Virus - ransomware
Napsal: 02 pro 2015 21:13
Dobrý den,
natáhl jsem asi někde virus ransomware, zablokoval mi veškeré soubory a změnil pozadí plochy na obrázek interpolu.
Pro odblokování souborů požaduje zaslat email atd.. Prosím o pomoc s jeho odstraněním. Děkuji
INFO:
info.txt logfile of random's system information tool 1.10 2015-12-02 21:10:06
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A9162619800008020210007DF130C000800000020030000DF140C07FEFFFF0028030000E0661800FEFFFF07FEFFFF00086A180050CE210000000000000000000000000000000055AA
======Uninstall list======
7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
ACDSee Photo Manager 12-->MsiExec.exe /I{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Anchor Service x64 CS4-->MsiExec.exe /I{887797BF-37A5-4199-B0C9-0D38D6196E9A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CMaps x64 CS4-->MsiExec.exe /I{90BA8112-80B3-4617-A3C1-BD2771B60F74}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4 x64-->MsiExec.exe /I{8DAA31EB-6830-4006-A99F-4DF8AB24714F}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Drive CS4 x64-->MsiExec.exe /I{A3454894-144A-4D80-B605-C128FE0D7329}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 19 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_Plugin.exe -maintain plugin
Adobe Fonts All x64-->MsiExec.exe /I{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4 x64-->MsiExec.exe /I{8875A1C0-6308-4790-8CF6-D34E89880052}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe PDF Library Files x64 CS4-->MsiExec.exe /I{DFFABE78-8173-4E97-9C5C-22FB26192FC5}
Adobe Photoshop CS4 (64 Bit)-->MsiExec.exe /I{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824161310}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Type Support x64 CS4-->MsiExec.exe /I{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin x64-->MsiExec.exe /I{295CFB7C-A57E-4313-93E7-68E7CE1D0332}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{F856881A-D370-B1A7-2AFF-128F4AA93558} REBOOT=ReallySuppress
Any PDF to DWG Converter 2016-->"C:\Program Files (x86)\Any PDF to DWG Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ashampoo Burning Studio FREE v.1.14.5-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio FREE\unins000.exe"
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly
Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -removeonly
aTube Catcher verze 3.8-->"C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\unins000.exe"
AutoCAD 2012 - Czech-->C:\Program Files\Autodesk\AutoCAD 2012 - Czech\Setup\Setup.exe /P {5783F2D7-A001-0405-0102-0060B0CE6BBA} /M ACAD /language cs-CZ
AutoCAD 2012 - Czech-->C:\Program Files\Autodesk\AutoCAD 2012 - Czech\Setup\Setup.exe /P {5783F2D7-A001-0405-0102-0060B0CE6BBA} /M ACAD /language cs-CZ
Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}
Autodesk Design Review 2013-->C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\Setup\Setup.exe /P {153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB} /M ADR /language en-US
Autodesk Inventor Fusion 2012-->C:\Program Files\Autodesk\Inventor Fusion 2012\Setup\Setup.exe /P {FFF5619F-6669-4EC5-A85E-9994F70A9E5D} /M INVENTORFUSION /LANG cs-CZ
Autodesk Inventor Fusion 2012-->MsiExec.exe /X{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}
Autodesk Inventor Fusion plug-in for AutoCAD 2012-->C:\Program Files\Autodesk\ApplicationPlugins\FusionPlugin.bundle\Contents\Setup\Setup.exe /P {EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC} /M ACFUSION /LANG cs-CZ
Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}
Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
CADS Composite Beam Designer-->C:\PROGRA~2\CADS\COMPOS~1\UNINST~1.EXE C:\PROGRA~2\CADS\COMPOS~1\INSTALL.LOG
CADS WindLoadEngine-->C:\PROGRA~2\COMMON~1\CADSSH~1\WINDLO~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\WINDLO~1\Install.log
Canon IJ Network Scan Utility-->"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MG5200 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series\DELDRV64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series /L0x0005
Canon MP Navigator EX 4.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{7B69C60A-A148-4572-978C-729029390651}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Composite Column Designer-->C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\COMPOS~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\COMPOS~1\Install.log
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}
Dropbox-->"C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE
DWG TrueView 2013-->C:\Program Files\Autodesk\DWG TrueView 2013\Setup\Setup.exe /P {5783F2D7-B028-0409-0100-0060B0CE6BBA} /M AOEM /language en-US
FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Jazykový balíček Autodesk Inventor Fusion 2012-->MsiExec.exe /X{FFF7F80F-929E-497F-A112-B070DE816128}
Jazykový balíček modulu plug-in Autodesk Inventor Fusion pro aplikaci AutoCAD 2012-->MsiExec.exe /I{E552C39C-C70E-464F-9733-8311331BDD90}
KMPlayer (remove only)-->"C:\Program Files (x86)\KMPlayer\uninstall.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech SetPoint 6.67-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A324DC11-FF02-3CE8-9D6F-67EBC006D970}
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Modul plug-in Autodesk Inventor Fusion pro aplikaci AutoCAD 2012-->MsiExec.exe /I{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Opera Stable 33.0.1990.115-->"C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Photoshop Camera Raw_x64-->MsiExec.exe /I{2D74E972-5A85-44DC-9193-8A302BA8C181}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Potplayer-64 Bits-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
Scia Engineer 14-->MsiExec.exe /I{F892EFDE-D4B3-48B2-8293-4024BBCA666E}
Scia Licence Server-->MsiExec.exe /X{E592B693-81BE-42D9-B4E4-CABC11C7B101}
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {59923C0F-51CB-3F2C-8465-E69019472533}
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {47FA5DCB-D13C-331E-BC32-65E53BDD949C}
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {8B856ECB-ED10-3F9E-880D-03A278EF3FB6}
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {48006B2D-366F-3386-92C7-785D3A523042}
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {175C1563-5389-3174-A18B-A90AD45208D2}
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {6F197100-4BF3-3105-AA93-C5731C4FA85F}
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {99A495FF-BC65-375D-B3C9-934E1DE4F558}
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {73E43C35-D717-337B-9F50-66F5623A8E1C}
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {F403E543-04A6-3024-BE38-189172855D13}
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CE42A318-3E62-3F40-B52A-9CE658805801}
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CF7790C7-662A-3829-B49E-61578D4D9838}
SketchUp Viewer-->MsiExec.exe /I{469F7BEA-33FD-4711-A825-7CA7692EC886}
SteelMemberDesigner-->C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\STEELM~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\STEELM~1\Install.log
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA eco Utility-->MsiExec.exe /X{2C486987-D447-4E36-8D61-86E48E24199C}
TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0405 -removeonly
TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}
Vuze-->"C:\Program Files\Vuze\uninstall.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
======Hosts File======
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
======System event log======
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPGenericDriverFound
Reakce: Není k dispozici
ID souboru CAB: 0
Podpis problému:
P1: x64
P2: PCI\VEN_1002&DEV_6840&SUBSYS_FB221179&REV_00
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Připojené soubory:
Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_8dc1ff49387868b79b8272bd248fbece1aaf31f5_cab_05b115ff
Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 13132386-5546-11e5-8f99-cf74b508a1bd
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20150907095157.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20150907095149.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20150907095145.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20150907095140.992493-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20150907095141.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095122.865262-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Typ přihlášení: 5
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x1d4
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095122.865262-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.
