKa\actions.xml
c:\program files (x86)\Rising\RAV\KaKa\Bye.swf
c:\program files (x86)\Rising\RAV\KaKa\DblClk.swf
c:\program files (x86)\Rising\RAV\KaKa\Deletef.swf
c:\program files (x86)\Rising\RAV\KaKa\dialog.swf
c:\program files (x86)\Rising\RAV\KaKa\Dragging.swf
c:\program files (x86)\Rising\RAV\KaKa\Eatwm.swf
c:\program files (x86)\Rising\RAV\KaKa\fallback.swf
c:\program files (x86)\Rising\RAV\KaKa\Findv.swf
c:\program files (x86)\Rising\RAV\KaKa\Gally.swf
c:\program files (x86)\Rising\RAV\KaKa\hands.swf
c:\program files (x86)\Rising\RAV\KaKa\Hello.swf
c:\program files (x86)\Rising\RAV\KaKa\hidden.swf
c:\program files (x86)\Rising\RAV\KaKa\hiding.swf
c:\program files (x86)\Rising\RAV\KaKa\Ignorev.swf
c:\program files (x86)\Rising\RAV\KaKa\Killv.swf
c:\program files (x86)\Rising\RAV\KaKa\RbtnClk.swf
c:\program files (x86)\Rising\RAV\KaKa\Scanning.swf
c:\program files (x86)\Rising\RAV\KaKa\showup.swf
c:\program files (x86)\Rising\RAV\KaKa\Sleeping.swf
c:\program files (x86)\Rising\RAV\KaKa\smog.swf
c:\program files (x86)\Rising\RAV\KaKa\StaFindv.swf
c:\program files (x86)\Rising\RAV\KaKa\Stand.swf
c:\program files (x86)\Rising\RAV\KaKa\StarScan.swf
c:\program files (x86)\Rising\RAV\KaKa\StaSleep.swf
c:\program files (x86)\Rising\RAV\KaKa\StatDrag.swf
c:\program files (x86)\Rising\RAV\KaKa\StoFindv.swf
c:\program files (x86)\Rising\RAV\KaKa\StopDrag.swf
c:\program files (x86)\Rising\RAV\KaKa\StopScan.swf
c:\program files (x86)\Rising\RAV\KaKa\StoSleep.swf
c:\program files (x86)\Rising\RAV\KaKa\vanish.swf
c:\program files (x86)\Rising\RAV\keyzone.bin
c:\program files (x86)\Rising\RAV\kkdb.dll
c:\program files (x86)\Rising\RAV\Label.dat
c:\program files (x86)\Rising\RAV\langsel.exe
c:\program files (x86)\Rising\RAV\language\ATip1252.ini
c:\program files (x86)\Rising\RAV\language\ATip936.ini
c:\program files (x86)\Rising\RAV\language\ATip950.ini
c:\program files (x86)\Rising\RAV\language\Eng.la0
c:\program files (x86)\Rising\RAV\language\Eng.lac
c:\program files (x86)\Rising\RAV\language\Eng.lag
c:\program files (x86)\Rising\RAV\language\chs.la0
c:\program files (x86)\Rising\RAV\language\chs.lac
c:\program files (x86)\Rising\RAV\language\chs.lag
c:\program files (x86)\Rising\RAV\language\cht.la0
c:\program files (x86)\Rising\RAV\language\cht.lac
c:\program files (x86)\Rising\RAV\language\cht.lag
c:\program files (x86)\Rising\RAV\language\LangENG.png
c:\program files (x86)\Rising\RAV\language\Langchs.png
c:\program files (x86)\Rising\RAV\language\Langcht.png
c:\program files (x86)\Rising\RAV\let_num.cpf
c:\program files (x86)\Rising\RAV\letters.cpf
c:\program files (x86)\Rising\RAV\libcfg.dll
c:\program files (x86)\Rising\RAV\lnchr.dat
c:\program files (x86)\Rising\RAV\localopt.dll
c:\program files (x86)\Rising\RAV\LogAc.bmp
c:\program files (x86)\Rising\RAV\LogDc.bmp
c:\program files (x86)\Rising\RAV\logfiles\ravmond.exe.boottm.log
c:\program files (x86)\Rising\RAV\logfiles\ravmond.exe.cloudwork.log
c:\program files (x86)\Rising\RAV\logfiles\ravmond.exe.log
c:\program files (x86)\Rising\RAV\logfiles\ravmond.exe.rstask.log
c:\program files (x86)\Rising\RAV\logfiles\RegGuide.exe.log
c:\program files (x86)\Rising\RAV\logfiles\RSCONFIG.EXE.log
c:\program files (x86)\Rising\RAV\logfiles\RSTRAY.EXE.CloudMP.log
c:\program files (x86)\Rising\RAV\logfiles\RSTRAY.EXE.log
c:\program files (x86)\Rising\RAV\logfiles\RSUPDATERTOOL.EXE.log
c:\program files (x86)\Rising\RAV\logfiles\virlibupdater.exe.log
c:\program files (x86)\Rising\RAV\logquery.dll
c:\program files (x86)\Rising\RAV\logvw.dll
c:\program files (x86)\Rising\RAV\mailmon.dll
c:\program files (x86)\Rising\RAV\mergexml.dll
c:\program files (x86)\Rising\RAV\Microsoft.VC90.ATL.manifest
c:\program files (x86)\Rising\RAV\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Rising\RAV\moncom08.dll
c:\program files (x86)\Rising\RAV\moncomm.dll
c:\program files (x86)\Rising\RAV\mondef.dll
c:\program files (x86)\Rising\RAV\mondrv.dll
c:\program files (x86)\Rising\RAV\monmgr.dll
c:\program files (x86)\Rising\RAV\monrule.dll
c:\program files (x86)\Rising\RAV\monstate.dll
c:\program files (x86)\Rising\RAV\montray.dll
c:\program files (x86)\Rising\RAV\mruleui.dll
c:\program files (x86)\Rising\RAV\msvcp90.dll
c:\program files (x86)\Rising\RAV\msvcr90.dll
c:\program files (x86)\Rising\RAV\NetConfig.ini
c:\program files (x86)\Rising\RAV\newupdater.dll
c:\program files (x86)\Rising\RAV\nprising.dll
c:\program files (x86)\Rising\RAV\num.cpf
c:\program files (x86)\Rising\RAV\nvfile.dll
c:\program files (x86)\Rising\RAV\pearc.dll
c:\program files (x86)\Rising\RAV\pngdll.dll
c:\program files (x86)\Rising\RAV\PreScan.dll
c:\program files (x86)\Rising\RAV\Proccom.dll
c:\program files (x86)\Rising\RAV\Proccomm.dll
c:\program files (x86)\Rising\RAV\procenv.dll
c:\program files (x86)\Rising\RAV\prvcloudcfg.ini
c:\program files (x86)\Rising\RAV\pubcfg.dll
c:\program files (x86)\Rising\RAV\rav1252\eng.lag
c:\program files (x86)\Rising\RAV\rav1252\lics1252.txt
c:\program files (x86)\Rising\RAV\rav936\chs.lag
c:\program files (x86)\Rising\RAV\rav936\lics936.txt
c:\program files (x86)\Rising\RAV\rav950\cht.lag
c:\program files (x86)\Rising\RAV\rav950\lics950.txt
c:\program files (x86)\Rising\RAV\ravbin.dll
c:\program files (x86)\Rising\RAV\ravlite.exe
c:\program files (x86)\Rising\RAV\ravmond.exe
c:\program files (x86)\Rising\RAV\ravmond.exe_ravbrc.dat
c:\program files (x86)\Rising\RAV\ravmond.exe_status.ini
c:\program files (x86)\Rising\RAV\ravmview.dll
c:\program files (x86)\Rising\RAV\RavSetup.dll
c:\program files (x86)\Rising\RAV\ravxp.exe
c:\program files (x86)\Rising\RAV\recomp.cfg
c:\program files (x86)\Rising\RAV\recomp.dll
c:\program files (x86)\Rising\RAV\refs.dll
c:\program files (x86)\Rising\RAV\regguide.dll
c:\program files (x86)\Rising\RAV\regguide.exe
c:\program files (x86)\Rising\RAV\Regguide\Free0936.htm
c:\program files (x86)\Rising\RAV\Regguide\Free0950.htm
c:\program files (x86)\Rising\RAV\Regguide\Free1252.htm
c:\program files (x86)\Rising\RAV\Regguide\images\091015_01.gif
c:\program files (x86)\Rising\RAV\Regguide\images\091015_16.gif
c:\program files (x86)\Rising\RAV\Regguide\images\091015_17.gif
c:\program files (x86)\Rising\RAV\Regguide\images\110318_01.gif
c:\program files (x86)\Rising\RAV\Regguide\images\110321_01.gif
c:\program files (x86)\Rising\RAV\Regguide\images\110321_04.gif
c:\program files (x86)\Rising\RAV\Regguide\images\110322_01.gif
c:\program files (x86)\Rising\RAV\Regguide\images\110322_02.gif
c:\program files (x86)\Rising\RAV\Regguide\SnIn0936.htm
c:\program files (x86)\Rising\RAV\Regguide\SnIn0950.htm
c:\program files (x86)\Rising\RAV\Regguide\SnIn1252.htm
c:\program files (x86)\Rising\RAV\rego\methodex.dll
c:\program files (x86)\Rising\RAV\rego\revm.dll
c:\program files (x86)\Rising\RAV\rego\rxarch.dll
c:\program files (x86)\Rising\RAV\rego\rxcoml.dll
c:\program files (x86)\Rising\RAV\rego\rxcore.dll
c:\program files (x86)\Rising\RAV\rego\rxffr.dll
c:\program files (x86)\Rising\RAV\rego\rxfsm.dll
c:\program files (x86)\Rising\RAV\rego\rxmail.dll
c:\program files (x86)\Rising\RAV\rego\rxmltk.dll
c:\program files (x86)\Rising\RAV\rego\rxmss.dll
c:\program files (x86)\Rising\RAV\rego\rxoffice.dll
c:\program files (x86)\Rising\RAV\rego\rxruntim.dll
c:\program files (x86)\Rising\RAV\rego\rxsig64.dll
c:\program files (x86)\Rising\RAV\rego\rxvision.dll
c:\program files (x86)\Rising\RAV\rego\rxwinpe.dll
c:\program files (x86)\Rising\RAV\rego\rxxdu0.dll
c:\program files (x86)\Rising\RAV\rego\scanelf.dll
c:\program files (x86)\Rising\RAV\rego\scanex.dll
c:\program files (x86)\Rising\RAV\rego\scanexec.dll
c:\program files (x86)\Rising\RAV\rego\scanmac.dll
c:\program files (x86)\Rising\RAV\rego\scanpe.dll
c:\program files (x86)\Rising\RAV\rego\scansct.dll
c:\program files (x86)\Rising\RAV\rego\scansvc.dll
c:\program files (x86)\Rising\RAV\rego\scriptci.dll
c:\program files (x86)\Rising\RAV\rego\uroutine.dll
c:\program files (x86)\Rising\RAV\rego\urutils.dll
c:\program files (x86)\Rising\RAV\rego\vex86.dll
c:\program files (x86)\Rising\RAV\relibldr.dll
c:\program files (x86)\Rising\RAV\repairmanager.dll
c:\program files (x86)\Rising\RAV\res\adslshr.png
c:\program files (x86)\Rising\RAV\res\aphone.png
c:\program files (x86)\Rising\RAV\res\app_robot.png
c:\program files (x86)\Rising\RAV\res\bootopt.png
c:\program files (x86)\Rising\RAV\res\closeicon2.png
c:\program files (x86)\Rising\RAV\res\clrfile.png
c:\program files (x86)\Rising\RAV\res\computerprotect.png
c:\program files (x86)\Rising\RAV\res\Correct.png
c:\program files (x86)\Rising\RAV\res\fileshd.png
c:\program files (x86)\Rising\RAV\res\fixcookie.png
c:\program files (x86)\Rising\RAV\res\fixsys.png
c:\program files (x86)\Rising\RAV\res\game.png
c:\program files (x86)\Rising\RAV\res\hotIcon.png
c:\program files (x86)\Rising\RAV\res\html\faq\css\faq.css
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\11.jpg
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\11.png
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\2.png
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\3.png
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\4.jpg
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\iask.gif
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\jian.gif
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\navhover.gif
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\navon.png
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\navsep.gif
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\tipbg.gif
c:\program files (x86)\Rising\RAV\res\html\faq\css\images\xian.gif
c:\program files (x86)\Rising\RAV\res\html\faq\faq.html
c:\program files (x86)\Rising\RAV\res\html\faq\scripts\faq.js
c:\program files (x86)\Rising\RAV\res\html\forum\css\forum.css
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\activit2.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\activity.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\help.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\help2.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\line.gif
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\new.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\new2.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\setting.png
c:\program files (x86)\Rising\RAV\res\html\forum\css\images\setting2.png
c:\program files (x86)\Rising\RAV\res\html\forum\forum.html
c:\program files (x86)\Rising\RAV\res\html\forum\scripts\forum.js
c:\program files (x86)\Rising\RAV\res\html\help\css\help.css
c:\program files (x86)\Rising\RAV\res\html\help\css\images\compass.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\compass2.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\deal.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\deal2.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\intefac2.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\interfac.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\questio2.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\question.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\service.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\service2.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\setting.png
c:\program files (x86)\Rising\RAV\res\html\help\css\images\setting2.png
c:\program files (x86)\Rising\RAV\res\html\help\help.html
c:\program files (x86)\Rising\RAV\res\html\help\scripts\help.js
c:\program files (x86)\Rising\RAV\res\html\minicenter\css\images\dot.gif
c:\program files (x86)\Rising\RAV\res\html\minicenter\css\images\pic.png
c:\program files (x86)\Rising\RAV\res\html\minicenter\css\rav.css
c:\program files (x86)\Rising\RAV\res\html\minicenter\rav.html
c:\program files (x86)\Rising\RAV\res\html\minicenter\rav.xml
c:\program files (x86)\Rising\RAV\res\html\minicenter\scripts\rav.js
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\bg.gif
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\login.png
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\mail.png
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\speech.png
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\text.png
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\title.png
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\images\xing.png
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\css\online.css
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\online.html
c:\program files (x86)\Rising\RAV\res\html\onlinesvr\scripts\online.js
c:\program files (x86)\Rising\RAV\res\html\weibo\weibo.html
c:\program files (x86)\Rising\RAV\res\icon1.png
c:\program files (x86)\Rising\RAV\res\icon1H.png
c:\program files (x86)\Rising\RAV\res\icon2.png
c:\program files (x86)\Rising\RAV\res\icon2H.png
c:\program files (x86)\Rising\RAV\res\icon3.png
c:\program files (x86)\Rising\RAV\res\icon3H.png
