Preventivni kontrola
Napsal: 19 kvě 2016 17:26
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-05-19 18:24:46
Microsoft Windows 8.1
System drive C: has 377 GB (79%) free of 477 GB
Total RAM: 3982 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:01, on 19. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\Desktop\downloaded_files\Counter-Strike Global Offensive v1.34.8.1\Setup.exe
C:\Users\Pavel\AppData\Local\Temp\is-FCTAD.tmp\Setup.tmp
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Pavel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WindowsDriverScan86] C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk
O4 - HKLM\..\Run: [WindowsDriverScan64] C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk
O4 - HKCU\..\Run: [ProgLauncher] C:\Program Files\ProgDVB\ProgLauncher.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8957 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe"
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ac3abdcd-359a-458e-bcf2-9a3df8aec6cf -SystemEventPortName:HostProcess-78de8616-ee8b-4e4a-bd14-39952a8868d4 -IoCancelEventPortName:HostProcess-f078336f-4f82-4939-b46b-9bfbd2d98413 -NonStateChangingEventPortName:HostProcess-09e6c25a-f480-4ccc-93fa-9bb12ef223f3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:65ec883e-97a6-4bf9-ae2d-f12ef60e0281 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.102 --handshake-handle=0x140
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="804.0.1964174467\1264078068" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,15,24,53,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.4358 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.2.422710911\613924974" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.4.744923635\177548532" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.47.964257993\1007105732" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.49.1805678773\1464213567" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.61.1611557103\599911882" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --disable-databases --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.78.1043929464\2100709795" /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
"C:\Users\Pavel\Desktop\downloaded_files\Counter-Strike Global Offensive v1.34.8.1\Setup.exe"
"C:\Users\Pavel\AppData\Local\Temp\is-FCTAD.tmp\Setup.tmp" /SL5="$1602B0,153600,0,C:\Users\Pavel\Desktop\downloaded_files\Counter-Strike Global Offensive v1.34.8.1\Setup.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --disable-databases --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.109.1361236394\207479218" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --disable-databases --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.113.2091717335\745515996" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.116.409230060\1471927939" /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.123.330824952\1122486802" /prefetch:1
"C:\Users\Pavel\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2016-05-19 395696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2016-05-19 54704]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-03 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-03 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2014-10-01 5595336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-12-24 133760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProgLauncher"=C:\Program Files\ProgDVB\ProgLauncher.exe [2016-03-26 589512]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe []
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-09-27 801816]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-09-27 801816]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-02-06 170496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20 595480]
"WindowsDriverScan86"=C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk []
"WindowsDriverScan64"=C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-12-24 133760]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoResolveTrack"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-19 18:24:49 ----D---- C:\Program Files\trend micro
2016-05-19 18:24:46 ----D---- C:\rsit
2016-05-19 17:31:21 ----D---- C:\Program Files (x86)\Resource Hacker
2016-05-19 17:11:59 ----A---- C:\Windows\system32\npdeployJava1.dll
2016-05-19 17:11:59 ----A---- C:\Windows\system32\javaws.exe
2016-05-19 17:11:59 ----A---- C:\Windows\system32\javaw.exe
2016-05-19 17:11:59 ----A---- C:\Windows\system32\java.exe
2016-05-19 17:11:59 ----A---- C:\Windows\system32\deployJava1.dll
2016-05-19 17:11:40 ----D---- C:\Program Files\Java
2016-05-19 16:14:46 ----SHD---- C:\$RECYCLE.BIN
2016-05-19 16:12:06 ----A---- C:\Windows\zoek-delete.exe
2016-05-19 16:12:05 ----D---- C:\Windows\Temp
2016-05-18 21:59:15 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2016-05-18 14:19:50 ----D---- C:\Program Files (x86)\Microsoft Research
2016-05-15 18:20:06 ----D---- C:\ProgramData\Caphyon
2016-05-15 18:16:12 ----D---- C:\Users\Pavel\AppData\Roaming\Facepunch Studios
2016-05-15 14:07:41 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2016-05-15 14:05:35 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2016-05-15 14:04:10 ----D---- C:\Program Files (x86)\VideoLAN
2016-05-13 15:36:32 ----D---- C:\Program Files\Strogino CS Portal
2016-05-10 19:04:59 ----D---- C:\Program Files (x86)\Debloater
2016-05-03 12:44:29 ----D---- C:\ProgramData\Passmark
2016-05-03 12:44:14 ----D---- C:\Program Files\PerformanceTest
2016-05-03 11:37:33 ----D---- C:\ProgramData\regid.1995-09.com.example
2016-05-03 11:37:10 ----D---- C:\Users\Pavel\AppData\Roaming\Quadcore
2016-05-01 15:01:44 ----D---- C:\Windows\SYSWOW64\directx
2016-04-26 22:00:18 ----D---- C:\Program Files\Unlocker
2016-04-26 18:26:05 ----D---- C:\ProgramData\HitmanPro
2016-04-26 18:25:45 ----D---- C:\ProgramData\TinyWall
2016-04-26 18:25:45 ----D---- C:\Program Files (x86)\TinyWall
2016-04-25 21:32:45 ----D---- C:\Program Files (x86)\HD Tune
2016-04-25 21:27:05 ----D---- C:\Windows\Minidump
2016-04-24 21:20:30 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2016-04-24 21:13:54 ----D---- C:\Program Files\Common Files\Adobe
2016-04-24 21:10:09 ----D---- C:\Users\Pavel\AppData\Roaming\Macromedia
2016-04-24 21:10:05 ----D---- C:\ProgramData\Adobe
2016-04-24 20:07:56 ----D---- C:\Users\Pavel\AppData\Roaming\VitySoft
2016-04-24 15:50:24 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-04-24 15:41:57 ----D---- C:\ProgramData\RogueKiller
2016-04-24 15:39:10 ----D---- C:\zoek_backup
2016-04-21 20:06:46 ----D---- C:\Program Files\Microsoft Synchronization Services
2016-04-21 20:06:35 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2016-04-21 19:44:55 ----D---- C:\Program Files\CPUID
2016-04-21 18:02:50 ----D---- C:\Program Files\CCleaner
2016-04-21 18:00:40 ----D---- C:\Program Files (x86)\Quicksys
2016-04-21 17:39:24 ----D---- C:\Fraps
2016-04-21 17:28:16 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-04-21 17:21:41 ----D---- C:\Program Files\2K Games
2016-04-20 21:16:31 ----D---- C:\Windows\SYSWOW64\xlive
2016-04-20 21:16:25 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-04-20 20:54:08 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2016-04-20 20:54:08 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2016-04-20 20:54:08 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2016-04-20 20:54:08 ----A---- C:\Windows\system32\XAudio2_7.dll
2016-04-20 20:54:08 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2016-04-20 20:54:08 ----A---- C:\Windows\system32\xactengine3_7.dll
2016-04-20 20:54:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2016-04-20 20:54:07 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\system32\d3dx11_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\system32\d3dx10_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\system32\d3dcsx_43.dll
2016-04-20 20:54:05 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2016-04-20 20:54:05 ----A---- C:\Windows\system32\D3DX9_43.dll
2016-04-20 20:54:04 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2016-04-20 20:54:04 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2016-04-20 20:54:04 ----A---- C:\Windows\system32\XAudio2_6.dll
2016-04-20 20:54:04 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2016-04-20 20:54:03 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2016-04-20 20:54:03 ----A---- C:\Windows\system32\xactengine3_6.dll
2016-04-20 20:54:02 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2016-04-20 20:54:02 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2016-04-20 20:54:01 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2016-04-20 20:54:01 ----A---- C:\Windows\system32\XAudio2_5.dll
2016-04-20 20:54:00 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2016-04-20 20:54:00 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2016-04-20 20:54:00 ----A---- C:\Windows\system32\xactengine3_5.dll