Počet prvků: 0
ID zásady: 0x2fa15
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095116.016850-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0
Typ přihlášení: 0
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x4
Název procesu:
Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095114.098046-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095114.020046-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
"ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
-----------------EOF-----------------
LOG:
Logfile of random's system information tool 1.10 (written by random/random)
Run by 0 at 2015-12-02 21:09:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 144 GB (72%) free of 200 GB
Total RAM: 6107 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:56, on 2.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\bec18f95-7801-4eee-8d3d-5bd925387a9a.exe /check
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: HOW TO DECRYPT FILES.txt
O4 - Global Startup: HOW TO DECRYPT FILES.txt
O4 - Global Startup: rvlkl.lnk = C:\ProgramData\rvlkl\rvlkl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lmadmin - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9415 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 38089216
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe "547647390-1570584211-1466485654568572058173860980515665240524698774611389881040
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {532F33E1-B15C-4B45-985A-1F77AC070352}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\system32\GWX\GWX.exe"
KHALMNPR.EXE /API
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6256.0.474762574\719454089" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x6840 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.932.5.3000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.2.818593088\1865763614" --font-cache-shared-handle=2416 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.3.1173166509\494050023" --font-cache-shared-handle=2528 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.4.1777540121\221723820" --font-cache-shared-handle=2544 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.20.1175813511\620761706" --font-cache-shared-handle=6072 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.38.1015584232\1351253785" --font-cache-shared-handle=6088 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.39.975740722\1416622288" --font-cache-shared-handle=5932 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.46.1374196977\1397406993" --font-cache-shared-handle=5704 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.48.1112145529\668675152" --font-cache-shared-handle=6980 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.50.386520527\755146952" --font-cache-shared-handle=7244 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe38_ Global\UsGthrCtrlFltPipeMssGthrPipe38 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\0\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-07 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23 433608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23 364488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-22 2867984]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2015-07-23 3111880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-08-20 8455960]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2015-08-20 8455960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2015-11-05 36713096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-24 206240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-01-20 343168]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-06 6111312]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2015-11-05 36713096]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"=C:\Program Files\AVAST Software\Avast\setup\emupdate\bec18f95-7801-4eee-8d3d-5bd925387a9a.exe [2015-11-27 183232]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HOW TO DECRYPT FILES.txt
rvlkl.lnk - C:\ProgramData\rvlkl\rvlkl.exe
C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HOW TO DECRYPT FILES.txt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02 65992]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2015-12-02 21:09:46 ----D---- C:\Program Files\trend micro
2015-12-02 21:09:44 ----D---- C:\rsit
2015-12-02 19:42:16 ----D---- C:\ProgramData\rvlkl
2015-11-12 22:28:30 ----A---- C:\Windows\system32\win32k.sys
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-11-10 20:40:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-11-10 20:40:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-11-10 20:40:40 ----A---- C:\Windows\system32\ie4uinit.exe
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-11-10 20:40:39 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 20:40:39 ----A---- C:\Windows\system32\iernonce.dll
2015-11-10 20:40:37 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-11-10 20:40:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-11-10 20:40:36 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-11-10 20:40:36 ----A---- C:\Windows\system32\urlmon.dll
2015-11-10 20:40:36 ----A---- C:\Windows\system32\occache.dll
2015-11-10 20:40:36 ----A---- C:\Windows\system32\iedkcs32.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-11-10 20:40:35 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 20:40:35 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 20:40:34 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-11-10 20:40:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-11-10 20:40:34 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-11-10 20:40:34 ----A---- C:\Windows\system32\msfeeds.dll
2015-11-10 20:40:34 ----A---- C:\Windows\system32\dxtrans.dll
2015-11-10 20:40:33 ----A---- C:\Windows\system32\iesetup.dll
2015-11-10 20:40:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-11-10 20:40:32 ----A---- C:\Windows\system32\iertutil.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-11-10 20:40:30 ----A---- C:\Windows\system32\vbscript.dll
2015-11-10 20:40:30 ----A---- C:\Windows\system32\jsproxy.dll
2015-11-10 20:40:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-11-10 20:40:29 ----A---- C:\Windows\system32\dxtmsft.dll
2015-11-10 20:40:28 ----A---- C:\Windows\system32\ieui.dll
2015-11-10 20:40:28 ----A---- C:\Windows\system32\ieframe.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\webcheck.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\mshtmled.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\ieUnatt.exe
2015-11-10 20:40:26 ----A---- C:\Windows\system32\jscript9diag.dll
2015-11-10 20:40:26 ----A---- C:\Windows\system32\jscript9.dll
2015-11-10 20:40:26 ----A---- C:\Windows\system32\jscript.dll
2015-11-10 20:40:25 ----A---- C:\Windows\system32\wininet.dll
2015-11-10 20:40:24 ----A---- C:\Windows\system32\msrating.dll
2015-11-10 20:40:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-11-10 20:40:23 ----A---- C:\Windows\system32\mshtml.dll
2015-11-10 20:34:55 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wups2.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wups.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wudriver.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wucltux.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuapp.exe