c:\program files (x86)\Rising\RAV\res\icon4.png
c:\program files (x86)\Rising\RAV\res\icon4H.png
c:\program files (x86)\Rising\RAV\res\icon5.png
c:\program files (x86)\Rising\RAV\res\icon5H.png
c:\program files (x86)\Rising\RAV\res\icon6.png
c:\program files (x86)\Rising\RAV\res\icon6H.png
c:\program files (x86)\Rising\RAV\res\icon7.png
c:\program files (x86)\Rising\RAV\res\icon7H.png
c:\program files (x86)\Rising\RAV\res\iconnew1.png
c:\program files (x86)\Rising\RAV\res\iconnew2.png
c:\program files (x86)\Rising\RAV\res\installIng.png
c:\program files (x86)\Rising\RAV\res\iphone.png
c:\program files (x86)\Rising\RAV\res\ipswitch.png
c:\program files (x86)\Rising\RAV\res\kaka.png
c:\program files (x86)\Rising\RAV\res\linuxboot.png
c:\program files (x86)\Rising\RAV\res\mainmenu\1.png
c:\program files (x86)\Rising\RAV\res\mainmenu\1_2.png
c:\program files (x86)\Rising\RAV\res\mainmenu\2.png
c:\program files (x86)\Rising\RAV\res\mainmenu\2_2.png
c:\program files (x86)\Rising\RAV\res\mainmenu\3.png
c:\program files (x86)\Rising\RAV\res\mainmenu\3_2.png
c:\program files (x86)\Rising\RAV\res\mainmenu\4.png
c:\program files (x86)\Rising\RAV\res\mainmenu\4_2.png
c:\program files (x86)\Rising\RAV\res\mainmenu\5.png
c:\program files (x86)\Rising\RAV\res\mainmenu\5_2.png
c:\program files (x86)\Rising\RAV\res\mainmenu\6.png
c:\program files (x86)\Rising\RAV\res\mainmenu\6_2.png
c:\program files (x86)\Rising\RAV\res\mbrtool.png
c:\program files (x86)\Rising\RAV\res\metroui\MetroIcon.png
c:\program files (x86)\Rising\RAV\res\netcheck.png
c:\program files (x86)\Rising\RAV\res\onlineserver.png
c:\program files (x86)\Rising\RAV\res\packager.png
c:\program files (x86)\Rising\RAV\res\phone.png
c:\program files (x86)\Rising\RAV\res\process.png
c:\program files (x86)\Rising\RAV\res\promgr.png
c:\program files (x86)\Rising\RAV\res\ravusb.png
c:\program files (x86)\Rising\RAV\res\rfw.png
c:\program files (x86)\Rising\RAV\res\rj_bg.png
c:\program files (x86)\Rising\RAV\res\rjIcon.png
c:\program files (x86)\Rising\RAV\res\RjIcon0.png
c:\program files (x86)\Rising\RAV\res\RjIcon1.png
c:\program files (x86)\Rising\RAV\res\rmd\app_robot.png
c:\program files (x86)\Rising\RAV\res\rmd\bootopt.png
c:\program files (x86)\Rising\RAV\res\rmd\computerprotect.png
c:\program files (x86)\Rising\RAV\res\rmd\fileshd.png
c:\program files (x86)\Rising\RAV\res\rmd\fixcookie.png
c:\program files (x86)\Rising\RAV\res\rmd\fixsys.png
c:\program files (x86)\Rising\RAV\res\rmd\game.png
c:\program files (x86)\Rising\RAV\res\rmd\kaka.png
c:\program files (x86)\Rising\RAV\res\rmd\onlineserver.png
c:\program files (x86)\Rising\RAV\res\rmd\promgr.png
c:\program files (x86)\Rising\RAV\res\rmd\rfw.png
c:\program files (x86)\Rising\RAV\res\rmd\rse.png
c:\program files (x86)\Rising\RAV\res\rmd\safesite.png
c:\program files (x86)\Rising\RAV\res\rmd\softmgr.png
c:\program files (x86)\Rising\RAV\res\rmd\trail.png
c:\program files (x86)\Rising\RAV\res\rmd\tuan.png
c:\program files (x86)\Rising\RAV\res\rse.png
c:\program files (x86)\Rising\RAV\res\ruletool.png
c:\program files (x86)\Rising\RAV\res\safepwd.png
c:\program files (x86)\Rising\RAV\res\safesite.png
c:\program files (x86)\Rising\RAV\res\sharemgr.png
c:\program files (x86)\Rising\RAV\res\shellext.png
c:\program files (x86)\Rising\RAV\res\softmgr.png
c:\program files (x86)\Rising\RAV\res\speedpro.png
c:\program files (x86)\Rising\RAV\res\sphone.png
c:\program files (x86)\Rising\RAV\res\tacco.png
c:\program files (x86)\Rising\RAV\res\tagent.png
c:\program files (x86)\Rising\RAV\res\tboot.png
c:\program files (x86)\Rising\RAV\res\tlinux.png
c:\program files (x86)\Rising\RAV\res\tpack.png
c:\program files (x86)\Rising\RAV\res\trail.png
c:\program files (x86)\Rising\RAV\res\treemenu\autorun.png
c:\program files (x86)\Rising\RAV\res\treemenu\boot.png
c:\program files (x86)\Rising\RAV\res\treemenu\computer.png
c:\program files (x86)\Rising\RAV\res\treemenu\disk.png
c:\program files (x86)\Rising\RAV\res\treemenu\dvd.png
c:\program files (x86)\Rising\RAV\res\treemenu\folder.png
c:\program files (x86)\Rising\RAV\res\treemenu\folder2.png
c:\program files (x86)\Rising\RAV\res\treemenu\checkbox1.png
c:\program files (x86)\Rising\RAV\res\treemenu\checkbox2.png
c:\program files (x86)\Rising\RAV\res\treemenu\checkbox3.png
c:\program files (x86)\Rising\RAV\res\treemenu\keyarea.png
c:\program files (x86)\Rising\RAV\res\treemenu\mail.png
c:\program files (x86)\Rising\RAV\res\treemenu\memory.png
c:\program files (x86)\Rising\RAV\res\treemenu\movable.png
c:\program files (x86)\Rising\RAV\res\treemenu\netdisk.png
c:\program files (x86)\Rising\RAV\res\treemenu\plug.png
c:\program files (x86)\Rising\RAV\res\treemenu\ramdisk.png
c:\program files (x86)\Rising\RAV\res\treemenu\unknown.png
c:\program files (x86)\Rising\RAV\res\tuan.png
c:\program files (x86)\Rising\RAV\res\virusbak.png
c:\program files (x86)\Rising\RAV\res\webspeed.png
c:\program files (x86)\Rising\RAV\restorelog.txt
c:\program files (x86)\Rising\RAV\Rising.ico
c:\program files (x86)\Rising\RAV\rkpcoll.dll
c:\program files (x86)\Rising\RAV\rsaddremove.exe
c:\program files (x86)\Rising\RAV\RsAgent.dll
c:\program files (x86)\Rising\RAV\rsagent.exe
c:\program files (x86)\Rising\RAV\RsAX.dll
c:\program files (x86)\Rising\RAV\RsBaseNetWrapper.dll
c:\program files (x86)\Rising\RAV\rscfg.dll
c:\program files (x86)\Rising\RAV\rscmp.dll
c:\program files (x86)\Rising\RAV\rscom.dll
c:\program files (x86)\Rising\RAV\rscombas.dll
c:\program files (x86)\Rising\RAV\rscommx2.dll
c:\program files (x86)\Rising\RAV\rscompscanproxy.dll
c:\program files (x86)\Rising\RAV\rsconfig.dll
c:\program files (x86)\Rising\RAV\rsconfig.exe
c:\program files (x86)\Rising\RAV\rscurl.dll
c:\program files (x86)\Rising\RAV\rsdbmgr.dll
c:\program files (x86)\Rising\RAV\rsdelaylauncher.exe
c:\program files (x86)\Rising\RAV\rsdlcore.dll
c:\program files (x86)\Rising\RAV\rsdlsvr.exe
c:\program files (x86)\Rising\RAV\rsdui.dll
c:\program files (x86)\Rising\RAV\rsdui1.dll
c:\program files (x86)\Rising\RAV\rsdui2.dll
c:\program files (x86)\Rising\RAV\rsduigear.dll
c:\program files (x86)\Rising\RAV\rsduik.dll
c:\program files (x86)\Rising\RAV\RSFilteEngine.dll
c:\program files (x86)\Rising\RAV\RSFilteEngineCom.dll
c:\program files (x86)\Rising\RAV\rsfixscan.dll
c:\program files (x86)\Rising\RAV\rsfixsys.dll
c:\program files (x86)\Rising\RAV\RsGather.dll
c:\program files (x86)\Rising\RAV\rsgear.dll
c:\program files (x86)\Rising\RAV\rsindent.dll
c:\program files (x86)\Rising\RAV\rslang.dll
c:\program files (x86)\Rising\RAV\rslog.dll
c:\program files (x86)\Rising\RAV\rslogdll.dll
c:\program files (x86)\Rising\RAV\rslogvw.dll
c:\program files (x86)\Rising\RAV\rslogvw.exe
c:\program files (x86)\Rising\RAV\rsmain.dll
c:\program files (x86)\Rising\RAV\rsmain.exe
c:\program files (x86)\Rising\RAV\RsMain.ico
c:\program files (x86)\Rising\RAV\rsmginfo.dll
c:\program files (x86)\Rising\RAV\rsmgr.dll
c:\program files (x86)\Rising\RAV\rsmgr.dll.backup
c:\program files (x86)\Rising\RAV\rsmgr.dll.dat
c:\program files (x86)\Rising\RAV\rsmgr64.dll
c:\program files (x86)\Rising\RAV\rsmgr64.dll.backup
c:\program files (x86)\Rising\RAV\rsmgr64.dll.dat
c:\program files (x86)\Rising\RAV\rsmonweb.dll
c:\program files (x86)\Rising\RAV\rsnetsvr.dll
c:\program files (x86)\Rising\RAV\rsnscfg.dat
c:\program files (x86)\Rising\RAV\rspalvd.dll
c:\program files (x86)\Rising\RAV\rsrp.exe
c:\program files (x86)\Rising\RAV\RsSmall.bmp
c:\program files (x86)\Rising\RAV\rssqlite.dll
c:\program files (x86)\Rising\RAV\rssrv.dll
c:\program files (x86)\Rising\RAV\rsstore.dll
c:\program files (x86)\Rising\RAV\rsstub.dll
c:\program files (x86)\Rising\RAV\rsstub.exe
c:\program files (x86)\Rising\RAV\rsswlst.dll
c:\program files (x86)\Rising\RAV\rssysprxy.dll
c:\program files (x86)\Rising\RAV\rstask.dll
c:\program files (x86)\Rising\RAV\rstask.xml
c:\program files (x86)\Rising\RAV\rstasku.xml
c:\program files (x86)\Rising\RAV\rstlist.exe
c:\program files (x86)\Rising\RAV\RstoreDll.dll
c:\program files (x86)\Rising\RAV\rstray.dll
c:\program files (x86)\Rising\RAV\rstray.exe
c:\program files (x86)\Rising\RAV\RsTray.ico
c:\program files (x86)\Rising\RAV\rstray64.exe
c:\program files (x86)\Rising\RAV\rstray64.exe.backup
c:\program files (x86)\Rising\RAV\rstray64.exe.dat
c:\program files (x86)\Rising\RAV\rsundlg.dll
c:\program files (x86)\Rising\RAV\rsupcomp.exe
c:\program files (x86)\Rising\RAV\rsupdater\atl90.dll
c:\program files (x86)\Rising\RAV\rsupdater\cfgxml\rscom.xml
c:\program files (x86)\Rising\RAV\rsupdater\cfgxml\rsupdatertool.rscom
c:\program files (x86)\Rising\RAV\rsupdater\cfgxml\rsupdatertool.xml
c:\program files (x86)\Rising\RAV\rsupdater\commrout.dll
c:\program files (x86)\Rising\RAV\rsupdater\comx3.dll
c:\program files (x86)\Rising\RAV\rsupdater\Microsoft.VC90.ATL.manifest
c:\program files (x86)\Rising\RAV\rsupdater\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Rising\RAV\rsupdater\msvcp90.dll
c:\program files (x86)\Rising\RAV\rsupdater\msvcr90.dll
c:\program files (x86)\Rising\RAV\rsupdater\NetConfig.ini
c:\program files (x86)\Rising\RAV\rsupdater\NewUpdater.dll
c:\program files (x86)\Rising\RAV\rsupdater\procenv.dll
c:\program files (x86)\Rising\RAV\rsupdater\rsbasenetwrapper.dll
c:\program files (x86)\Rising\RAV\rsupdater\rscom.dll
c:\program files (x86)\Rising\RAV\rsupdater\rscurl.dll
c:\program files (x86)\Rising\RAV\rsupdater\rsdui.dll
c:\program files (x86)\Rising\RAV\rsupdater\rsdui1.dll
c:\program files (x86)\Rising\RAV\rsupdater\rsdui2.dll
c:\program files (x86)\Rising\RAV\rsupdater\rsduigear.dll
c:\program files (x86)\Rising\RAV\rsupdater\rsduik.dll
c:\program files (x86)\Rising\RAV\rsupdater\RstoreDll.dll
c:\program files (x86)\Rising\RAV\rsupdater\RsUpdatertool.exe
c:\program files (x86)\Rising\RAV\rsupdater\RSUPDATERTOOL.EXE.log
c:\program files (x86)\Rising\RAV\rsupdater\rsxml3w.dll
c:\program files (x86)\Rising\RAV\rsupdater\Skin\updateskin.lang
c:\program files (x86)\Rising\RAV\rsupdater\Skin\updateskin.rsk
c:\program files (x86)\Rising\RAV\rsupdater\Skin\updateskin.rsu
c:\program files (x86)\Rising\RAV\rsupdatertool.exe
c:\program files (x86)\Rising\RAV\rsutils_if.dll
c:\program files (x86)\Rising\RAV\rsvirlibup.dll
c:\program files (x86)\Rising\RAV\rsvpatch.dll
c:\program files (x86)\Rising\RAV\rsvrinfo.dll
c:\program files (x86)\Rising\RAV\rsxml3a.dll
c:\program files (x86)\Rising\RAV\rsxml3w.dll
c:\program files (x86)\Rising\RAV\safetoolrules.xml
c:\program files (x86)\Rising\RAV\scandeep.dll
c:\program files (x86)\Rising\RAV\scanelf.dll
c:\program files (x86)\Rising\RAV\scanex.dll
c:\program files (x86)\Rising\RAV\ScanExec.dll
c:\program files (x86)\Rising\RAV\ScanMac.dll
c:\program files (x86)\Rising\RAV\scanMpe.dll
c:\program files (x86)\Rising\RAV\scanpe.dll
c:\program files (x86)\Rising\RAV\scanprxy.dll
c:\program files (x86)\Rising\RAV\ScanSct.dll
c:\program files (x86)\Rising\RAV\scansvc.dll
c:\program files (x86)\Rising\RAV\scansvcp.dll
c:\program files (x86)\Rising\RAV\scantj.dll
c:\program files (x86)\Rising\RAV\scanview.dll
c:\program files (x86)\Rising\RAV\selfmon.dll
c:\program files (x86)\Rising\RAV\setup.dat
c:\program files (x86)\Rising\RAV\silence.xml
c:\program files (x86)\Rising\RAV\Skin\add.lang
c:\program files (x86)\Rising\RAV\Skin\add.rsk
c:\program files (x86)\Rising\RAV\Skin\add.rsu
c:\program files (x86)\Rising\RAV\Skin\CCMgr.xml
c:\program files (x86)\Rising\RAV\Skin\Default.rsk
c:\program files (x86)\Rising\RAV\Skin\Default\kaka.zip
c:\program files (x86)\Rising\RAV\Skin\Oa.lang
c:\program files (x86)\Rising\RAV\Skin\Oa.rsu
c:\program files (x86)\Rising\RAV\Skin\OaDefault.rsk
c:\program files (x86)\Rising\RAV\Skin\OaDefault\kaka.zip
c:\program files (x86)\Rising\RAV\Skin\PopSkin\btnClose.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\fb.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\fbnof.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\frmleft.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\frmright.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\lt.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\ltnof.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\msg_fb.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\msg_lb.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\msg_rb.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\rt.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\rtnof.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\title.png
c:\program files (x86)\Rising\RAV\Skin\PopSkin\titleNof.png
c:\program files (x86)\Rising\RAV\Skin\ruixing.lang
c:\program files (x86)\Rising\RAV\Skin\ruixing.rsu
c:\program files (x86)\Rising\RAV\Skin\Set.lang
c:\program files (x86)\Rising\RAV\Skin\Set.rsu
c:\program files (x86)\Rising\RAV\Skin\SetDefault.rsk