2016-04-20 20:54:00 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2016-04-20 20:53:58 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2016-04-20 20:53:58 ----A---- C:\Windows\system32\d3dcsx_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\system32\d3dx11_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\system32\d3dx10_42.dll
2016-04-20 20:53:56 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2016-04-20 20:53:56 ----A---- C:\Windows\system32\D3DX9_42.dll
2016-04-20 20:53:54 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2016-04-20 20:53:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2016-04-20 20:53:54 ----A---- C:\Windows\system32\d3dx10_41.dll
2016-04-20 20:53:54 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2016-04-20 20:53:53 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2016-04-20 20:53:53 ----A---- C:\Windows\system32\D3DX9_41.dll
2016-04-20 20:53:52 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2016-04-20 20:53:52 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2016-04-20 20:53:52 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2016-04-20 20:53:52 ----A---- C:\Windows\system32\XAudio2_4.dll
2016-04-20 20:53:52 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2016-04-20 20:53:52 ----A---- C:\Windows\system32\xactengine3_4.dll
2016-04-20 20:53:51 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2016-04-20 20:53:51 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2016-04-20 20:53:50 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2016-04-20 20:53:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2016-04-20 20:53:50 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-04-20 20:53:50 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2016-04-20 20:53:49 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2016-04-20 20:53:49 ----A---- C:\Windows\system32\D3DX9_40.dll
2016-04-20 20:53:48 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2016-04-20 20:53:48 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2016-04-20 20:53:48 ----A---- C:\Windows\system32\XAudio2_3.dll
2016-04-20 20:53:48 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2016-04-20 20:53:47 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2016-04-20 20:53:47 ----A---- C:\Windows\system32\xactengine3_3.dll
2016-04-20 20:53:46 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2016-04-20 20:53:46 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2016-04-20 20:53:45 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2016-04-20 20:53:45 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2016-04-20 20:53:45 ----A---- C:\Windows\system32\XAudio2_2.dll
2016-04-20 20:53:45 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2016-04-20 20:53:44 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2016-04-20 20:53:44 ----A---- C:\Windows\system32\xactengine3_2.dll
2016-04-20 20:53:43 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2016-04-20 20:53:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2016-04-20 20:53:43 ----A---- C:\Windows\system32\d3dx10_39.dll
2016-04-20 20:53:43 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2016-04-20 20:53:41 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2016-04-20 20:53:41 ----A---- C:\Windows\system32\D3DX9_39.dll
2016-04-20 20:53:39 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2016-04-20 20:53:39 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2016-04-20 20:53:39 ----A---- C:\Windows\system32\XAudio2_1.dll
2016-04-20 20:53:39 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2016-04-20 20:53:38 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2016-04-20 20:53:38 ----A---- C:\Windows\system32\xactengine3_1.dll
2016-04-20 20:53:37 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2016-04-20 20:53:37 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2016-04-20 20:53:35 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2016-04-20 20:53:35 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2016-04-20 20:53:35 ----A---- C:\Windows\system32\d3dx10_38.dll
2016-04-20 20:53:35 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2016-04-20 20:53:34 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2016-04-20 20:53:34 ----A---- C:\Windows\system32\D3DX9_38.dll
2016-04-20 20:53:33 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2016-04-20 20:53:33 ----A---- C:\Windows\system32\XAudio2_0.dll
2016-04-20 20:53:32 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2016-04-20 20:53:32 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2016-04-20 20:53:32 ----A---- C:\Windows\system32\xactengine3_0.dll
2016-04-20 20:53:32 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2016-04-20 20:53:31 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2016-04-20 20:53:31 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2016-04-20 20:53:31 ----A---- C:\Windows\system32\d3dx10_37.dll
2016-04-20 20:53:31 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2016-04-20 20:53:29 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2016-04-20 20:53:29 ----A---- C:\Windows\system32\D3DX9_37.dll
2016-04-20 20:53:28 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2016-04-20 20:53:28 ----A---- C:\Windows\system32\xactengine2_10.dll
2016-04-20 20:53:27 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2016-04-20 20:53:27 ----A---- C:\Windows\system32\d3dx10_36.dll
2016-04-20 20:53:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2016-04-20 20:53:26 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2016-04-20 20:53:25 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2016-04-20 20:53:25 ----A---- C:\Windows\system32\d3dx9_36.dll
2016-04-20 20:53:24 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2016-04-20 20:53:24 ----A---- C:\Windows\system32\xactengine2_9.dll
2016-04-20 20:53:23 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2016-04-20 20:53:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2016-04-20 20:53:23 ----A---- C:\Windows\system32\d3dx10_35.dll
2016-04-20 20:53:23 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2016-04-20 20:53:22 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2016-04-20 20:53:22 ----A---- C:\Windows\system32\d3dx9_35.dll
2016-04-20 20:53:21 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2016-04-20 20:53:21 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2016-04-20 20:53:21 ----A---- C:\Windows\system32\xactengine2_8.dll
2016-04-20 20:53:21 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2016-04-20 20:53:20 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2016-04-20 20:53:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2016-04-20 20:53:20 ----A---- C:\Windows\system32\d3dx10_34.dll
2016-04-20 20:53:20 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2016-04-20 20:53:18 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2016-04-20 20:53:18 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2016-04-20 20:53:18 ----A---- C:\Windows\system32\xinput1_3.dll
2016-04-20 20:53:18 ----A---- C:\Windows\system32\d3dx9_34.dll
2016-04-20 20:53:17 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2016-04-20 20:53:17 ----A---- C:\Windows\system32\xactengine2_7.dll
2016-04-20 20:53:16 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2016-04-20 20:53:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2016-04-20 20:53:16 ----A---- C:\Windows\system32\d3dx10_33.dll
2016-04-20 20:53:16 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2016-04-20 20:53:14 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2016-04-20 20:53:14 ----A---- C:\Windows\system32\d3dx9_33.dll
2016-04-20 20:53:13 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2016-04-20 20:53:13 ----A---- C:\Windows\system32\xactengine2_6.dll
2016-04-20 20:53:12 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2016-04-20 20:53:12 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2016-04-20 20:53:12 ----A---- C:\Windows\system32\xactengine2_5.dll
2016-04-20 20:53:12 ----A---- C:\Windows\system32\d3dx10.dll
2016-04-20 20:53:11 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2016-04-20 20:53:11 ----A---- C:\Windows\system32\d3dx9_32.dll
2016-04-20 20:53:10 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2016-04-20 20:53:10 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2016-04-20 20:53:10 ----A---- C:\Windows\system32\xactengine2_4.dll
2016-04-20 20:53:10 ----A---- C:\Windows\system32\x3daudio1_1.dll
2016-04-20 20:53:09 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2016-04-20 20:53:09 ----A---- C:\Windows\system32\d3dx9_31.dll
2016-04-20 20:53:08 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2016-04-20 20:53:08 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2016-04-20 20:53:08 ----A---- C:\Windows\system32\xinput1_2.dll