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuapi.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-10 20:29:25 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-10 20:29:23 ----A---- C:\Windows\system32\kerberos.dll
2015-11-10 20:29:22 ----A---- C:\Windows\system32\schannel.dll
2015-11-10 20:29:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-10 20:29:21 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-10 20:29:21 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-10 20:29:21 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-10 20:29:21 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-10 20:29:19 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\ntdll.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\kernel32.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-10 20:29:18 ----A---- C:\Windows\system32\wow64.dll
2015-11-10 20:29:18 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-10 20:29:18 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-10 20:29:17 ----A---- C:\Windows\system32\winsrv.dll
2015-11-10 20:29:17 ----A---- C:\Windows\system32\srcore.dll
2015-11-10 20:29:17 ----A---- C:\Windows\system32\rstrui.exe
2015-11-10 20:29:17 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-10 20:29:17 ----A---- C:\Windows\system32\conhost.exe
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-10 20:29:16 ----A---- C:\Windows\system32\wdigest.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\sspicli.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\srclient.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\smss.exe
2015-11-10 20:29:16 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\lsass.exe
2015-11-10 20:29:16 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\credssp.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\auditpol.exe
2015-11-10 20:29:15 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\wow64win.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\secur32.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-10 20:29:14 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-10 20:29:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-10 20:29:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 20:29:13 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 20:29:13 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 20:29:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-10 20:29:09 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 20:29:08 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-10 20:29:08 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-10 20:29:08 ----A---- C:\Windows\system32\adtschema.dll
2015-11-10 20:29:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-10 20:29:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-10 20:29:07 ----A---- C:\Windows\system32\msaudite.dll
2015-11-10 20:29:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-10 20:29:06 ----A---- C:\Windows\system32\msobjs.dll
2015-11-10 20:28:13 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-10 20:28:13 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-10 20:28:09 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-10 20:28:08 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-10 20:28:08 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-10 20:28:08 ----A---- C:\Windows\system32\shimeng.dll
2015-11-10 20:28:08 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-10 20:28:08 ----A---- C:\Windows\system32\apphelp.dll
2015-11-10 20:28:08 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-10 20:27:35 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-10 20:27:33 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-10 20:27:33 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 20:27:32 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-07 11:32:38 ----D---- C:\Users\0\AppData\Roaming\Apple Computer
======List of files/folders modified in the last 1 month======
2015-12-02 21:09:53 ----D---- C:\Windows\Temp
2015-12-02 21:09:46 ----RD---- C:\Program Files
2015-12-02 20:03:02 ----D---- C:\Windows\twain_32
2015-12-02 20:03:02 ----D---- C:\Windows\Tasks
2015-12-02 20:03:02 ----D---- C:\Windows\TAPI
2015-12-02 20:03:01 ----D---- C:\Windows\SYSWOW64\zh-TW
2015-12-02 20:03:01 ----D---- C:\Windows\SYSWOW64\zh-HK
2015-12-02 20:03:01 ----D---- C:\Windows\SYSWOW64\zh-CN
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\wbem
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\Wat
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\vbox
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\uk-UA
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\tr-TR
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\th-TH
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sv-SE
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sr-Latn-CS
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sppui
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sl-SI
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\Setup
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\ru-RU
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\ro-RO
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\Recovery
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\ras
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\QuickTime
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\pt-PT
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\pt-BR
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\pl-PL
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\oobe
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\nl-NL
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\nb-NO
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\migwiz
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\migration
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\manifeststore
2015-12-02 20:02:58 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\lv-LV
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\lt-LT
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\ko-KR
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\ja-JP
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\it-IT
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\InstallShield
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\hu-HU
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\hr-HR
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\he-IL
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\fr-FR
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\fi-FI
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\et-EE
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\es-ES
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\el-GR
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\drivers
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\Dism
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\de-DE
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\da-DK
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\cs
2015-12-02 20:02:49 ----D---- C:\Windows\SYSWOW64\com
2015-12-02 20:02:49 ----D---- C:\Windows\system32\catroot2
2015-12-02 20:02:47 ----D---- C:\Windows\SYSWOW64\bg-BG
2015-12-02 20:02:47 ----D---- C:\Windows\SYSWOW64\Atheros_L1e
2015-12-02 20:02:47 ----D---- C:\Windows\SYSWOW64\ar-SA