c:\program files (x86)\Rising\RAV\Skin\SetDefault\kaka.zip
c:\program files (x86)\Rising\RAV\Skin\sysfirm.lang
c:\program files (x86)\Rising\RAV\Skin\sysfirm.rsk
c:\program files (x86)\Rising\RAV\Skin\sysfirm.rsu
c:\program files (x86)\Rising\RAV\Skin\sysfirm\kaka.zip
c:\program files (x86)\Rising\RAV\Skin\Tray.lang
c:\program files (x86)\Rising\RAV\Skin\Tray.rsu
c:\program files (x86)\Rising\RAV\Skin\TrayDefault.rsk
c:\program files (x86)\Rising\RAV\Skin\TrayDefault\kaka.zip
c:\program files (x86)\Rising\RAV\smarttrt.dll
c:\program files (x86)\Rising\RAV\smrtscan.dll
c:\program files (x86)\Rising\RAV\storeif.dll
c:\program files (x86)\Rising\RAV\syslay.dll
c:\program files (x86)\Rising\RAV\sysmon_if.dll
c:\program files (x86)\Rising\RAV\taskplug.dll
c:\program files (x86)\Rising\RAV\tlistvw.dll
c:\program files (x86)\Rising\RAV\tooldat.dll
c:\program files (x86)\Rising\RAV\toolvw.dll
c:\program files (x86)\Rising\RAV\TrayScan.dll
c:\program files (x86)\Rising\RAV\TrayShutdown.dll
c:\program files (x86)\Rising\RAV\traywnd.dll
c:\program files (x86)\Rising\RAV\ui\css\core.css
c:\program files (x86)\Rising\RAV\ui\css\images\bg.gif
c:\program files (x86)\Rising\RAV\ui\css\images\btns.gif
c:\program files (x86)\Rising\RAV\ui\css\images\closeBtn.png
c:\program files (x86)\Rising\RAV\ui\css\images\icons\boot.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\garbage.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\mobile.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\news.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\private.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\rav.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\rfw.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\rse.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\sign.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\web.gif
c:\program files (x86)\Rising\RAV\ui\css\images\icons\weibo.gif
c:\program files (x86)\Rising\RAV\ui\css\images\logo.gif
c:\program files (x86)\Rising\RAV\ui\css\images\money.gif
c:\program files (x86)\Rising\RAV\ui\css\images\sign.gif
c:\program files (x86)\Rising\RAV\ui\css\usercenter.css
c:\program files (x86)\Rising\RAV\ui\js\core.js
c:\program files (x86)\Rising\RAV\ui\js\jquery-1.8.3.min.js
c:\program files (x86)\Rising\RAV\ui\js\jquery.ie6png.js
c:\program files (x86)\Rising\RAV\ui\js\usercenter.js
c:\program files (x86)\Rising\RAV\ui\rstlist.htm
c:\program files (x86)\Rising\RAV\unexe.dll
c:\program files (x86)\Rising\RAV\uprslog.dat
c:\program files (x86)\Rising\RAV\uprsmon.dat
c:\program files (x86)\Rising\RAV\uprsuser.dat
c:\program files (x86)\Rising\RAV\ur004.dat
c:\program files (x86)\Rising\RAV\ur006.dat
c:\program files (x86)\Rising\RAV\ur007.dat
c:\program files (x86)\Rising\RAV\ur009.dat
c:\program files (x86)\Rising\RAV\ur010.dat
c:\program files (x86)\Rising\RAV\ur011.dat
c:\program files (x86)\Rising\RAV\ur012.dat
c:\program files (x86)\Rising\RAV\ur013.dat
c:\program files (x86)\Rising\RAV\ur014.dat
c:\program files (x86)\Rising\RAV\ur015.dat
c:\program files (x86)\Rising\RAV\ur016.dat
c:\program files (x86)\Rising\RAV\ur019.dat
c:\program files (x86)\Rising\RAV\ur020.dat
c:\program files (x86)\Rising\RAV\ur021.dat
c:\program files (x86)\Rising\RAV\ur022.dat
c:\program files (x86)\Rising\RAV\ur023.dat
c:\program files (x86)\Rising\RAV\ur024.dat
c:\program files (x86)\Rising\RAV\ur025.dat
c:\program files (x86)\Rising\RAV\ur026.dat
c:\program files (x86)\Rising\RAV\ur027.dat
c:\program files (x86)\Rising\RAV\ur028.dat
c:\program files (x86)\Rising\RAV\ur029.dat
c:\program files (x86)\Rising\RAV\url.ini
c:\program files (x86)\Rising\RAV\urlfilte.ini
c:\program files (x86)\Rising\RAV\urllib.dll
c:\program files (x86)\Rising\RAV\urllib\virurl.bas
c:\program files (x86)\Rising\RAV\urllib\virusdb.cfg
c:\program files (x86)\Rising\RAV\UrlLibd.dll
c:\program files (x86)\Rising\RAV\UrlRule.dll
c:\program files (x86)\Rising\RAV\uroutine.dll
c:\program files (x86)\Rising\RAV\urutils.dll
c:\program files (x86)\Rising\RAV\usbserv.dll
c:\program files (x86)\Rising\RAV\virlib\malware.rmd
c:\program files (x86)\Rising\RAV\virlib\virbas.rmd
c:\program files (x86)\Rising\RAV\virlib\virlib.cfg
c:\program files (x86)\Rising\RAV\virlibup.dll
c:\program files (x86)\Rising\RAV\virlibupdater.exe
c:\program files (x86)\Rising\RAV\viruslib.dll
c:\program files (x86)\Rising\RAV\vmicore.dll
c:\program files (x86)\Rising\RAV\vpatch.dll
c:\program files (x86)\Rising\RAV\vpatch.sdb.dat
c:\program files (x86)\Rising\RAV\vpatchmon.dll
c:\program files (x86)\Rising\RAV\vpivot.dll
c:\program files (x86)\Rising\RAV\wbprotect.dll.dat
c:\program files (x86)\Rising\RAV\wbshelper64.dll
c:\program files (x86)\Rising\RAV\wbshelper64.dll.backup
c:\program files (x86)\Rising\RAV\wbshelper64.dll.dat
c:\program files (x86)\Rising\RAV\XMLS\_RAV.xml
c:\program files (x86)\Rising\RAV\XMLS\BOOTTIP.xml
c:\program files (x86)\Rising\RAV\XMLS\CLOUD.xml
c:\program files (x86)\Rising\RAV\XMLS\CLOUDQRY.xml
c:\program files (x86)\Rising\RAV\XMLS\CLOUDV3.xml
c:\program files (x86)\Rising\RAV\XMLS\CONFIGDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\DEFCFG.xml
c:\program files (x86)\Rising\RAV\XMLS\DUISKIN.xml
c:\program files (x86)\Rising\RAV\XMLS\FILEMON.xml
c:\program files (x86)\Rising\RAV\XMLS\FIRMXML.xml
c:\program files (x86)\Rising\RAV\XMLS\HOOKBASE.xml
c:\program files (x86)\Rising\RAV\XMLS\INSTALLMONDEF.xml
c:\program files (x86)\Rising\RAV\XMLS\LIBCFG.xml
c:\program files (x86)\Rising\RAV\XMLS\LIBTOOL.xml
c:\program files (x86)\Rising\RAV\XMLS\LICENSE.xml
c:\program files (x86)\Rising\RAV\XMLS\LOGDB.xml
c:\program files (x86)\Rising\RAV\XMLS\LOGVWDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\MAILMON.xml
c:\program files (x86)\Rising\RAV\XMLS\MAINVIEW.xml
c:\program files (x86)\Rising\RAV\XMLS\MONBASEDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\MONSTATE.xml
c:\program files (x86)\Rising\RAV\XMLS\MONWEB.xml
c:\program files (x86)\Rising\RAV\XMLS\MSCRT9.xml
c:\program files (x86)\Rising\RAV\XMLS\PUBCFG.xml
c:\program files (x86)\Rising\RAV\XMLS\RAV1252.xml
c:\program files (x86)\Rising\RAV\XMLS\RAV936.xml
c:\program files (x86)\Rising\RAV\XMLS\RAV950.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVBASE.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVCONFIG.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVDEFDB.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVDUICOMS.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVDUITY.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVGUIDE.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVLANG1.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVLANG2.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVLANG3.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVLOG.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVMAINDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVMON.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVTASK.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVUIRES.xml
c:\program files (x86)\Rising\RAV\XMLS\RAVXP.xml
c:\program files (x86)\Rising\RAV\XMLS\REGGUIDE.xml
c:\program files (x86)\Rising\RAV\XMLS\RSAGENT.xml
c:\program files (x86)\Rising\RAV\XMLS\RSBSMAIN.xml
c:\program files (x86)\Rising\RAV\XMLS\RSCFG.xml
c:\program files (x86)\Rising\RAV\XMLS\RSCMP.xml
c:\program files (x86)\Rising\RAV\XMLS\RSCOMM.xml
c:\program files (x86)\Rising\RAV\XMLS\RSDK.xml
c:\program files (x86)\Rising\RAV\XMLS\RSDUIGEAR.xml
c:\program files (x86)\Rising\RAV\XMLS\RSENGINE.xml
c:\program files (x86)\Rising\RAV\XMLS\RSENGINEGOEX.xml
c:\program files (x86)\Rising\RAV\XMLS\RSFLTENG.xml
c:\program files (x86)\Rising\RAV\XMLS\RSLANG.xml
c:\program files (x86)\Rising\RAV\XMLS\RSMONDEF.xml
c:\program files (x86)\Rising\RAV\XMLS\RSMSG.xml
c:\program files (x86)\Rising\RAV\XMLS\RSPASSPORT.xml
c:\program files (x86)\Rising\RAV\XMLS\RSSCAN.xml
c:\program files (x86)\Rising\RAV\XMLS\RSSTARTUPOPT.xml
c:\program files (x86)\Rising\RAV\XMLS\RSSTORE.xml
c:\program files (x86)\Rising\RAV\XMLS\RSSTUB.xml
c:\program files (x86)\Rising\RAV\XMLS\RSTRAYDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\RSUPDATER.xml
c:\program files (x86)\Rising\RAV\XMLS\RSVIRBAS.xml
c:\program files (x86)\Rising\RAV\XMLS\RSVIRBASEX.xml
c:\program files (x86)\Rising\RAV\XMLS\RSVIRLIB.xml
c:\program files (x86)\Rising\RAV\XMLS\RSVIRLIBUPEX.xml
c:\program files (x86)\Rising\RAV\XMLS\RSVPATCH.xml
c:\program files (x86)\Rising\RAV\XMLS\RSVRINFO.xml
c:\program files (x86)\Rising\RAV\XMLS\setup.xml
c:\program files (x86)\Rising\RAV\XMLS\TOOLDL.xml
c:\program files (x86)\Rising\RAV\XMLS\TRAYCFGDUI.xml
c:\program files (x86)\Rising\RAV\XMLS\UPCFGRAV.xml
c:\program files (x86)\Rising\RAV\XMLS\UPDUILIB.xml
c:\program files (x86)\Rising\RAV\XMLS\UPLOAD.xml
c:\program files (x86)\Rising\RAV\XMLS\URLLIBD.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\_RAV\_RAV.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\_RAV\setup.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\BOOTTIP\BOOTTIP.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\BOOTTIP\rsrp.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\BOOTTIP\rsrp.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUD\CLOUD.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUD\rsindent.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUD\rsnetsvr.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudnet.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudqry.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\CLOUDQRY.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudsta.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\rscurl.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\rsnscfg.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudnotifier.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudstore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\Cloudv3.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\CLOUDV3.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudwork.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\datastorage.db
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\dataups.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\localopt.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\userdata.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\userdata.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\CompsVer.inf
c:\program files (x86)\Rising\RSD\Backup\RAV\CONFIGDUI\config.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\CONFIGDUI\CONFIGDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\CONFIGDUI\rsconfig.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\DEFCFG\defcfg.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\DEFCFG\DEFCFG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\DEFCFG\mruleui.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\DEFCFG\sysfirm.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\CCMgr.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Default.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Default\kaka.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\DUISKIN.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Oa.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Oa.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\OaDefault.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\OaDefault\kaka.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\ruixing.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\ruixing.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Set.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Set.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\SetDefault.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\SetDefault\kaka.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\sysfirm.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\sysfirm.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\sysfirm.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\sysfirm\kaka.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Tray.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\Tray.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\TrayDefault.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\DUISKIN\TrayDefault\kaka.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\FILEMON\bfilemon.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\FILEMON\filemon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\FILEMON\filemon.rwl