2016-04-20 20:53:08 ----A---- C:\Windows\system32\xactengine2_3.dll
2016-04-20 20:53:07 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2016-04-20 20:53:07 ----A---- C:\Windows\system32\xactengine2_2.dll
2016-04-20 20:53:06 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2016-04-20 20:53:06 ----A---- C:\Windows\system32\xinput1_1.dll
2016-04-20 20:53:05 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2016-04-20 20:53:05 ----A---- C:\Windows\system32\xactengine2_1.dll
2016-04-20 20:52:57 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2016-04-20 20:52:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2016-04-20 20:52:54 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2016-04-20 20:52:54 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2016-04-20 20:52:54 ----A---- C:\Windows\system32\xactengine2_0.dll
2016-04-20 20:52:54 ----A---- C:\Windows\system32\x3daudio1_0.dll
2016-04-20 20:52:53 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2016-04-20 20:52:53 ----A---- C:\Windows\system32\d3dx9_29.dll
2016-04-20 20:52:52 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2016-04-20 20:52:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2016-04-20 20:52:51 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2016-04-20 20:52:51 ----A---- C:\Windows\system32\d3dx9_27.dll
2016-04-20 20:52:50 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2016-04-20 20:52:50 ----A---- C:\Windows\system32\d3dx9_26.dll
2016-04-20 20:52:49 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2016-04-20 20:52:49 ----A---- C:\Windows\system32\d3dx9_25.dll
2016-04-20 20:52:47 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2016-04-20 20:52:47 ----A---- C:\Windows\system32\d3dx9_24.dll
======List of files/folders modified in the last 1 month======
2016-05-19 18:24:49 ----RD---- C:\Program Files
2016-05-19 18:00:00 ----D---- C:\Windows\system32\sru
2016-05-19 17:47:26 ----D---- C:\Program Files\WinRAR
2016-05-19 17:31:21 ----RD---- C:\Program Files (x86)
2016-05-19 17:12:01 ----SHD---- C:\Windows\Installer
2016-05-19 17:11:59 ----RD---- C:\Windows\System32
2016-05-19 16:13:11 ----D---- C:\Windows
2016-05-19 16:08:42 ----HD---- C:\ProgramData
2016-05-19 15:19:52 ----D---- C:\Windows\system32\drivers\etc
2016-05-19 15:17:05 ----D---- C:\Windows\SysWOW64
2016-05-19 05:50:38 ----D---- C:\Windows\Microsoft.NET
2016-05-18 22:30:24 ----D---- C:\Windows\system32\drivers
2016-05-18 22:29:33 ----SHD---- C:\System Volume Information
2016-05-18 22:04:37 ----D---- C:\AdwCleaner
2016-05-18 17:58:12 ----D---- C:\Windows\system32\Tasks
2016-05-18 14:51:13 ----RSD---- C:\Windows\Fonts
2016-05-18 14:19:50 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2016-05-17 18:31:26 ----D---- C:\ProgramData\SP_FT_Logs
2016-05-17 15:30:13 ----D---- C:\Program Files\Common Files\AV
2016-05-17 15:26:54 ----D---- C:\Program Files (x86)\SpeedFan
2016-05-16 18:34:49 ----D---- C:\Windows\Inf
2016-05-16 18:34:45 ----D---- C:\Windows\LiveKernelReports
2016-05-13 19:50:02 ----D---- C:\Windows\debug
2016-05-13 15:52:40 ----RSD---- C:\Windows\assembly
2016-05-11 17:31:32 ----D---- C:\Windows\system32\config
2016-05-11 15:13:14 ----D---- C:\Windows\Tasks
2016-05-10 18:18:05 ----D---- C:\Windows\system32\DriverStore
2016-05-10 17:35:14 ----D---- C:\Windows\AppReadiness
2016-05-10 17:34:55 ----D---- C:\Windows\SoftwareDistribution
2016-05-09 19:11:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-04 15:15:24 ----D---- C:\Windows\WinSxS
2016-05-01 15:01:46 ----D---- C:\Windows\Logs
2016-05-01 07:25:43 ----D---- C:\Users\Pavel\AppData\Roaming\.minecraft
2016-04-30 15:47:24 ----SD---- C:\Windows\system32\CompatTel
2016-04-30 15:47:24 ----D---- C:\Windows\system32\wbem
2016-04-30 15:47:24 ----D---- C:\Windows\apppatch
2016-04-26 21:58:59 ----D---- C:\Windows\CbsTemp
2016-04-26 21:58:56 ----A---- C:\Windows\system32\fveapi.dll
2016-04-26 21:58:56 ----A---- C:\Windows\system32\bdesvc.dll
2016-04-26 21:57:10 ----A---- C:\Windows\system32\generaltel.dll
2016-04-26 21:57:08 ----A---- C:\Windows\system32\aepic.dll
2016-04-26 21:57:07 ----A---- C:\Windows\system32\devinv.dll
2016-04-26 21:57:07 ----A---- C:\Windows\system32\aeinv.dll
2016-04-26 21:54:49 ----HD---- C:\Program Files\WindowsApps
2016-04-26 20:18:54 ----D---- C:\Windows\Prefetch
2016-04-26 20:15:22 ----D---- C:\Windows\twain_32
2016-04-25 22:15:16 ----D---- C:\Windows\system32\LogFiles
2016-04-25 21:36:03 ----D---- C:\Windows\Panther
2016-04-25 21:34:59 ----D---- C:\Users\Pavel\AppData\Roaming\Adobe
2016-04-24 21:15:37 ----D---- C:\Program Files\Common Files\microsoft shared
2016-04-24 21:13:54 ----D---- C:\Program Files\Common Files
2016-04-24 21:11:04 ----D---- C:\Program Files (x86)\Common Files
2016-04-24 16:34:38 ----HD---- C:\Windows\system32\GroupPolicy
2016-04-24 16:34:38 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-04-21 20:39:05 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-21 20:06:46 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2016-04-21 20:06:34 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-04-20 21:16:09 ----SD---- C:\ProgramData\Microsoft
2016-04-20 17:43:32 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2014-10-10 241368]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2014-10-10 158968]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AthBTPort;@oem5.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-12-24 89800]
R3 athr;@oem1.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-12-12 3881472]
R3 BTATH_A2DP;@oem4.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-12-24 338120]
R3 btath_avdt;@oem4.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-12-24 116424]
R3 BTATH_BUS;@oem2.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-12-24 34384]
R3 BTATH_HCRP;@oem7.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-12-24 179432]
R3 BTATH_LWFLT;@oem9.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-12-24 77464]
R3 BTATH_RCP;@oem11.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-12-24 137928]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-12-24 597192]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2015-06-10 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-11-21 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-10 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-01-13 3793872]
R3 IntcDAud;@oem15.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem16.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-05-19 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 65408]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RSBASTOR;@oem17.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2013-09-04 309976]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SensorsSimulatorDriver;@oem33.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
R3 TXEIx64;@oem6.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\Windows\System32\drivers\TXEIx64.sys [2013-07-01 87568]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-11-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-03-04 127456]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-06-10 1201664]
S3 DIRECTIO;DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [2015-03-10 31376]
S3 Hamachi;LogMeIn Hamachi Virtual Miniport); C:\Windows\system32\DRIVERS\Hamdrv.sys [2016-03-22 45680]
S3 intaud_WaveExtensible;@oem14.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 IT9135BDA;@oem29.inf,%IT9135Devcie.FriendlyName%;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2016-03-27 165504]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2016-03-09 21984]
S3 usbser;@oem32.inf,%Serial.SvcDesc%;USB Serial Emulation Driver; C:\Windows\system32\DRIVERS\usbser.sys [2014-11-04 33280]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-12-24 318592]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-10-01 1349576]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-01-13 319096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-01 733696]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2016-02-27 131784]
R2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2016-03-09 118424]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26 144200]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-04-03 51376]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-01-13 280696]
S3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26 144200]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-01 822232]
S3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]
-----------------EOF-----------------
+ soubor info
info.txt logfile of random's system information tool 1.10 2016-05-19 18:25:12