2015-12-02 20:02:47 ----D---- C:\Windows\SysWOW64
2015-12-02 20:02:47 ----D---- C:\Windows\SoftwareDistribution
2015-12-02 20:02:45 ----D---- C:\Windows\ShellNew
2015-12-02 20:02:29 ----D---- C:\Windows\Registration
2015-12-02 20:02:29 ----D---- C:\Windows\Prefetch
2015-12-02 20:02:29 ----D---- C:\Windows\PolicyDefinitions
2015-12-02 20:02:29 ----D---- C:\Windows\Panther
2015-12-02 20:02:29 ----D---- C:\Windows\Offline Web Pages
2015-12-02 20:02:29 ----D---- C:\Windows\Microsoft.NET
2015-12-02 20:02:16 ----RSD---- C:\Windows\Media
2015-12-02 20:02:16 ----D---- C:\Windows\L2Schemas
2015-12-02 20:02:15 ----SHD---- C:\Windows\Installer
2015-12-02 20:02:12 ----RSD---- C:\Windows\Fonts
2015-12-02 20:02:12 ----D---- C:\Windows\inf
2015-12-02 20:02:12 ----D---- C:\Windows\IME
2015-12-02 20:02:11 ----D---- C:\Windows\ehome
2015-12-02 20:02:11 ----D---- C:\Windows\Downloaded Program Files
2015-12-02 20:02:11 ----D---- C:\Windows\debug
2015-12-02 20:02:11 ----D---- C:\Windows\Cursors
2015-12-02 20:02:11 ----D---- C:\Windows\cs-CZ
2015-12-02 20:02:11 ----D---- C:\Windows
2015-12-02 20:01:24 ----RSD---- C:\Windows\assembly
2015-12-02 20:01:24 ----D---- C:\Windows\AppPatch
2015-12-02 20:01:24 ----D---- C:\Windows\addins
2015-12-02 20:01:21 ----RD---- C:\Users
2015-12-02 19:49:31 ----D---- C:\Users\0\AppData\Roaming\Winamp
2015-12-02 19:49:29 ----D---- C:\Users\0\AppData\Roaming\Azureus
2015-12-02 19:49:28 ----D---- C:\Users\0\AppData\Roaming\Audacity
2015-12-02 19:48:52 ----HD---- C:\ProgramData
2015-12-02 19:48:51 ----D---- C:\ProgramData\Microsoft Help
2015-12-02 19:48:39 ----D---- C:\ProgramData\FLEXnet
2015-12-02 19:48:39 ----D---- C:\ProgramData\DAEMON Tools Lite
2015-12-02 19:48:07 ----D---- C:\ProgramData\Atheros
2015-12-02 19:48:07 ----D---- C:\ProgramData\Ashampoo
2015-12-02 19:48:05 ----D---- C:\Program Files (x86)\Windows Sidebar
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Portable Devices
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Media Player
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Mail
2015-12-02 19:48:02 ----D---- C:\Program Files (x86)\Windows Defender
2015-12-02 19:48:02 ----D---- C:\Program Files (x86)\Winamp
2015-12-02 19:46:51 ----D---- C:\Program Files (x86)\Opera
2015-12-02 19:46:50 ----D---- C:\Program Files (x86)\Microsoft Works
2015-12-02 19:46:39 ----D---- C:\Program Files (x86)\KMPlayer
2015-12-02 19:46:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-02 19:46:36 ----D---- C:\Program Files (x86)\DWG TrueView 2013
2015-12-02 19:46:34 ----RD---- C:\Program Files (x86)
2015-12-02 19:44:14 ----D---- C:\Program Files (x86)\Atheros
2015-12-02 19:44:07 ----D---- C:\Program Files (x86)\Apple Software Update
2015-12-02 19:44:07 ----D---- C:\Program Files (x86)\Any PDF to DWG Converter
2015-12-02 19:42:48 ----D---- C:\Program Files\Windows Sidebar
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Portable Devices
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Photo Viewer
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Media Player
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Mail
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Journal
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Defender
2015-12-02 19:42:46 ----D---- C:\Program Files\Vuze
2015-12-02 19:42:32 ----D---- C:\Program Files\PDFCreator
2015-12-02 19:41:54 ----D---- C:\Program Files\Internet Explorer
2015-12-02 19:41:51 ----D---- C:\Program Files\DVD Maker
2015-12-02 19:41:47 ----D---- C:\Program Files\DAEMON Tools Lite
2015-12-02 19:41:47 ----D---- C:\Program Files\Common Files\System
2015-12-02 19:41:47 ----D---- C:\Program Files\Common Files\Services
2015-12-02 19:41:35 ----D---- C:\Program Files\Common Files\Autodesk Shared
2015-12-02 19:40:59 ----D---- C:\Program Files\CCleaner
2015-12-02 19:36:37 ----D---- C:\Program Files\ATI Technologies
2015-12-02 19:36:27 ----D---- C:\Program Files\7-Zip
2015-12-02 19:05:57 ----D---- C:\Windows\System32
2015-12-02 19:05:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-01 21:51:30 ----SHD---- C:\System Volume Information
2015-12-01 15:12:43 ----D---- C:\Users\0\AppData\Roaming\DAEMON Tools Lite
2015-11-29 17:38:04 ----D---- C:\Windows\system32\NDF
2015-11-19 17:30:39 ----D---- C:\Windows\system32\Tasks
2015-11-18 17:08:41 ----D---- C:\Windows\system32\config
2015-11-15 18:20:39 ----D---- C:\Windows\rescache
2015-11-14 19:41:24 ----D---- C:\Windows\winsxs
2015-11-13 19:52:45 ----D---- C:\Program Files (x86)\Dropbox
2015-11-12 22:02:47 ----D---- C:\Windows\system32\cs-CZ
2015-11-11 23:06:57 ----D---- C:\Windows\system32\MRT
2015-11-11 23:00:18 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 21:02:25 ----D---- C:\Windows\system32\en-US
2015-11-11 21:02:14 ----D---- C:\Windows\system32\drivers
2015-11-11 21:02:10 ----D---- C:\Windows\system32\migration
2015-11-10 22:01:17 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-10 20:55:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-07 11:55:51 ----D---- C:\Users\0\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-07 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-07 274808]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2015-09-07 115152]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-07 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-06 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-06 449992]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-07 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-07 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-07 150672]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-09-07 273824]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-01-20 10731520]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-01-20 328192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-21 2791424]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-09-07 30264]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
R3 SmbDrv;SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [2011-12-22 21264]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-22 412432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2015-06-18 86672]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2015-06-18 69264]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2015-06-18 50832]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-01-20 235520]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-07 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-09-07 4047768]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-07 136048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07 144200]
S2 lmadmin;lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [2011-08-05 6587728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10 269000]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-07 136048]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-09-07 1431888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2015-09-07 1044816]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-10-31 114688]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2015-07-02 356808]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-09-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
natáhl jsem asi někde virus ransomware, zablokoval mi veškeré soubory a změnil pozadí plochy na obrázek interpolu.