c:\program files (x86)\Rising\RSD\Backup\RAV\FILEMON\FILEMON.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\FIRMXML\firm.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\FIRMXML\FIRMXML.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\FIRMXML\silence.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\rsndisp.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\rsutils.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\sysmon.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\hookbase.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\HOOKBASE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard_if.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\mondrv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsdll.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsndisp.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsutils.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsutils_if.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon_if.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\INSTALLMONDEF\add.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\INSTALLMONDEF\add.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\INSTALLMONDEF\add.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\INSTALLMONDEF\INSTALLMONDEF.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\INSTALLMONDEF\rsaddremove.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\Label.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBCFG\libcfg.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBCFG\LIBCFG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBCFG\rfwdb.cfg
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBCFG\virfish.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBCFG\virmurl.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBTOOL\LIBTOOL.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBTOOL\recomp.cfg
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBTOOL\recomp.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBTOOL\refs.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBTOOL\relibldr.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LIBTOOL\viruslib.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LICENSE\12345678.000
c:\program files (x86)\Rising\RSD\Backup\RAV\LICENSE\12345678.000.bak
c:\program files (x86)\Rising\RSD\Backup\RAV\LICENSE\LICENSE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGDB\LOGDB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGDB\rslogdll.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGDB\uprslog.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGDB\viruslog.db
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\logquery.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\logvw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\LOGVWDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\rslogvw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\rslogvw.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\rslogvw.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\LOGVWDUI\storeif.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MAILMON\cmailmon.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\MAILMON\mailmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MAILMON\MAILMON.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\alert.wav
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\defview.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\MAINVIEW.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\monmgr.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\ravmview.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\rsconfig.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MAINVIEW\scanview.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\MONBASEDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\moncomm.dll

Nexxy · #15 Příspěvek od **Nexxy** » 25 srp 2015 22:27

c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\ravmond.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rscombas.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rssrv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONSTATE\monstate.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONSTATE\MONSTATE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MONWEB\MONWEB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MONWEB\ravscrch.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\MONWEB\rsmonweb.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MONWEB\rsscrbho.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\atl90.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.ATL.manifest
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\MSCRT9.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcp90.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcr90.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\PUBCFG\pubcfg.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\PUBCFG\PUBCFG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV1252\eng.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV1252\lics1252.txt
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV1252\RAV1252.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV936\chs.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV936\lics936.txt
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV936\RAV936.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV950\cht.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV950\lics950.txt
c:\program files (x86)\Rising\RSD\Backup\RAV\RAV950\RAV950.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\chinese.cpf
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\idiom.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Ilscu.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\InDTszB.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\let_num.cpf
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\letters.cpf
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\lnchr.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogAc.bmp
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogDc.bmp
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\nprising.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\num.cpf
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\pngdll.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAV.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAVBASE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RavSetup.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\reliverav.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Repair.url
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mondcoms
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Rising.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsAX.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsMain.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rsmgr.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rsmgr.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rsmgr64.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rspalvd.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsSmall.bmp
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rstask.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsTray.ico
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rstray64.exe.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rsundlg.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\setup.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\TrayShutdown.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\TrayShutdown.rscom
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\TrayShutdown.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\url.ini
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\wbprotect.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\wbprotect.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\wbshelper64.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\wbshld.dll.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\wbshld.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVBASE\wbshld64.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\mergexml.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\ravcfg.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\RAVCONFIG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\mondef.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\RAVDEFDB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\rsmon.db1
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\rsuser.db1
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsmon.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsuser.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUICOMS\RAVDUICOMS.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUICOMS\rscom.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUICOMS\rsconfig.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUICOMS\rsmain.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUICOMS\rswizard.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUITY\montray.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUITY\RAVDUITY.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUITY\scantray.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUITY\TrayScan.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVDUITY\usbserv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\RAVGUIDE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\Free0936.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\Free0950.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\Free1252.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\091015_01.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\091015_16.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\091015_17.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\110318_01.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\110321_01.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\110321_04.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\110322_01.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\images\110322_02.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\SnIn0936.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\SnIn0950.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVGUIDE\Regguide\SnIn1252.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG1\language\ATip936.ini
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG1\language\chs.la0
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG1\language\chs.lac
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG1\language\chs.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG1\language\Langchs.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG1\RAVLANG1.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG2\language\ATip950.ini
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG2\language\cht.la0
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG2\language\cht.lac
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG2\language\cht.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG2\language\Langcht.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG2\RAVLANG2.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG3\language\ATip1252.ini
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG3\language\Eng.la0
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG3\language\Eng.lac
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG3\language\Eng.lag
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG3\language\LangENG.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLANG3\RAVLANG3.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLOG\RAVLOG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVLOG\rslog.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\RAVMAINDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\rsmain.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\rsmain.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMON\mond.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMON\mondcoms.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVMON\RAVMON.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVTASK\RAVTASK.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVTASK\rstask.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVTASK\taskplug.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\RAVUIRES.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\adslshr.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\aphone.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\app_robot.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\bootopt.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\closeicon2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\clrfile.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\computerprotect.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\Correct.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\fileshd.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\fixcookie.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\fixsys.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\game.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\hotIcon.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\faq.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\11.jpg