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AEEE815E400008020210007BE122C0008000000F00A0000BE132C07FEFFFF00F80A0000602D3A000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Active Directory Authentication Library for SQL Server (x86)-->MsiExec.exe /I{44DC843A-C591-4064-BE1F-2BDC177AF50C}
Active Directory Authentication Library for SQL Server-->MsiExec.exe /I{E646D196-A17B-4F14-BE7B-F774527FE5E0}
Android SDK Tools-->C:\Users\Pavel\AppData\Local\Android\android-sdk\uninstall.exe
ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x9
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CPUID CPU-Z 1.75-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
CrystalDiskInfo 6.8.0-->"C:\Program Files (x86)\CrystalDiskInfo\unins000.exe"
Debloater-->MsiExec.exe /I{2045C97A-8D9A-47E2-A76A-E6A69CB7030B}
ESET NOD32 Antivirus-->MsiExec.exe /I{AB1AA952-0F66-42B2-B8B0-6B94FC500132}
Fraps-->"C:\Fraps\uninstall.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Group Shot-->MsiExec.exe /I{3C2D985F-E44C-4BB0-986B-CF0C4BECA9DF}
HD Tune 2.55-->"C:\Program Files (x86)\HD Tune\unins000.exe"
IIS 10.0 Express-->MsiExec.exe /X{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}
IIS Express Application Compatibility Database for x64-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\Custom64\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb"
IIS Express Application Compatibility Database for x86-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb"
Intel(R) Driver Update Utility 2.4-->MsiExec.exe /X{B731F5C4-E304-4DFA-9C84-F67FF849B408}
Intel(R) Processor Graphics-->"C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
Intel(R) Product Improvement Program-->MsiExec.exe /I{E954D7C1-36FA-4FE8-8927-97DBDEB5A15F}
Intel(R) Trusted Execution Engine Driver-->MsiExec.exe /I{3685B5E8-A0A8-494B-B035-B221547A4B63}
Intel(R) Trusted Execution Engine-->"C:\ProgramData\Intel\Package Cache\{176E2755-0A17-42C6-88E2-192AB2131278}\Setup.exe" -uninstall
Intel(R) Trusted Execution Engine-->MsiExec.exe /I{BCCACFE6-91A0-4F32-80A0-ADC0CA048C7B}
Intel® Driver Update Utility-->"C:\ProgramData\Package Cache\{1b09c4de-9cae-4122-b17c-65d395062b50}\Intel Driver Update Utility Installer.exe" /uninstall
Java 8 Update 77-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218077F0}
Java(TM) 6 Update 45 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416045FF}
Lenovo Smart Assistant 1.03-->C:\Program Files (x86)\Lenovo Smart Assistant\uninst.exe
Malwarebytes Anti-Malware verze 2.2.1.1043-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack-->MsiExec.exe /X{6A0C6700-EA93-372C-8871-DCCF13D160A4}
Microsoft .NET Framework 4.6.1 Developer Pack (CSY)-->"C:\ProgramData\Package Cache\{f246427c-ba07-4464-839c-d9e302f19375}\NDP461-DevPack-KB3105179-CSY.exe" /uninstall
Microsoft .NET Framework 4.6.1 Developer Pack-->"C:\ProgramData\Package Cache\{463d5540-8dfd-4eef-92e5-b729b3b73cfb}\NDP461-DevPack-KB3105179-ENU.exe" /uninstall
Microsoft .NET Framework 4.6.1 SDK (čeština)-->MsiExec.exe /X{E249803A-BD5B-4FDC-A630-976C2971F5B4}
Microsoft .NET Framework 4.6.1 SDK-->MsiExec.exe /X{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština)-->MsiExec.exe /X{25C7677B-0398-46A3-A0EE-7B393D20FA30}
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU)-->MsiExec.exe /X{8EEB28EE-5141-411C-9CF0-9952264FE4AF}
Microsoft .NET Framework 4.6.1 Targeting Pack-->MsiExec.exe /X{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}
Microsoft Help Viewer 2.2-->MsiExec.exe /X{358AD966-5D2F-390C-B4F3-E93852CD8EAD}
Microsoft Help Viewer 2.2-->msiexec.exe /X{358AD966-5D2F-390C-B4F3-E93852CD8EAD}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2012 Command Line Utilities -->MsiExec.exe /I{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}
Microsoft SQL Server 2012 Native Client -->MsiExec.exe /I{49D665A2-4C2A-476E-9AB8-FCC425F526FC}
Microsoft SQL Server 2014 Management Objects (x64)-->MsiExec.exe /I{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}
Microsoft SQL Server 2014 Management Objects -->MsiExec.exe /I{2774595F-BC2A-4B12-A25B-0C37A37049B0}
Microsoft SQL Server 2014 Transact-SQL ScriptDom -->MsiExec.exe /I{020CDFE0-C127-4047-B571-37C82396B662}
Microsoft SQL Server 2014 T-SQL Language Service -->MsiExec.exe /I{47D08E7A-92A1-489B-B0BF-415516497BCE}
Microsoft SQL Server 2016 LocalDB RC0-->MsiExec.exe /I{9CED5D08-5664-4668-A927-CD6C60C4175D}
Microsoft SQL Server 2016 Management Objects RC0 (x64)-->MsiExec.exe /I{F6F8053F-D328-4ACA-93A1-A49E495899F2}
Microsoft SQL Server 2016 Management Objects RC0-->MsiExec.exe /I{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}
Microsoft SQL Server 2016 T-SQL Language Service RC0-->MsiExec.exe /I{1852BD30-570B-4E47-8752-461448E8E250}
Microsoft SQL Server 2016 T-SQL ScriptDom RC0-->MsiExec.exe /I{D9F55D00-A8AB-4518-A56E-D9D5E615542A}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server Compact 4.0 SP1 x64 ENU-->MsiExec.exe /X{78909610-D229-459C-A936-25D92283D3FD}
Microsoft SQL Server Data Tools - enu (14.0.60311.1)-->MsiExec.exe /X{28292CA9-8D65-4E37-95A3-753EEB38F122}
Microsoft System CLR Types for SQL Server 2014-->MsiExec.exe /I{091CE6AA-2753-4F6E-AD1C-0E875744EB54}
Microsoft System CLR Types for SQL Server 2014-->MsiExec.exe /I{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}
Microsoft System CLR Types for SQL Server 2016 RC0-->MsiExec.exe /I{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}
Microsoft System CLR Types for SQL Server 2016 RC0-->MsiExec.exe /I{495CC0B4-D4C3-4D87-8317-F66BA48C5552}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610-->"C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610-->"C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918-->"C:\ProgramData\Package Cache\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918-->"C:\ProgramData\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918-->MsiExec.exe /X{DFFEB619-5455-3697-B145-243D936DB95B}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918-->MsiExec.exe /X{7B50D081-E670-3B43-A460-0E2CDB5CE984}
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918-->MsiExec.exe /X{BD9CFD69-EB91-354E-9C98-D439E6091932}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918-->MsiExec.exe /X{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}
Microsoft Visual Studio 2015 Shell (Minimum) Interop Assemblies-->MsiExec.exe /I{8A9AA17A-EF34-331C-8FB0-134269533C1B}
Microsoft Web Deploy 3.6-->MsiExec.exe /I{94E1227C-08A9-4962-B388-1F05D89AEA75}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
PerformanceTest v8.0-->"C:\Program Files\PerformanceTest\unins000.exe"
Prerequisites for SSDT -->MsiExec.exe /I{21373064-AD95-48DB-A32E-0D9E08EF7355}
Prerequisites for SSDT RC0-->MsiExec.exe /I{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}
ProgDVB x64-->C:\Program Files\ProgDVB\uninstall.exe
ProgDVB-->C:\Program Files (x86)\ProgDVB\uninstall.exe
QuadcoreM2-->MsiExec.exe /I{03C42CFB-61F6-4EC4-8746-F9DD1EF34B05}
Qualcomm Atheros WLAN and Bluetooth Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.EXE" -runfromtemp -l0x0405 -removeonly
Quicksys RegDefrag 2.9-->"C:\Program Files (x86)\Quicksys\RegDefrag\unins000.exe"
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Resource Hacker Version 4.2.5-->"C:\Program Files (x86)\Resource Hacker\unins000.exe"
Roslyn Language Services - x86-->MsiExec.exe /I{289B0100-DE41-3E67-B7B0-98CB3AA72166}
Rust Client v12.08.2014-->C:\ProgramData\Caphyon\Advanced Installer\{D0337311-EEE0-4851-A02F-F3DA5D38CFF4}\Rust Client v12.08.2014.exe /x {D0337311-EEE0-4851-A02F-F3DA5D38CFF4}
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Unlocker 1.9.0-x64-->C:\Program Files\Unlocker\uninst.exe
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 5.31 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 16-->"C:\Program Files\Zoner\Photo Studio 16\unins000.exe"
Zoner Photo Studio 18-->"C:\Program Files\Zoner\Photo Studio 18\unins001.exe"
======Hosts File======
127.0.0.1 localhost
======System event log======
Computer Name: WIN-32QA9ECKBKJ
Event Code: 13
Message: Operační systém se vypíná v systémovém čase 2014-11-21T12:25:47.969531100Z.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20141121122547.969531-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 109
Message: Správce napájení jádra inicioval přechod do režimu vypnutí.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20141121122547.485155-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20160326201631.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 6009
Message: Microsoft (R) Windows (R) 6.03. 9600 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20160326201631.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z WIN-32QA9ECKBKJ na WIN-OMPR3IAONEN.
Record Number: 1
Source Name: EventLog
Time Written: 20160326201631.000000-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: WIN-32QA9ECKBKJ
Event Code: 102
Message: svchost (1720) Instance: Databázový stroj (6.03.9600.0000) spouští novou instanci (0).