Pro odblokování souborů požaduje zaslat email atd.. Prosím o pomoc s jeho odstraněním. Děkuji
INFO:
info.txt logfile of random's system information tool 1.10 2015-12-02 21:10:06
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A9162619800008020210007DF130C000800000020030000DF140C07FEFFFF0028030000E0661800FEFFFF07FEFFFF00086A180050CE210000000000000000000000000000000055AA
======Uninstall list======
7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
ACDSee Photo Manager 12-->MsiExec.exe /I{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Anchor Service x64 CS4-->MsiExec.exe /I{887797BF-37A5-4199-B0C9-0D38D6196E9A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CMaps x64 CS4-->MsiExec.exe /I{90BA8112-80B3-4617-A3C1-BD2771B60F74}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4 x64-->MsiExec.exe /I{8DAA31EB-6830-4006-A99F-4DF8AB24714F}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Drive CS4 x64-->MsiExec.exe /I{A3454894-144A-4D80-B605-C128FE0D7329}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 19 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_Plugin.exe -maintain plugin
Adobe Fonts All x64-->MsiExec.exe /I{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4 x64-->MsiExec.exe /I{8875A1C0-6308-4790-8CF6-D34E89880052}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe PDF Library Files x64 CS4-->MsiExec.exe /I{DFFABE78-8173-4E97-9C5C-22FB26192FC5}
Adobe Photoshop CS4 (64 Bit)-->MsiExec.exe /I{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824161310}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Type Support x64 CS4-->MsiExec.exe /I{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin x64-->MsiExec.exe /I{295CFB7C-A57E-4313-93E7-68E7CE1D0332}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{F856881A-D370-B1A7-2AFF-128F4AA93558} REBOOT=ReallySuppress
Any PDF to DWG Converter 2016-->"C:\Program Files (x86)\Any PDF to DWG Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ashampoo Burning Studio FREE v.1.14.5-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio FREE\unins000.exe"
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly
Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -removeonly
aTube Catcher verze 3.8-->"C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\unins000.exe"
AutoCAD 2012 - Czech-->C:\Program Files\Autodesk\AutoCAD 2012 - Czech\Setup\Setup.exe /P {5783F2D7-A001-0405-0102-0060B0CE6BBA} /M ACAD /language cs-CZ
AutoCAD 2012 - Czech-->C:\Program Files\Autodesk\AutoCAD 2012 - Czech\Setup\Setup.exe /P {5783F2D7-A001-0405-0102-0060B0CE6BBA} /M ACAD /language cs-CZ
Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}
Autodesk Design Review 2013-->C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\Setup\Setup.exe /P {153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB} /M ADR /language en-US
Autodesk Inventor Fusion 2012-->C:\Program Files\Autodesk\Inventor Fusion 2012\Setup\Setup.exe /P {FFF5619F-6669-4EC5-A85E-9994F70A9E5D} /M INVENTORFUSION /LANG cs-CZ
Autodesk Inventor Fusion 2012-->MsiExec.exe /X{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}
Autodesk Inventor Fusion plug-in for AutoCAD 2012-->C:\Program Files\Autodesk\ApplicationPlugins\FusionPlugin.bundle\Contents\Setup\Setup.exe /P {EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC} /M ACFUSION /LANG cs-CZ
Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}
Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
CADS Composite Beam Designer-->C:\PROGRA~2\CADS\COMPOS~1\UNINST~1.EXE C:\PROGRA~2\CADS\COMPOS~1\INSTALL.LOG
CADS WindLoadEngine-->C:\PROGRA~2\COMMON~1\CADSSH~1\WINDLO~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\WINDLO~1\Install.log
Canon IJ Network Scan Utility-->"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MG5200 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series\DELDRV64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series /L0x0005
Canon MP Navigator EX 4.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{7B69C60A-A148-4572-978C-729029390651}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Composite Column Designer-->C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\COMPOS~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\COMPOS~1\Install.log
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}
Dropbox-->"C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE
DWG TrueView 2013-->C:\Program Files\Autodesk\DWG TrueView 2013\Setup\Setup.exe /P {5783F2D7-B028-0409-0100-0060B0CE6BBA} /M AOEM /language en-US
FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Jazykový balíček Autodesk Inventor Fusion 2012-->MsiExec.exe /X{FFF7F80F-929E-497F-A112-B070DE816128}
Jazykový balíček modulu plug-in Autodesk Inventor Fusion pro aplikaci AutoCAD 2012-->MsiExec.exe /I{E552C39C-C70E-464F-9733-8311331BDD90}
KMPlayer (remove only)-->"C:\Program Files (x86)\KMPlayer\uninstall.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech SetPoint 6.67-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A324DC11-FF02-3CE8-9D6F-67EBC006D970}
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Modul plug-in Autodesk Inventor Fusion pro aplikaci AutoCAD 2012-->MsiExec.exe /I{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Opera Stable 33.0.1990.115-->"C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Photoshop Camera Raw_x64-->MsiExec.exe /I{2D74E972-5A85-44DC-9193-8A302BA8C181}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Potplayer-64 Bits-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
Scia Engineer 14-->MsiExec.exe /I{F892EFDE-D4B3-48B2-8293-4024BBCA666E}
Scia Licence Server-->MsiExec.exe /X{E592B693-81BE-42D9-B4E4-CABC11C7B101}
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {59923C0F-51CB-3F2C-8465-E69019472533}
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {47FA5DCB-D13C-331E-BC32-65E53BDD949C}
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {8B856ECB-ED10-3F9E-880D-03A278EF3FB6}
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {48006B2D-366F-3386-92C7-785D3A523042}
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {175C1563-5389-3174-A18B-A90AD45208D2}
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {6F197100-4BF3-3105-AA93-C5731C4FA85F}
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {99A495FF-BC65-375D-B3C9-934E1DE4F558}
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {73E43C35-D717-337B-9F50-66F5623A8E1C}
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {F403E543-04A6-3024-BE38-189172855D13}
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CE42A318-3E62-3F40-B52A-9CE658805801}
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CF7790C7-662A-3829-B49E-61578D4D9838}
SketchUp Viewer-->MsiExec.exe /I{469F7BEA-33FD-4711-A825-7CA7692EC886}
SteelMemberDesigner-->C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\STEELM~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\STEELM~1\Install.log
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA eco Utility-->MsiExec.exe /X{2C486987-D447-4E36-8D61-86E48E24199C}
TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0405 -removeonly
TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}
Vuze-->"C:\Program Files\Vuze\uninstall.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
======Hosts File======
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
======System event log======
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPGenericDriverFound
Reakce: Není k dispozici
ID souboru CAB: 0
Podpis problému:
P1: x64
P2: PCI\VEN_1002&DEV_6840&SUBSYS_FB221179&REV_00
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Připojené soubory:
Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_8dc1ff49387868b79b8272bd248fbece1aaf31f5_cab_05b115ff
Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 13132386-5546-11e5-8f99-cf74b508a1bd
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20150907095157.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20150907095149.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20150907095145.000000-000
Event Type: Informace
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20150907095140.992493-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20150907095141.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095122.865262-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Typ přihlášení: 5
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x1d4
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095122.865262-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.