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\11.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\3.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\4.jpg
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\iask.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\jian.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\navhover.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\navon.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\navsep.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\tipbg.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\css\images\xian.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\faq.html
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\faq\scripts\faq.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\forum.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\activit2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\activity.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\help.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\help2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\line.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\new.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\new2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\setting.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\css\images\setting2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\forum.html
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\forum\scripts\forum.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\help.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\compass.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\compass2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\deal.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\deal2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\intefac2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\interfac.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\questio2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\question.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\service.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\service2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\setting.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\css\images\setting2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\help.html
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\help\scripts\help.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\minicenter\css\images\dot.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\minicenter\css\images\pic.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\minicenter\css\rav.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\minicenter\rav.html
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\minicenter\rav.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\minicenter\scripts\rav.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\bg.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\login.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\mail.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\speech.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\text.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\title.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\images\xing.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\css\online.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\online.html
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\onlinesvr\scripts\online.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\html\weibo\weibo.html
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon1.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon1H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon2H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon3.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon3H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon4.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon4H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon5.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon5H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon6.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon6H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon7.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\icon7H.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\iconnew1.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\iconnew2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\installIng.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\iphone.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\ipswitch.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\kaka.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\linuxboot.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\1.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\1_2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\2_2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\3.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\3_2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\4.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\4_2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\5.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\5_2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\6.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mainmenu\6_2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\mbrtool.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\metroui\MetroIcon.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\netcheck.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\onlineserver.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\packager.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\phone.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\process.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\promgr.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\ravusb.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rfw.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rj_bg.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rjIcon.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\RjIcon0.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\RjIcon1.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\app_robot.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\bootopt.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\computerprotect.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\fileshd.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\fixcookie.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\fixsys.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\game.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\kaka.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\onlineserver.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\promgr.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\rfw.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\rse.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\safesite.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\softmgr.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\trail.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rmd\tuan.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\rse.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\ruletool.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\safepwd.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\safesite.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\sharemgr.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\shellext.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\softmgr.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\speedpro.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\sphone.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\tacco.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\tagent.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\tboot.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\tlinux.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\tpack.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\trail.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\autorun.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\boot.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\computer.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\disk.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\dvd.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\folder.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\folder2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\checkbox1.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\checkbox2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\checkbox3.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\keyarea.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\mail.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\memory.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\movable.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\netdisk.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\plug.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\ramdisk.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\treemenu\unknown.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\tuan.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\virusbak.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVUIRES\res\webspeed.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVXP\ravxp.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RAVXP\RAVXP.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\REGGUIDE\regguide.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\REGGUIDE\regguide.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\REGGUIDE\REGGUIDE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\actions.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Bye.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\DblClk.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Deletef.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\dialog.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Dragging.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Eatwm.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\fallback.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Findv.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Gally.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\hands.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Hello.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\hidden.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\hiding.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Ignorev.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Killv.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\RbtnClk.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\RsAgent.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\rsagent.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\RSAGENT.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Scanning.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\showup.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Sleeping.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\smog.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StaFindv.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\Stand.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StarScan.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StaSleep.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StatDrag.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StoFindv.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StopDrag.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StopScan.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\StoSleep.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSAGENT\vanish.swf
c:\program files (x86)\Rising\RSD\Backup\RAV\RSBOOTBK\RSBOOTBK.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSBSMAIN\bsmain.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSBSMAIN\PreScan.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSBSMAIN\RSBSMAIN.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCFG\rscfg.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCFG\RSCFG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\CloudMP.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\cloudmp.rscom