Record Number: 5
Source Name: ESENT
Time Written: 20160326201704.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 9002
Message: Nepodařilo se spustit Správce oken plochy.
Record Number: 4
Source Name: Desktop Window Manager
Time Written: 20160326201656.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20160326201639.037167-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: WIN-32QA9ECKBKJ
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160326201632.174829-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20160326201632.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201621.330159-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-32QA9ECKBKJ$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Typ přihlášení: 5
Úroveň zosobnění: Zosobnění
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x1e8
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201621.330159-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.
Počet prvků: 0
ID zásady: 0x3E4DA
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201619.780459-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0
Typ přihlášení: 0
Úroveň zosobnění: -
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x4
Název procesu:
Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201618.160196-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201618.025240-000
Event Type: Úspěšný audit
User:
======Environment variables======
"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 55 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=3703
"VS140COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\Tools\
"ESET_OPTIONS"=
-----------------EOF-----------------
Run by Pavel at 2016-05-19 18:24:46
Microsoft Windows 8.1
System drive C: has 377 GB (79%) free of 477 GB
Total RAM: 3982 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:01, on 19. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\Desktop\downloaded_files\Counter-Strike Global Offensive v1.34.8.1\Setup.exe
C:\Users\Pavel\AppData\Local\Temp\is-FCTAD.tmp\Setup.tmp
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Pavel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WindowsDriverScan86] C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk
O4 - HKLM\..\Run: [WindowsDriverScan64] C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk
O4 - HKCU\..\Run: [ProgLauncher] C:\Program Files\ProgDVB\ProgLauncher.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun (User 'Default user')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8957 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe"
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ac3abdcd-359a-458e-bcf2-9a3df8aec6cf -SystemEventPortName:HostProcess-78de8616-ee8b-4e4a-bd14-39952a8868d4 -IoCancelEventPortName:HostProcess-f078336f-4f82-4939-b46b-9bfbd2d98413 -NonStateChangingEventPortName:HostProcess-09e6c25a-f480-4ccc-93fa-9bb12ef223f3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:65ec883e-97a6-4bf9-ae2d-f12ef60e0281 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.102 --handshake-handle=0x140
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="804.0.1964174467\1264078068" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,15,24,53,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.4358 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.2.422710911\613924974" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.4.744923635\177548532" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.47.964257993\1007105732" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.49.1805678773\1464213567" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.61.1611557103\599911882" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --disable-databases --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.78.1043929464\2100709795" /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
"C:\Users\Pavel\Desktop\downloaded_files\Counter-Strike Global Offensive v1.34.8.1\Setup.exe"
"C:\Users\Pavel\AppData\Local\Temp\is-FCTAD.tmp\Setup.tmp" /SL5="$1602B0,153600,0,C:\Users\Pavel\Desktop\downloaded_files\Counter-Strike Global Offensive v1.34.8.1\Setup.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --disable-databases --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.109.1361236394\207479218" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --disable-databases --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.113.2091717335\745515996" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.116.409230060\1471927939" /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR5/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_74/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="804.123.330824952\1122486802" /prefetch:1
"C:\Users\Pavel\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2016-05-19 395696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2016-05-19 54704]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-03 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-03 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2014-10-01 5595336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-12-24 133760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProgLauncher"=C:\Program Files\ProgDVB\ProgLauncher.exe [2016-03-26 589512]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe []
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-09-27 801816]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-09-27 801816]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-02-06 170496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20 595480]
"WindowsDriverScan86"=C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk []
"WindowsDriverScan64"=C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-12-24 133760]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoResolveTrack"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-19 18:24:49 ----D---- C:\Program Files\trend micro
2016-05-19 18:24:46 ----D---- C:\rsit
2016-05-19 17:31:21 ----D---- C:\Program Files (x86)\Resource Hacker
2016-05-19 17:11:59 ----A---- C:\Windows\system32\npdeployJava1.dll
2016-05-19 17:11:59 ----A---- C:\Windows\system32\javaws.exe
2016-05-19 17:11:59 ----A---- C:\Windows\system32\javaw.exe
2016-05-19 17:11:59 ----A---- C:\Windows\system32\java.exe
2016-05-19 17:11:59 ----A---- C:\Windows\system32\deployJava1.dll
2016-05-19 17:11:40 ----D---- C:\Program Files\Java
2016-05-19 16:14:46 ----SHD---- C:\$RECYCLE.BIN
2016-05-19 16:12:06 ----A---- C:\Windows\zoek-delete.exe
2016-05-19 16:12:05 ----D---- C:\Windows\Temp
2016-05-18 21:59:15 ----D---- C:\Program Files (x86)\CrystalDiskInfo
2016-05-18 14:19:50 ----D---- C:\Program Files (x86)\Microsoft Research
2016-05-15 18:20:06 ----D---- C:\ProgramData\Caphyon
2016-05-15 18:16:12 ----D---- C:\Users\Pavel\AppData\Roaming\Facepunch Studios
2016-05-15 14:07:41 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2016-05-15 14:05:35 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2016-05-15 14:04:10 ----D---- C:\Program Files (x86)\VideoLAN
2016-05-13 15:36:32 ----D---- C:\Program Files\Strogino CS Portal
2016-05-10 19:04:59 ----D---- C:\Program Files (x86)\Debloater
2016-05-03 12:44:29 ----D---- C:\ProgramData\Passmark
2016-05-03 12:44:14 ----D---- C:\Program Files\PerformanceTest
2016-05-03 11:37:33 ----D---- C:\ProgramData\regid.1995-09.com.example
2016-05-03 11:37:10 ----D---- C:\Users\Pavel\AppData\Roaming\Quadcore
2016-05-01 15:01:44 ----D---- C:\Windows\SYSWOW64\directx
2016-04-26 22:00:18 ----D---- C:\Program Files\Unlocker
2016-04-26 18:26:05 ----D---- C:\ProgramData\HitmanPro
2016-04-26 18:25:45 ----D---- C:\ProgramData\TinyWall
2016-04-26 18:25:45 ----D---- C:\Program Files (x86)\TinyWall
2016-04-25 21:32:45 ----D---- C:\Program Files (x86)\HD Tune
2016-04-25 21:27:05 ----D---- C:\Windows\Minidump
2016-04-24 21:20:30 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2016-04-24 21:13:54 ----D---- C:\Program Files\Common Files\Adobe
2016-04-24 21:10:09 ----D---- C:\Users\Pavel\AppData\Roaming\Macromedia
2016-04-24 21:10:05 ----D---- C:\ProgramData\Adobe
2016-04-24 20:07:56 ----D---- C:\Users\Pavel\AppData\Roaming\VitySoft
2016-04-24 15:50:24 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-04-24 15:41:57 ----D---- C:\ProgramData\RogueKiller
2016-04-24 15:39:10 ----D---- C:\zoek_backup
2016-04-21 20:06:46 ----D---- C:\Program Files\Microsoft Synchronization Services
2016-04-21 20:06:35 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2016-04-21 19:44:55 ----D---- C:\Program Files\CPUID
2016-04-21 18:02:50 ----D---- C:\Program Files\CCleaner
2016-04-21 18:00:40 ----D---- C:\Program Files (x86)\Quicksys
2016-04-21 17:39:24 ----D---- C:\Fraps
2016-04-21 17:28:16 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-04-21 17:21:41 ----D---- C:\Program Files\2K Games
2016-04-20 21:16:31 ----D---- C:\Windows\SYSWOW64\xlive