Počet prvků: 0
ID zásady: 0x2fa15
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095116.016850-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0
Typ přihlášení: 0
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x4
Název procesu:
Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095114.098046-000
Event Type: Úspěšný audit
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150907095114.020046-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
"ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
-----------------EOF-----------------
LOG:
Logfile of random's system information tool 1.10 (written by random/random)
Run by 0 at 2015-12-02 21:09:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 144 GB (72%) free of 200 GB
Total RAM: 6107 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:56, on 2.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\bec18f95-7801-4eee-8d3d-5bd925387a9a.exe /check
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: HOW TO DECRYPT FILES.txt
O4 - Global Startup: HOW TO DECRYPT FILES.txt
O4 - Global Startup: rvlkl.lnk = C:\ProgramData\rvlkl\rvlkl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lmadmin - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9415 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 38089216
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe "547647390-1570584211-1466485654568572058173860980515665240524698774611389881040
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {532F33E1-B15C-4B45-985A-1F77AC070352}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\system32\GWX\GWX.exe"
KHALMNPR.EXE /API
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6256.0.474762574\719454089" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x6840 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.932.5.3000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.2.818593088\1865763614" --font-cache-shared-handle=2416 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.3.1173166509\494050023" --font-cache-shared-handle=2528 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.4.1777540121\221723820" --font-cache-shared-handle=2544 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.20.1175813511\620761706" --font-cache-shared-handle=6072 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.38.1015584232\1351253785" --font-cache-shared-handle=6088 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.39.975740722\1416622288" --font-cache-shared-handle=5932 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.46.1374196977\1397406993" --font-cache-shared-handle=5704 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.48.1112145529\668675152" --font-cache-shared-handle=6980 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/28DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledBadPacketLoss/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="6256.50.386520527\755146952" --font-cache-shared-handle=7244 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe38_ Global\UsGthrCtrlFltPipeMssGthrPipe38 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\0\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-07 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23 433608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23 364488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-22 2867984]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2015-07-23 3111880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-08-20 8455960]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2015-08-20 8455960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2015-11-05 36713096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-24 206240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-01-20 343168]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-06 6111312]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2015-11-05 36713096]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"=C:\Program Files\AVAST Software\Avast\setup\emupdate\bec18f95-7801-4eee-8d3d-5bd925387a9a.exe [2015-11-27 183232]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HOW TO DECRYPT FILES.txt
rvlkl.lnk - C:\ProgramData\rvlkl\rvlkl.exe
C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HOW TO DECRYPT FILES.txt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02 65992]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2015-12-02 21:09:46 ----D---- C:\Program Files\trend micro
2015-12-02 21:09:44 ----D---- C:\rsit
2015-12-02 19:42:16 ----D---- C:\ProgramData\rvlkl
2015-11-12 22:28:30 ----A---- C:\Windows\system32\win32k.sys
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-11-10 20:40:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-11-10 20:40:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-11-10 20:40:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-11-10 20:40:40 ----A---- C:\Windows\system32\ie4uinit.exe
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-11-10 20:40:39 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-11-10 20:40:39 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 20:40:39 ----A---- C:\Windows\system32\iernonce.dll
2015-11-10 20:40:37 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-11-10 20:40:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-11-10 20:40:36 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-11-10 20:40:36 ----A---- C:\Windows\system32\urlmon.dll
2015-11-10 20:40:36 ----A---- C:\Windows\system32\occache.dll
2015-11-10 20:40:36 ----A---- C:\Windows\system32\iedkcs32.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-11-10 20:40:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-11-10 20:40:35 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 20:40:35 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 20:40:34 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-11-10 20:40:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-11-10 20:40:34 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-11-10 20:40:34 ----A---- C:\Windows\system32\msfeeds.dll
2015-11-10 20:40:34 ----A---- C:\Windows\system32\dxtrans.dll
2015-11-10 20:40:33 ----A---- C:\Windows\system32\iesetup.dll
2015-11-10 20:40:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-11-10 20:40:32 ----A---- C:\Windows\system32\iertutil.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-11-10 20:40:30 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-11-10 20:40:30 ----A---- C:\Windows\system32\vbscript.dll
2015-11-10 20:40:30 ----A---- C:\Windows\system32\jsproxy.dll
2015-11-10 20:40:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-11-10 20:40:29 ----A---- C:\Windows\system32\dxtmsft.dll
2015-11-10 20:40:28 ----A---- C:\Windows\system32\ieui.dll
2015-11-10 20:40:28 ----A---- C:\Windows\system32\ieframe.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\webcheck.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\mshtmled.dll
2015-11-10 20:40:27 ----A---- C:\Windows\system32\ieUnatt.exe
2015-11-10 20:40:26 ----A---- C:\Windows\system32\jscript9diag.dll
2015-11-10 20:40:26 ----A---- C:\Windows\system32\jscript9.dll
2015-11-10 20:40:26 ----A---- C:\Windows\system32\jscript.dll
2015-11-10 20:40:25 ----A---- C:\Windows\system32\wininet.dll
2015-11-10 20:40:24 ----A---- C:\Windows\system32\msrating.dll
2015-11-10 20:40:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-11-10 20:40:23 ----A---- C:\Windows\system32\mshtml.dll
2015-11-10 20:34:55 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-10 20:34:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wups2.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wups.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wudriver.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wucltux.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuapp.exe