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\cloudmp.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\cloudmpw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\CMPA.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\CMPA.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\CMPB.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\CMPCUsb.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\rscmp.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCMP\RSCMP.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\cnt08.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\cnt09.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\moncom08.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\Proccom.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\Proccomm.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\RsBaseNetWrapper.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\RSCOMM.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rscommx2.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rssqlite.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSCOMM\syslay.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\comx3.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\dfw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\procenv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\rscom.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\RSDK.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3a.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3w.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDK\traywnd.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDUIGEAR\commfunc.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDUIGEAR\commrout.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDUIGEAR\rsduigear.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDUIGEAR\RSDUIGEAR.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSDUIGEAR\rsgear.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\64\hvm.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\cloudcom.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\cloudnet.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\cloudtfc.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\engext.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\extalgo.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\extarch.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\extcomp.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\extcryp.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ExtMail.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ExtOLE.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\extsfx.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ffr.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\filecent.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\hvm.sys
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\keyzone.bin
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\nvfile.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\pearc.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\rkpcoll.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\RSENGINE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scandeep.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scanelf.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scanex.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ScanExec.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ScanMac.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scanMpe.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scanpe.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ScanSct.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scansvc.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\scantj.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\smarttrt.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\unexe.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur004.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur006.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur007.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur009.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur010.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur011.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur012.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur013.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur014.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur015.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur016.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur019.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur020.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur021.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur022.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur023.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur024.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur025.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur026.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur027.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur028.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\ur029.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\uroutine.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\urutils.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINE\vmicore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\methodex.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\revm.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\RSENGINEGOEX.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxarch.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxcoml.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxcore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxffr.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxfsm.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxmail.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxmltk.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxmss.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxoffice.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxruntim.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxsig64.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxvision.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxwinpe.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\rxxdu0.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scanelf.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scanex.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scanexec.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scanmac.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scanpe.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scansct.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scansvc.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\scriptci.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\uroutine.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\urutils.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSENGINEGOEX\vex86.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\RSFilteEngine.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\RSFilteEngineCom.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\RSFLTENG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\urlfilte.ini
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\urlfilter.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\urllib.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\URLRs.fwr
c:\program files (x86)\Rising\RSD\Backup\RAV\RSFLTENG\UrlRule.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSLANG\langsel.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSLANG\rslang.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSLANG\RSLANG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\adefmon.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\antipromotionmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bacore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bawhite.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bawhite.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\defmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\monrule.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\RSMONDEF.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\selfmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\x64\adefmon.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\btnClose.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\fb.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\fbnof.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\frmleft.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\frmright.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\lt.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\ltnof.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\msg_fb.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\msg_lb.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\msg_rb.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\rsmginfo.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\rsmginfo.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\RSMSG.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\rt.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\rtnof.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\title.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSMSG\titleNof.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\accountprot.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\activities.default
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\RSPASSPORT.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\rstlist.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\rstlist.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\taskicon\1.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\taskicon\2.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\taskicon\3.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\taskicon\4.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\tlistvw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\core.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\bg.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\btns.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\closeBtn.png
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\boot.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\garbage.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\mobile.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\news.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\private.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\rav.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\rfw.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\rse.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\sign.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\web.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\icons\weibo.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\logo.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\money.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\images\sign.gif
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\css\usercenter.css
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\js\core.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\js\jquery-1.8.3.min.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\js\jquery.ie6png.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\js\usercenter.js
c:\program files (x86)\Rising\RSD\Backup\RAV\RSPASSPORT\ui\rstlist.htm
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\fixeng.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\ravext.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\ravext64.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\ravlite.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\ravlite.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\rscompscanproxy.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\rsfixscan.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\rsfixsys.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\RSSCAN.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\rsswlst.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\rssysprxy.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\scanprxy.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\scansvcp.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\smrtscan.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSCAN\smrtscan.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\boottm.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\brscan.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\btoptvw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\cfgxml\boottm.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\cfgxml\boottm.mondcoms