2016-04-20 21:16:25 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-04-20 20:54:08 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2016-04-20 20:54:08 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2016-04-20 20:54:08 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2016-04-20 20:54:08 ----A---- C:\Windows\system32\XAudio2_7.dll
2016-04-20 20:54:08 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2016-04-20 20:54:08 ----A---- C:\Windows\system32\xactengine3_7.dll
2016-04-20 20:54:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2016-04-20 20:54:07 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\system32\d3dx11_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\system32\d3dx10_43.dll
2016-04-20 20:54:06 ----A---- C:\Windows\system32\d3dcsx_43.dll
2016-04-20 20:54:05 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2016-04-20 20:54:05 ----A---- C:\Windows\system32\D3DX9_43.dll
2016-04-20 20:54:04 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2016-04-20 20:54:04 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2016-04-20 20:54:04 ----A---- C:\Windows\system32\XAudio2_6.dll
2016-04-20 20:54:04 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2016-04-20 20:54:03 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2016-04-20 20:54:03 ----A---- C:\Windows\system32\xactengine3_6.dll
2016-04-20 20:54:02 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2016-04-20 20:54:02 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2016-04-20 20:54:01 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2016-04-20 20:54:01 ----A---- C:\Windows\system32\XAudio2_5.dll
2016-04-20 20:54:00 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2016-04-20 20:54:00 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2016-04-20 20:54:00 ----A---- C:\Windows\system32\xactengine3_5.dll
2016-04-20 20:54:00 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2016-04-20 20:53:58 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2016-04-20 20:53:58 ----A---- C:\Windows\system32\d3dcsx_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\system32\d3dx11_42.dll
2016-04-20 20:53:57 ----A---- C:\Windows\system32\d3dx10_42.dll
2016-04-20 20:53:56 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2016-04-20 20:53:56 ----A---- C:\Windows\system32\D3DX9_42.dll
2016-04-20 20:53:54 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2016-04-20 20:53:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2016-04-20 20:53:54 ----A---- C:\Windows\system32\d3dx10_41.dll
2016-04-20 20:53:54 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2016-04-20 20:53:53 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2016-04-20 20:53:53 ----A---- C:\Windows\system32\D3DX9_41.dll
2016-04-20 20:53:52 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2016-04-20 20:53:52 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2016-04-20 20:53:52 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2016-04-20 20:53:52 ----A---- C:\Windows\system32\XAudio2_4.dll
2016-04-20 20:53:52 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2016-04-20 20:53:52 ----A---- C:\Windows\system32\xactengine3_4.dll
2016-04-20 20:53:51 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2016-04-20 20:53:51 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2016-04-20 20:53:50 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2016-04-20 20:53:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2016-04-20 20:53:50 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-04-20 20:53:50 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2016-04-20 20:53:49 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2016-04-20 20:53:49 ----A---- C:\Windows\system32\D3DX9_40.dll
2016-04-20 20:53:48 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2016-04-20 20:53:48 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2016-04-20 20:53:48 ----A---- C:\Windows\system32\XAudio2_3.dll
2016-04-20 20:53:48 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2016-04-20 20:53:47 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2016-04-20 20:53:47 ----A---- C:\Windows\system32\xactengine3_3.dll
2016-04-20 20:53:46 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2016-04-20 20:53:46 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2016-04-20 20:53:45 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2016-04-20 20:53:45 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2016-04-20 20:53:45 ----A---- C:\Windows\system32\XAudio2_2.dll
2016-04-20 20:53:45 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2016-04-20 20:53:44 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2016-04-20 20:53:44 ----A---- C:\Windows\system32\xactengine3_2.dll
2016-04-20 20:53:43 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2016-04-20 20:53:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2016-04-20 20:53:43 ----A---- C:\Windows\system32\d3dx10_39.dll
2016-04-20 20:53:43 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2016-04-20 20:53:41 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2016-04-20 20:53:41 ----A---- C:\Windows\system32\D3DX9_39.dll
2016-04-20 20:53:39 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2016-04-20 20:53:39 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2016-04-20 20:53:39 ----A---- C:\Windows\system32\XAudio2_1.dll
2016-04-20 20:53:39 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2016-04-20 20:53:38 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2016-04-20 20:53:38 ----A---- C:\Windows\system32\xactengine3_1.dll
2016-04-20 20:53:37 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2016-04-20 20:53:37 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2016-04-20 20:53:35 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2016-04-20 20:53:35 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2016-04-20 20:53:35 ----A---- C:\Windows\system32\d3dx10_38.dll
2016-04-20 20:53:35 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2016-04-20 20:53:34 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2016-04-20 20:53:34 ----A---- C:\Windows\system32\D3DX9_38.dll
2016-04-20 20:53:33 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2016-04-20 20:53:33 ----A---- C:\Windows\system32\XAudio2_0.dll
2016-04-20 20:53:32 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2016-04-20 20:53:32 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2016-04-20 20:53:32 ----A---- C:\Windows\system32\xactengine3_0.dll
2016-04-20 20:53:32 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2016-04-20 20:53:31 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2016-04-20 20:53:31 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2016-04-20 20:53:31 ----A---- C:\Windows\system32\d3dx10_37.dll
2016-04-20 20:53:31 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2016-04-20 20:53:29 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2016-04-20 20:53:29 ----A---- C:\Windows\system32\D3DX9_37.dll
2016-04-20 20:53:28 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2016-04-20 20:53:28 ----A---- C:\Windows\system32\xactengine2_10.dll
2016-04-20 20:53:27 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2016-04-20 20:53:27 ----A---- C:\Windows\system32\d3dx10_36.dll
2016-04-20 20:53:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2016-04-20 20:53:26 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2016-04-20 20:53:25 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2016-04-20 20:53:25 ----A---- C:\Windows\system32\d3dx9_36.dll
2016-04-20 20:53:24 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2016-04-20 20:53:24 ----A---- C:\Windows\system32\xactengine2_9.dll
2016-04-20 20:53:23 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2016-04-20 20:53:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2016-04-20 20:53:23 ----A---- C:\Windows\system32\d3dx10_35.dll
2016-04-20 20:53:23 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2016-04-20 20:53:22 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2016-04-20 20:53:22 ----A---- C:\Windows\system32\d3dx9_35.dll
2016-04-20 20:53:21 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2016-04-20 20:53:21 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2016-04-20 20:53:21 ----A---- C:\Windows\system32\xactengine2_8.dll
2016-04-20 20:53:21 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2016-04-20 20:53:20 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2016-04-20 20:53:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2016-04-20 20:53:20 ----A---- C:\Windows\system32\d3dx10_34.dll
2016-04-20 20:53:20 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2016-04-20 20:53:18 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2016-04-20 20:53:18 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2016-04-20 20:53:18 ----A---- C:\Windows\system32\xinput1_3.dll
2016-04-20 20:53:18 ----A---- C:\Windows\system32\d3dx9_34.dll
2016-04-20 20:53:17 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2016-04-20 20:53:17 ----A---- C:\Windows\system32\xactengine2_7.dll