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wuapi.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 20:34:54 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-10 20:29:25 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-10 20:29:23 ----A---- C:\Windows\system32\kerberos.dll
2015-11-10 20:29:22 ----A---- C:\Windows\system32\schannel.dll
2015-11-10 20:29:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-10 20:29:21 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-10 20:29:21 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-10 20:29:21 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-10 20:29:21 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-10 20:29:20 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-10 20:29:19 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\ntdll.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\kernel32.dll
2015-11-10 20:29:19 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-10 20:29:18 ----A---- C:\Windows\system32\wow64.dll
2015-11-10 20:29:18 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-10 20:29:18 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-10 20:29:17 ----A---- C:\Windows\system32\winsrv.dll
2015-11-10 20:29:17 ----A---- C:\Windows\system32\srcore.dll
2015-11-10 20:29:17 ----A---- C:\Windows\system32\rstrui.exe
2015-11-10 20:29:17 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-10 20:29:17 ----A---- C:\Windows\system32\conhost.exe
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-10 20:29:16 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-10 20:29:16 ----A---- C:\Windows\system32\wdigest.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\sspicli.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\srclient.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\smss.exe
2015-11-10 20:29:16 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\lsass.exe
2015-11-10 20:29:16 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\credssp.dll
2015-11-10 20:29:16 ----A---- C:\Windows\system32\auditpol.exe
2015-11-10 20:29:15 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-10 20:29:14 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\wow64win.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\secur32.dll
2015-11-10 20:29:14 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-10 20:29:14 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-10 20:29:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-10 20:29:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 20:29:13 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 20:29:13 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 20:29:12 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 20:29:11 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 20:29:10 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 20:29:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 20:29:09 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-10 20:29:09 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 20:29:08 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 20:29:08 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-10 20:29:08 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-10 20:29:08 ----A---- C:\Windows\system32\adtschema.dll
2015-11-10 20:29:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-10 20:29:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-10 20:29:07 ----A---- C:\Windows\system32\msaudite.dll
2015-11-10 20:29:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-10 20:29:06 ----A---- C:\Windows\system32\msobjs.dll
2015-11-10 20:28:13 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-10 20:28:13 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-10 20:28:09 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-10 20:28:08 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-10 20:28:08 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-10 20:28:08 ----A---- C:\Windows\system32\shimeng.dll
2015-11-10 20:28:08 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-10 20:28:08 ----A---- C:\Windows\system32\apphelp.dll
2015-11-10 20:28:08 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-10 20:27:35 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-10 20:27:33 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-10 20:27:33 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 20:27:32 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-07 11:32:38 ----D---- C:\Users\0\AppData\Roaming\Apple Computer
======List of files/folders modified in the last 1 month======
2015-12-02 21:09:53 ----D---- C:\Windows\Temp
2015-12-02 21:09:46 ----RD---- C:\Program Files
2015-12-02 20:03:02 ----D---- C:\Windows\twain_32
2015-12-02 20:03:02 ----D---- C:\Windows\Tasks
2015-12-02 20:03:02 ----D---- C:\Windows\TAPI
2015-12-02 20:03:01 ----D---- C:\Windows\SYSWOW64\zh-TW
2015-12-02 20:03:01 ----D---- C:\Windows\SYSWOW64\zh-HK
2015-12-02 20:03:01 ----D---- C:\Windows\SYSWOW64\zh-CN
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\wbem
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\Wat
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\vbox
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\uk-UA
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\tr-TR
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\th-TH
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sv-SE
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sr-Latn-CS
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sppui
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sl-SI
2015-12-02 20:03:00 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\Setup
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\ru-RU
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\ro-RO
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\Recovery
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\ras
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\QuickTime
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\pt-PT
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\pt-BR
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\pl-PL
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\oobe
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\nl-NL
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\nb-NO
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\migwiz
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\migration
2015-12-02 20:02:59 ----D---- C:\Windows\SYSWOW64\manifeststore
2015-12-02 20:02:58 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\lv-LV
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\lt-LT
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\ko-KR
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\ja-JP
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\it-IT
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\InstallShield
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\hu-HU
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\hr-HR
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\he-IL
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\fr-FR
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\fi-FI
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\et-EE
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\es-ES
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-02 20:02:58 ----D---- C:\Windows\SYSWOW64\el-GR
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\drivers
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\Dism