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\cfgxml\brscan.rscom
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\cfgxml\brscan.rstray
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\cfgxml\rsdelaylauncher.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\Data\BootRun.db
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\Data\bootrunscan.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\Data\os.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\rsdelaylauncher.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTARTUPOPT\RSSTARTUPOPT.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTORE\kkdb.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTORE\ravbin.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTORE\rsdbmgr.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTORE\rsstore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTORE\RSSTORE.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTUB\rsstub.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTUB\rsstub.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSSTUB\RSSTUB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSTRAYDUI\comserv.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSTRAYDUI\rstoast.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSTRAYDUI\rstray.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSTRAYDUI\rstray.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSTRAYDUI\RSTRAYDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\newupdater.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\rscom.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\RstoreDll.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\RSUPDATER.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\rsupdatertool.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\rsupdatertool.rscom
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\rsupdatertool.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\updateskin.lang
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\updateskin.rsk
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUPDATER\updateskin.rsu
c:\program files (x86)\Rising\RSD\Backup\RAV\RSUSB\RSUSB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\cl.def
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\RSVIRBAS.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virboot.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\vircom.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virelf.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virinfo.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virmacr.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virmz.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virnew.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virnorm.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virsct.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBAS\virvm.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBASEX\RSVIRBASEX.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRBASEX\virbas.rmd
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp0.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp1.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp10.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp2.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp3.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp4.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp5.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp6.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp7.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp8.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\rp9.zip
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\RsVirIns.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\RSVIRLIB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIB\virusdb.cfg
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIBUPEX\rsvirlibup.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIBUPEX\RSVIRLIBUPEX.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIBUPEX\virlibup.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIBUPEX\virlibupdater.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIBUPEX\virlibupdater.rscom
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVIRLIBUPEX\virlibupdater.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\rsvpatch.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\RSVPATCH.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\vpatch.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\vpatch.sdb.dat
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\vpatchmon.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\vpatchmon.mond
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVPATCH\vpivot.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVRINFO\rsvrinfo.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\RSVRINFO\RSVRINFO.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\item.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\rsdlcore.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\rsdlsvr.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\rsupcomp.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\safetoolrules.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\tooldat.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\TOOLDL.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TOOLDL\toolvw.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\TRAYCFGDUI\rstray.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TRAYCFGDUI\TRAYCFGDUI.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TRAYCFGDUI\TrayIcon.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\TRAYCFGDUI\TrayMenu.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\config.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\Gather.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\LocalMD5.db
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\LogSign.db
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\report.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\ReportT.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPCFGRAV\UPCFGRAV.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPDUILIB\rsdui.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPDUILIB\rsdui1.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPDUILIB\rsdui2.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPDUILIB\rsduik.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPDUILIB\UPDUILIB.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\UPLOAD\CloudSys.exe
c:\program files (x86)\Rising\RSD\Backup\RAV\UPLOAD\cloudsysext.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPLOAD\GatFile.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPLOAD\RsGather.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\UPLOAD\UPLOAD.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\URLLIBD\UrlLibd.dll
c:\program files (x86)\Rising\RSD\Backup\RAV\URLLIBD\URLLIBD.xml
c:\program files (x86)\Rising\RSD\Backup\RAV\URLLIBD\virurl.bas
c:\program files (x86)\Rising\RSD\Backup\RAV\URLLIBD\virusdb.cfg
c:\program files (x86)\Rising\RSD\Backup\RAV\VIRLIBBK\VIRLIBBK.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\CfgDll.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\comx3.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\localopt.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\os.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\popwndexe.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\protreg.sys
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsAppMgr.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsBackup.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD1252\Eng.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD932\Jpn.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdk.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rslang.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsmginfo.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsStub.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\RstoreDll.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\setup.dat
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\Setup.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\syslay.dll
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\ui\snin.htm
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\update.xml
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\updater.exe
c:\program files (x86)\Rising\RSD\Backup\RSD\RSSetup\Updater.exe.log
c:\program files (x86)\Rising\RSD\CfgDll.dll
c:\program files (x86)\Rising\RSD\CldRsd.dll
c:\program files (x86)\Rising\RSD\comx3.dll
c:\program files (x86)\Rising\RSD\Data\RAV\RAV.ini
c:\program files (x86)\Rising\RSD\localopt.dll
c:\program files (x86)\Rising\RSD\os.xml
c:\program files (x86)\Rising\RSD\popwndexe.exe
c:\program files (x86)\Rising\RSD\restorelog.txt
c:\program files (x86)\Rising\RSD\RsAppMgr.dll
c:\program files (x86)\Rising\RSD\RsBackup.exe
c:\program files (x86)\Rising\RSD\RSD1252\Eng.lag
c:\program files (x86)\Rising\RSD\RSD932\Jpn.lag
c:\program files (x86)\Rising\RSD\RSD936\CHS.lag
c:\program files (x86)\Rising\RSD\RSD950\CHT.lag
c:\program files (x86)\Rising\RSD\rsdinfo.dll
c:\program files (x86)\Rising\RSD\rsdk.dll
c:\program files (x86)\Rising\RSD\rslang.dll
c:\program files (x86)\Rising\RSD\rsmginfo.dll
c:\program files (x86)\Rising\RSD\RsMgrSvc.dat
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe
c:\program files (x86)\Rising\RSD\RsMgrSvc.exe.log
c:\program files (x86)\Rising\RSD\RsMgrsvc.ini
c:\program files (x86)\Rising\RSD\RsStub.exe
c:\program files (x86)\Rising\RSD\RstoreDll.dll
c:\program files (x86)\Rising\RSD\setup.dat
c:\program files (x86)\Rising\RSD\Setup.exe
c:\program files (x86)\Rising\RSD\Setup.exe.log
c:\program files (x86)\Rising\RSD\syslay.dll
c:\program files (x86)\Rising\RSD\ui\snin.htm
c:\program files (x86)\Rising\RSD\update.xml
c:\program files (x86)\Rising\RSD\updater.exe
c:\program files (x86)\Rising\RSD\UPDATER.EXE.log
c:\program files (x86)\Rising\RSD\XMLS\RSSetup.xml
c:\program files (x86)\Xobni
c:\program files (x86)\Xobni\Antlr3.Runtime.dll
c:\program files (x86)\Xobni\Antlr3.Utility.dll
c:\program files (x86)\Xobni\CloseOutlook.exe
c:\program files (x86)\Xobni\CoreGACInstall.msi
c:\program files (x86)\Xobni\de\XobniResources.resources.dll
c:\program files (x86)\Xobni\extensibility.dll
c:\program files (x86)\Xobni\fr\XobniResources.resources.dll
c:\program files (x86)\Xobni\gac-install.log
c:\program files (x86)\Xobni\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\Xobni\InspectorX.exe
c:\program files (x86)\Xobni\Interop.shdocvw.dll
c:\program files (x86)\Xobni\LinqBridge.dll
c:\program files (x86)\Xobni\ManagedAggregator.dll
c:\program files (x86)\Xobni\Microsoft.Office.Interop.Outlook.dll
c:\program files (x86)\Xobni\Microsoft.Office.Interop.Word.dll
c:\program files (x86)\Xobni\Microsoft.Vbe.Interop.dll
c:\program files (x86)\Xobni\MiniInspectorX.exe
c:\program files (x86)\Xobni\Newtonsoft.Json.Net20.dll
c:\program files (x86)\Xobni\office.dll
c:\program files (x86)\Xobni\ServerSync.dll
c:\program files (x86)\Xobni\sig.da
c:\program files (x86)\Xobni\spec.json
c:\program files (x86)\Xobni\stdole.dll
c:\program files (x86)\Xobni\System.Data.SQLite.dll
c:\program files (x86)\Xobni\Uninstall.exe
c:\program files (x86)\Xobni\UninstallCleanup.exe
c:\program files (x86)\Xobni\UninstallerWizard.exe
c:\program files (x86)\Xobni\Utilities.dll
c:\program files (x86)\Xobni\WindowDriver.dll
c:\program files (x86)\Xobni\xcore.cab
c:\program files (x86)\Xobni\Xobni.XMapiAccessor.dll
c:\program files (x86)\Xobni\xobni_link.ico
c:\program files (x86)\Xobni\XobniCommon.dll
c:\program files (x86)\Xobni\XobniFailsafeUpdateChecker.dll
c:\program files (x86)\Xobni\XobniFeeds.dll
c:\program files (x86)\Xobni\XobniMain.dll
c:\program files (x86)\Xobni\XobniMainConnector.dll
c:\program files (x86)\Xobni\XobniMainConnectorShim.dll
c:\program files (x86)\Xobni\XobniPluginAPI.dll
c:\program files (x86)\Xobni\XobniResources.dll
c:\program files (x86)\Xobni\XobniService.exe
c:\program files (x86)\Xobni\XobniServiceInstaller.exe
c:\program files (x86)\Xobni\xobniServiceInstallState.dat
c:\program files (x86)\Xobni\XobniStatistics.dll
c:\program files (x86)\Xobni\ZedGraph.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QMUDISK
-------\Legacy_QQSYSMONX64
-------\Legacy_TS888X64
-------\Legacy_TSDEFENSEBT
-------\Service_AdobeUpdateService
-------\Service_QMUdisk
-------\Service_QQPCRTP
-------\Service_QQSysMonX64
-------\Service_RsMgrSvc
-------\Service_RsRavMon
-------\Service_TAOFrame
-------\Service_TS888x64
-------\Service_TSDefenseBt
-------\Service_XobniService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-25 do 2015-08-25 )))))))))))))))))))))))))))))))
.