2016-04-20 20:53:16 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2016-04-20 20:53:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2016-04-20 20:53:16 ----A---- C:\Windows\system32\d3dx10_33.dll
2016-04-20 20:53:16 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2016-04-20 20:53:14 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2016-04-20 20:53:14 ----A---- C:\Windows\system32\d3dx9_33.dll
2016-04-20 20:53:13 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2016-04-20 20:53:13 ----A---- C:\Windows\system32\xactengine2_6.dll
2016-04-20 20:53:12 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2016-04-20 20:53:12 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2016-04-20 20:53:12 ----A---- C:\Windows\system32\xactengine2_5.dll
2016-04-20 20:53:12 ----A---- C:\Windows\system32\d3dx10.dll
2016-04-20 20:53:11 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2016-04-20 20:53:11 ----A---- C:\Windows\system32\d3dx9_32.dll
2016-04-20 20:53:10 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2016-04-20 20:53:10 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2016-04-20 20:53:10 ----A---- C:\Windows\system32\xactengine2_4.dll
2016-04-20 20:53:10 ----A---- C:\Windows\system32\x3daudio1_1.dll
2016-04-20 20:53:09 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2016-04-20 20:53:09 ----A---- C:\Windows\system32\d3dx9_31.dll
2016-04-20 20:53:08 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2016-04-20 20:53:08 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2016-04-20 20:53:08 ----A---- C:\Windows\system32\xinput1_2.dll
2016-04-20 20:53:08 ----A---- C:\Windows\system32\xactengine2_3.dll
2016-04-20 20:53:07 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2016-04-20 20:53:07 ----A---- C:\Windows\system32\xactengine2_2.dll
2016-04-20 20:53:06 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2016-04-20 20:53:06 ----A---- C:\Windows\system32\xinput1_1.dll
2016-04-20 20:53:05 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2016-04-20 20:53:05 ----A---- C:\Windows\system32\xactengine2_1.dll
2016-04-20 20:52:57 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2016-04-20 20:52:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2016-04-20 20:52:54 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2016-04-20 20:52:54 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2016-04-20 20:52:54 ----A---- C:\Windows\system32\xactengine2_0.dll
2016-04-20 20:52:54 ----A---- C:\Windows\system32\x3daudio1_0.dll
2016-04-20 20:52:53 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2016-04-20 20:52:53 ----A---- C:\Windows\system32\d3dx9_29.dll
2016-04-20 20:52:52 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2016-04-20 20:52:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2016-04-20 20:52:51 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2016-04-20 20:52:51 ----A---- C:\Windows\system32\d3dx9_27.dll
2016-04-20 20:52:50 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2016-04-20 20:52:50 ----A---- C:\Windows\system32\d3dx9_26.dll
2016-04-20 20:52:49 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2016-04-20 20:52:49 ----A---- C:\Windows\system32\d3dx9_25.dll
2016-04-20 20:52:47 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2016-04-20 20:52:47 ----A---- C:\Windows\system32\d3dx9_24.dll
======List of files/folders modified in the last 1 month======
2016-05-19 18:24:49 ----RD---- C:\Program Files
2016-05-19 18:00:00 ----D---- C:\Windows\system32\sru
2016-05-19 17:47:26 ----D---- C:\Program Files\WinRAR
2016-05-19 17:31:21 ----RD---- C:\Program Files (x86)
2016-05-19 17:12:01 ----SHD---- C:\Windows\Installer
2016-05-19 17:11:59 ----RD---- C:\Windows\System32
2016-05-19 16:13:11 ----D---- C:\Windows
2016-05-19 16:08:42 ----HD---- C:\ProgramData
2016-05-19 15:19:52 ----D---- C:\Windows\system32\drivers\etc
2016-05-19 15:17:05 ----D---- C:\Windows\SysWOW64
2016-05-19 05:50:38 ----D---- C:\Windows\Microsoft.NET
2016-05-18 22:30:24 ----D---- C:\Windows\system32\drivers
2016-05-18 22:29:33 ----SHD---- C:\System Volume Information
2016-05-18 22:04:37 ----D---- C:\AdwCleaner
2016-05-18 17:58:12 ----D---- C:\Windows\system32\Tasks
2016-05-18 14:51:13 ----RSD---- C:\Windows\Fonts
2016-05-18 14:19:50 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2016-05-17 18:31:26 ----D---- C:\ProgramData\SP_FT_Logs
2016-05-17 15:30:13 ----D---- C:\Program Files\Common Files\AV
2016-05-17 15:26:54 ----D---- C:\Program Files (x86)\SpeedFan
2016-05-16 18:34:49 ----D---- C:\Windows\Inf
2016-05-16 18:34:45 ----D---- C:\Windows\LiveKernelReports
2016-05-13 19:50:02 ----D---- C:\Windows\debug
2016-05-13 15:52:40 ----RSD---- C:\Windows\assembly
2016-05-11 17:31:32 ----D---- C:\Windows\system32\config
2016-05-11 15:13:14 ----D---- C:\Windows\Tasks
2016-05-10 18:18:05 ----D---- C:\Windows\system32\DriverStore
2016-05-10 17:35:14 ----D---- C:\Windows\AppReadiness
2016-05-10 17:34:55 ----D---- C:\Windows\SoftwareDistribution
2016-05-09 19:11:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-04 15:15:24 ----D---- C:\Windows\WinSxS
2016-05-01 15:01:46 ----D---- C:\Windows\Logs
2016-05-01 07:25:43 ----D---- C:\Users\Pavel\AppData\Roaming\.minecraft
2016-04-30 15:47:24 ----SD---- C:\Windows\system32\CompatTel
2016-04-30 15:47:24 ----D---- C:\Windows\system32\wbem
2016-04-30 15:47:24 ----D---- C:\Windows\apppatch
2016-04-26 21:58:59 ----D---- C:\Windows\CbsTemp
2016-04-26 21:58:56 ----A---- C:\Windows\system32\fveapi.dll
2016-04-26 21:58:56 ----A---- C:\Windows\system32\bdesvc.dll
2016-04-26 21:57:10 ----A---- C:\Windows\system32\generaltel.dll
2016-04-26 21:57:08 ----A---- C:\Windows\system32\aepic.dll
2016-04-26 21:57:07 ----A---- C:\Windows\system32\devinv.dll
2016-04-26 21:57:07 ----A---- C:\Windows\system32\aeinv.dll
2016-04-26 21:54:49 ----HD---- C:\Program Files\WindowsApps
2016-04-26 20:18:54 ----D---- C:\Windows\Prefetch
2016-04-26 20:15:22 ----D---- C:\Windows\twain_32
2016-04-25 22:15:16 ----D---- C:\Windows\system32\LogFiles
2016-04-25 21:36:03 ----D---- C:\Windows\Panther
2016-04-25 21:34:59 ----D---- C:\Users\Pavel\AppData\Roaming\Adobe
2016-04-24 21:15:37 ----D---- C:\Program Files\Common Files\microsoft shared
2016-04-24 21:13:54 ----D---- C:\Program Files\Common Files
2016-04-24 21:11:04 ----D---- C:\Program Files (x86)\Common Files
2016-04-24 16:34:38 ----HD---- C:\Windows\system32\GroupPolicy
2016-04-24 16:34:38 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-04-21 20:39:05 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-21 20:06:46 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2016-04-21 20:06:34 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-04-20 21:16:09 ----SD---- C:\ProgramData\Microsoft
2016-04-20 17:43:32 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2014-10-10 241368]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2014-10-10 158968]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AthBTPort;@oem5.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-12-24 89800]
R3 athr;@oem1.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-12-12 3881472]
R3 BTATH_A2DP;@oem4.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-12-24 338120]
R3 btath_avdt;@oem4.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-12-24 116424]
R3 BTATH_BUS;@oem2.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-12-24 34384]
R3 BTATH_HCRP;@oem7.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-12-24 179432]
R3 BTATH_LWFLT;@oem9.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-12-24 77464]
R3 BTATH_RCP;@oem11.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-12-24 137928]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-12-24 597192]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2015-06-10 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-11-21 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-10 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-01-13 3793872]
R3 IntcDAud;@oem15.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem16.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-05-19 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 65408]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RSBASTOR;@oem17.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2013-09-04 309976]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SensorsSimulatorDriver;@oem33.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
R3 TXEIx64;@oem6.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\Windows\System32\drivers\TXEIx64.sys [2013-07-01 87568]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-11-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-03-04 127456]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-06-10 1201664]
S3 DIRECTIO;DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [2015-03-10 31376]
S3 Hamachi;LogMeIn Hamachi Virtual Miniport); C:\Windows\system32\DRIVERS\Hamdrv.sys [2016-03-22 45680]