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\de-DE
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\da-DK
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-02 20:02:50 ----D---- C:\Windows\SYSWOW64\cs
2015-12-02 20:02:49 ----D---- C:\Windows\SYSWOW64\com
2015-12-02 20:02:49 ----D---- C:\Windows\system32\catroot2
2015-12-02 20:02:47 ----D---- C:\Windows\SYSWOW64\bg-BG
2015-12-02 20:02:47 ----D---- C:\Windows\SYSWOW64\Atheros_L1e
2015-12-02 20:02:47 ----D---- C:\Windows\SYSWOW64\ar-SA
2015-12-02 20:02:47 ----D---- C:\Windows\SysWOW64
2015-12-02 20:02:47 ----D---- C:\Windows\SoftwareDistribution
2015-12-02 20:02:45 ----D---- C:\Windows\ShellNew
2015-12-02 20:02:29 ----D---- C:\Windows\Registration
2015-12-02 20:02:29 ----D---- C:\Windows\Prefetch
2015-12-02 20:02:29 ----D---- C:\Windows\PolicyDefinitions
2015-12-02 20:02:29 ----D---- C:\Windows\Panther
2015-12-02 20:02:29 ----D---- C:\Windows\Offline Web Pages
2015-12-02 20:02:29 ----D---- C:\Windows\Microsoft.NET
2015-12-02 20:02:16 ----RSD---- C:\Windows\Media
2015-12-02 20:02:16 ----D---- C:\Windows\L2Schemas
2015-12-02 20:02:15 ----SHD---- C:\Windows\Installer
2015-12-02 20:02:12 ----RSD---- C:\Windows\Fonts
2015-12-02 20:02:12 ----D---- C:\Windows\inf
2015-12-02 20:02:12 ----D---- C:\Windows\IME
2015-12-02 20:02:11 ----D---- C:\Windows\ehome
2015-12-02 20:02:11 ----D---- C:\Windows\Downloaded Program Files
2015-12-02 20:02:11 ----D---- C:\Windows\debug
2015-12-02 20:02:11 ----D---- C:\Windows\Cursors
2015-12-02 20:02:11 ----D---- C:\Windows\cs-CZ
2015-12-02 20:02:11 ----D---- C:\Windows
2015-12-02 20:01:24 ----RSD---- C:\Windows\assembly
2015-12-02 20:01:24 ----D---- C:\Windows\AppPatch
2015-12-02 20:01:24 ----D---- C:\Windows\addins
2015-12-02 20:01:21 ----RD---- C:\Users
2015-12-02 19:49:31 ----D---- C:\Users\0\AppData\Roaming\Winamp
2015-12-02 19:49:29 ----D---- C:\Users\0\AppData\Roaming\Azureus
2015-12-02 19:49:28 ----D---- C:\Users\0\AppData\Roaming\Audacity
2015-12-02 19:48:52 ----HD---- C:\ProgramData
2015-12-02 19:48:51 ----D---- C:\ProgramData\Microsoft Help
2015-12-02 19:48:39 ----D---- C:\ProgramData\FLEXnet
2015-12-02 19:48:39 ----D---- C:\ProgramData\DAEMON Tools Lite
2015-12-02 19:48:07 ----D---- C:\ProgramData\Atheros
2015-12-02 19:48:07 ----D---- C:\ProgramData\Ashampoo
2015-12-02 19:48:05 ----D---- C:\Program Files (x86)\Windows Sidebar
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Portable Devices
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Media Player
2015-12-02 19:48:03 ----D---- C:\Program Files (x86)\Windows Mail
2015-12-02 19:48:02 ----D---- C:\Program Files (x86)\Windows Defender
2015-12-02 19:48:02 ----D---- C:\Program Files (x86)\Winamp
2015-12-02 19:46:51 ----D---- C:\Program Files (x86)\Opera
2015-12-02 19:46:50 ----D---- C:\Program Files (x86)\Microsoft Works
2015-12-02 19:46:39 ----D---- C:\Program Files (x86)\KMPlayer
2015-12-02 19:46:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-02 19:46:36 ----D---- C:\Program Files (x86)\DWG TrueView 2013
2015-12-02 19:46:34 ----RD---- C:\Program Files (x86)
2015-12-02 19:44:14 ----D---- C:\Program Files (x86)\Atheros
2015-12-02 19:44:07 ----D---- C:\Program Files (x86)\Apple Software Update
2015-12-02 19:44:07 ----D---- C:\Program Files (x86)\Any PDF to DWG Converter
2015-12-02 19:42:48 ----D---- C:\Program Files\Windows Sidebar
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Portable Devices
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Photo Viewer
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Media Player
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Mail
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Journal
2015-12-02 19:42:47 ----D---- C:\Program Files\Windows Defender
2015-12-02 19:42:46 ----D---- C:\Program Files\Vuze
2015-12-02 19:42:32 ----D---- C:\Program Files\PDFCreator
2015-12-02 19:41:54 ----D---- C:\Program Files\Internet Explorer
2015-12-02 19:41:51 ----D---- C:\Program Files\DVD Maker
2015-12-02 19:41:47 ----D---- C:\Program Files\DAEMON Tools Lite
2015-12-02 19:41:47 ----D---- C:\Program Files\Common Files\System
2015-12-02 19:41:47 ----D---- C:\Program Files\Common Files\Services
2015-12-02 19:41:35 ----D---- C:\Program Files\Common Files\Autodesk Shared
2015-12-02 19:40:59 ----D---- C:\Program Files\CCleaner
2015-12-02 19:36:37 ----D---- C:\Program Files\ATI Technologies
2015-12-02 19:36:27 ----D---- C:\Program Files\7-Zip
2015-12-02 19:05:57 ----D---- C:\Windows\System32
2015-12-02 19:05:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-01 21:51:30 ----SHD---- C:\System Volume Information
2015-12-01 15:12:43 ----D---- C:\Users\0\AppData\Roaming\DAEMON Tools Lite
2015-11-29 17:38:04 ----D---- C:\Windows\system32\NDF
2015-11-19 17:30:39 ----D---- C:\Windows\system32\Tasks
2015-11-18 17:08:41 ----D---- C:\Windows\system32\config
2015-11-15 18:20:39 ----D---- C:\Windows\rescache
2015-11-14 19:41:24 ----D---- C:\Windows\winsxs
2015-11-13 19:52:45 ----D---- C:\Program Files (x86)\Dropbox
2015-11-12 22:02:47 ----D---- C:\Windows\system32\cs-CZ
2015-11-11 23:06:57 ----D---- C:\Windows\system32\MRT
2015-11-11 23:00:18 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 21:02:25 ----D---- C:\Windows\system32\en-US
2015-11-11 21:02:14 ----D---- C:\Windows\system32\drivers
2015-11-11 21:02:10 ----D---- C:\Windows\system32\migration
2015-11-10 22:01:17 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-10 20:55:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-07 11:55:51 ----D---- C:\Users\0\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-07 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-07 274808]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2015-09-07 115152]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-07 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-06 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-06 449992]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-07 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-07 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-07 150672]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-09-07 273824]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-01-20 10731520]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-01-20 328192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-21 2791424]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-09-07 30264]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
R3 SmbDrv;SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [2011-12-22 21264]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-22 412432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2015-06-18 86672]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2015-06-18 69264]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2015-06-18 50832]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-01-20 235520]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-07 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-09-07 4047768]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-07 136048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07 144200]
S2 lmadmin;lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [2011-08-05 6587728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10 269000]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-07 136048]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-09-07 1431888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2015-09-07 1044816]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-10-31 114688]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2015-07-02 356808]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-09-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