.
2015-08-25 21:07 . 2015-08-25 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-25 12:52 . 2015-08-25 12:52 -------- d-----w- c:\program files\Adobe
2015-08-25 12:45 . 2015-08-25 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2015-08-25 12:23 . 2015-08-25 12:23 -------- d-----w- c:\users\Petr\AppData\Roaming\PDAppFlex
2015-08-25 10:49 . 2015-08-25 17:45 -------- d-----r- c:\users\Petr\Creative Cloud Files
2015-08-25 10:48 . 2015-08-25 17:42 -------- d-----w- c:\programdata\boost_interprocess
2015-08-25 07:53 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-25 07:53 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-25 07:53 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-25 07:42 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe
2015-08-25 07:42 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll
2015-08-25 07:42 . 2015-06-25 10:01 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-08-25 07:42 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-08-25 07:33 . 2015-08-25 07:29 91928 ------w- c:\windows\SysWow64\vpatch.dll
2015-08-25 07:33 . 2015-08-25 07:33 -------- d-----r- C:\RavBin
2015-08-25 07:30 . 2015-08-25 07:13 325400 ------w- c:\windows\system32\ravext64.dll
2015-08-25 07:30 . 2015-08-25 07:13 256280 ------w- c:\windows\SysWow64\ravext.dll
2015-08-25 07:30 . 2015-08-25 07:10 41784 ------w- c:\windows\system32\drivers\hvm.sys
2015-08-25 07:30 . 2015-08-25 07:10 240472 ------w- c:\windows\SysWow64\bsmain.exe
2015-08-24 18:28 . 2015-08-24 18:28 -------- d-----w- C:\_OTM
2015-08-24 18:27 . 2015-08-24 18:35 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-08-24 17:51 . 2015-08-24 17:51 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-08-24 17:42 . 2015-08-24 17:42 -------- d-----w- c:\programdata\TXQMPC
2015-08-24 17:41 . 2015-08-24 17:37 74040 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-08-24 17:41 . 2015-08-24 17:41 -------- d-----w- c:\program files\Common Files\Tencent
2015-08-24 17:40 . 2015-08-24 17:37 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-08-24 17:39 . 2015-08-24 17:37 274232 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys
2015-08-24 17:38 . 2015-08-24 17:37 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2015-08-24 17:38 . 2015-08-24 17:38 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2015-08-24 17:35 . 2015-08-25 07:04 71760 ------w- c:\windows\system32\drivers\rsutils.sys
2015-08-24 17:35 . 2015-08-25 07:04 119256 ------w- c:\windows\system32\drivers\sysmon.sys
2015-08-24 17:35 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-08-24 17:34 . 2015-08-24 18:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Tencent
2015-08-24 17:34 . 2015-08-24 17:36 -------- d-----w- c:\programdata\Rising
2015-08-24 17:33 . 2015-08-24 17:44 -------- d-----w- c:\programdata\Tencent
2015-08-24 17:25 . 2015-08-25 10:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-08-24 17:22 . 2015-08-24 17:22 -------- d-----w- C:\AdwCleaner
2015-08-24 17:13 . 2015-08-24 17:13 -------- d-----w- C:\sohucache
2015-08-24 17:13 . 2015-08-24 17:13 -------- d-----w- C:\SHDownload
2015-08-24 17:12 . 2015-08-24 17:13 -------- d-----w- c:\progra~2\CA8F~1
2015-08-24 17:12 . 2015-08-24 17:12 -------- d-----w- c:\users\Petr\AppData\Local\Temp?
2015-08-18 19:22 . 2015-08-25 07:11 -------- d-----w- c:\users\Petr\AppData\Roaming\HearthstoneDeckTracker
2015-08-18 10:30 . 2015-08-18 10:30 -------- d-----w- c:\users\Petr\AppData\Local\Mega Limited
2015-08-18 10:29 . 2015-08-18 10:30 -------- d-----w- c:\users\Petr\AppData\Local\MEGAsync
2015-08-18 09:49 . 2015-08-25 19:53 -------- d-----w- c:\users\Petr\AppData\Roaming\TS3Client
2015-08-18 09:48 . 2015-08-18 09:49 -------- d-----w- c:\program files\Teamspeak
2015-08-17 19:05 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 19:05 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 18:27 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-08-17 18:26 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-17 18:26 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-17 18:26 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-17 18:26 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-17 18:26 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-17 18:26 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-17 18:26 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-17 18:26 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-17 18:26 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-17 18:24 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-17 18:24 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-17 18:24 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-17 18:10 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-17 17:55 . 2015-08-17 17:56 -------- d-----w- c:\programdata\Gyazo
2015-08-17 17:11 . 2015-08-17 17:11 -------- d-----w- c:\users\Petr\AppData\Local\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-18 17:47 . 2014-11-07 20:54 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-18 17:47 . 2014-11-07 20:54 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-28 08:59 . 2014-10-27 07:15 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-23 00:02 . 2015-08-25 07:44 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-22 17:53 . 2015-08-25 07:44 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-22 17:53 . 2015-08-25 07:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}]
c:\program files (x86)\????\SoHuAutoDetector.dll [?]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-19 3098424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-01-31 656920]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFltX64.sys;c:\windows\SYSNATIVE\Drivers\TFsFltX64.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1; [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys;c:\windows\SYSNATIVE\drivers\hvm.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S1 TAOKernelDriver;Tencent TAO kernel driver.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator64.sys;c:\windows\SYSNATIVE\Drivers\TAOAccelerator64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 16:18 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07 17:47]
.
2015-08-23 c:\windows\Tasks\HPCeeScheduleForPetr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-07-21 23:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Petr\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
c:\program files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-13 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-13 379552]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-01-28 5595848]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
TCP: Interfaces\{F266592C-96FC-4C75-9FB1-044DA469F9AC}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\faqsxm5w.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-RavTRAY - c:\program files (x86)\Rising\RAV\rstray.exe
AddRemove-RAV - c:\program files (x86)\Rising\RSD\Setup.exe
AddRemove-RSD - c:\program files (x86)\Rising\RSD\Setup.exe
AddRemove-XobniMain - c:\program files (x86)\Xobni\UninstallerWizard.exe
AddRemove-???? - c:\program files (x86)\????\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-08-25 23:25:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-25 21:25
ComboFix2.txt 2015-08-24 20:05
.
Před spuštěním: Volných bajtů: 218 602 246 144
Po spuštění: Volných bajtů: 218 161 758 208
.
- - End Of File - - DA41EA20081488189FF2C196E8A214D9
A36C5E4F47E84449FF07ED3517B43A31

VIRY.CZ

Havěť

Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť

Re: Havěť