S3 intaud_WaveExtensible;@oem14.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2015-12-01 50160]
S3 IT9135BDA;@oem29.inf,%IT9135Devcie.FriendlyName%;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2016-03-27 165504]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2016-03-09 21984]
S3 usbser;@oem32.inf,%Serial.SvcDesc%;USB Serial Emulation Driver; C:\Windows\system32\DRIVERS\usbser.sys [2014-11-04 33280]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-12-24 318592]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-10-01 1349576]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2016-01-13 319096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-01 733696]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2016-02-27 131784]
R2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2016-03-09 118424]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26 144200]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-04-03 51376]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-01-13 280696]
S3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26 144200]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-01 822232]
S3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]
-----------------EOF-----------------
+ soubor info
info.txt logfile of random's system information tool 1.10 2016-05-19 18:25:12
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AEEE815E400008020210007BE122C0008000000F00A0000BE132C07FEFFFF00F80A0000602D3A000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Active Directory Authentication Library for SQL Server (x86)-->MsiExec.exe /I{44DC843A-C591-4064-BE1F-2BDC177AF50C}
Active Directory Authentication Library for SQL Server-->MsiExec.exe /I{E646D196-A17B-4F14-BE7B-F774527FE5E0}
Android SDK Tools-->C:\Users\Pavel\AppData\Local\Android\android-sdk\uninstall.exe
ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x9
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CPUID CPU-Z 1.75-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
CrystalDiskInfo 6.8.0-->"C:\Program Files (x86)\CrystalDiskInfo\unins000.exe"
Debloater-->MsiExec.exe /I{2045C97A-8D9A-47E2-A76A-E6A69CB7030B}
ESET NOD32 Antivirus-->MsiExec.exe /I{AB1AA952-0F66-42B2-B8B0-6B94FC500132}
Fraps-->"C:\Fraps\uninstall.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Group Shot-->MsiExec.exe /I{3C2D985F-E44C-4BB0-986B-CF0C4BECA9DF}
HD Tune 2.55-->"C:\Program Files (x86)\HD Tune\unins000.exe"
IIS 10.0 Express-->MsiExec.exe /X{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}
IIS Express Application Compatibility Database for x64-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\Custom64\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb"
IIS Express Application Compatibility Database for x86-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb"
Intel(R) Driver Update Utility 2.4-->MsiExec.exe /X{B731F5C4-E304-4DFA-9C84-F67FF849B408}
Intel(R) Processor Graphics-->"C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
Intel(R) Product Improvement Program-->MsiExec.exe /I{E954D7C1-36FA-4FE8-8927-97DBDEB5A15F}
Intel(R) Trusted Execution Engine Driver-->MsiExec.exe /I{3685B5E8-A0A8-494B-B035-B221547A4B63}
Intel(R) Trusted Execution Engine-->"C:\ProgramData\Intel\Package Cache\{176E2755-0A17-42C6-88E2-192AB2131278}\Setup.exe" -uninstall
Intel(R) Trusted Execution Engine-->MsiExec.exe /I{BCCACFE6-91A0-4F32-80A0-ADC0CA048C7B}
Intel® Driver Update Utility-->"C:\ProgramData\Package Cache\{1b09c4de-9cae-4122-b17c-65d395062b50}\Intel Driver Update Utility Installer.exe" /uninstall
Java 8 Update 77-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218077F0}
Java(TM) 6 Update 45 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416045FF}
Lenovo Smart Assistant 1.03-->C:\Program Files (x86)\Lenovo Smart Assistant\uninst.exe
Malwarebytes Anti-Malware verze 2.2.1.1043-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack-->MsiExec.exe /X{6A0C6700-EA93-372C-8871-DCCF13D160A4}
Microsoft .NET Framework 4.6.1 Developer Pack (CSY)-->"C:\ProgramData\Package Cache\{f246427c-ba07-4464-839c-d9e302f19375}\NDP461-DevPack-KB3105179-CSY.exe" /uninstall
Microsoft .NET Framework 4.6.1 Developer Pack-->"C:\ProgramData\Package Cache\{463d5540-8dfd-4eef-92e5-b729b3b73cfb}\NDP461-DevPack-KB3105179-ENU.exe" /uninstall
Microsoft .NET Framework 4.6.1 SDK (čeština)-->MsiExec.exe /X{E249803A-BD5B-4FDC-A630-976C2971F5B4}
Microsoft .NET Framework 4.6.1 SDK-->MsiExec.exe /X{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština)-->MsiExec.exe /X{25C7677B-0398-46A3-A0EE-7B393D20FA30}
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU)-->MsiExec.exe /X{8EEB28EE-5141-411C-9CF0-9952264FE4AF}
Microsoft .NET Framework 4.6.1 Targeting Pack-->MsiExec.exe /X{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}
Microsoft Help Viewer 2.2-->MsiExec.exe /X{358AD966-5D2F-390C-B4F3-E93852CD8EAD}
Microsoft Help Viewer 2.2-->msiexec.exe /X{358AD966-5D2F-390C-B4F3-E93852CD8EAD}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2012 Command Line Utilities -->MsiExec.exe /I{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}
Microsoft SQL Server 2012 Native Client -->MsiExec.exe /I{49D665A2-4C2A-476E-9AB8-FCC425F526FC}
Microsoft SQL Server 2014 Management Objects (x64)-->MsiExec.exe /I{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}
Microsoft SQL Server 2014 Management Objects -->MsiExec.exe /I{2774595F-BC2A-4B12-A25B-0C37A37049B0}
Microsoft SQL Server 2014 Transact-SQL ScriptDom -->MsiExec.exe /I{020CDFE0-C127-4047-B571-37C82396B662}
Microsoft SQL Server 2014 T-SQL Language Service -->MsiExec.exe /I{47D08E7A-92A1-489B-B0BF-415516497BCE}
Microsoft SQL Server 2016 LocalDB RC0-->MsiExec.exe /I{9CED5D08-5664-4668-A927-CD6C60C4175D}
Microsoft SQL Server 2016 Management Objects RC0 (x64)-->MsiExec.exe /I{F6F8053F-D328-4ACA-93A1-A49E495899F2}
Microsoft SQL Server 2016 Management Objects RC0-->MsiExec.exe /I{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}
Microsoft SQL Server 2016 T-SQL Language Service RC0-->MsiExec.exe /I{1852BD30-570B-4E47-8752-461448E8E250}
Microsoft SQL Server 2016 T-SQL ScriptDom RC0-->MsiExec.exe /I{D9F55D00-A8AB-4518-A56E-D9D5E615542A}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server Compact 4.0 SP1 x64 ENU-->MsiExec.exe /X{78909610-D229-459C-A936-25D92283D3FD}
Microsoft SQL Server Data Tools - enu (14.0.60311.1)-->MsiExec.exe /X{28292CA9-8D65-4E37-95A3-753EEB38F122}
Microsoft System CLR Types for SQL Server 2014-->MsiExec.exe /I{091CE6AA-2753-4F6E-AD1C-0E875744EB54}
Microsoft System CLR Types for SQL Server 2014-->MsiExec.exe /I{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}
Microsoft System CLR Types for SQL Server 2016 RC0-->MsiExec.exe /I{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}
Microsoft System CLR Types for SQL Server 2016 RC0-->MsiExec.exe /I{495CC0B4-D4C3-4D87-8317-F66BA48C5552}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610-->"C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610-->"C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918-->"C:\ProgramData\Package Cache\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918-->"C:\ProgramData\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918-->MsiExec.exe /X{DFFEB619-5455-3697-B145-243D936DB95B}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918-->MsiExec.exe /X{7B50D081-E670-3B43-A460-0E2CDB5CE984}
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918-->MsiExec.exe /X{BD9CFD69-EB91-354E-9C98-D439E6091932}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918-->MsiExec.exe /X{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}
Microsoft Visual Studio 2015 Shell (Minimum) Interop Assemblies-->MsiExec.exe /I{8A9AA17A-EF34-331C-8FB0-134269533C1B}
Microsoft Web Deploy 3.6-->MsiExec.exe /I{94E1227C-08A9-4962-B388-1F05D89AEA75}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
PerformanceTest v8.0-->"C:\Program Files\PerformanceTest\unins000.exe"
Prerequisites for SSDT -->MsiExec.exe /I{21373064-AD95-48DB-A32E-0D9E08EF7355}
Prerequisites for SSDT RC0-->MsiExec.exe /I{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}
ProgDVB x64-->C:\Program Files\ProgDVB\uninstall.exe
ProgDVB-->C:\Program Files (x86)\ProgDVB\uninstall.exe
QuadcoreM2-->MsiExec.exe /I{03C42CFB-61F6-4EC4-8746-F9DD1EF34B05}
Qualcomm Atheros WLAN and Bluetooth Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.EXE" -runfromtemp -l0x0405 -removeonly
Quicksys RegDefrag 2.9-->"C:\Program Files (x86)\Quicksys\RegDefrag\unins000.exe"
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Resource Hacker Version 4.2.5-->"C:\Program Files (x86)\Resource Hacker\unins000.exe"
Roslyn Language Services - x86-->MsiExec.exe /I{289B0100-DE41-3E67-B7B0-98CB3AA72166}
Rust Client v12.08.2014-->C:\ProgramData\Caphyon\Advanced Installer\{D0337311-EEE0-4851-A02F-F3DA5D38CFF4}\Rust Client v12.08.2014.exe /x {D0337311-EEE0-4851-A02F-F3DA5D38CFF4}
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Unlocker 1.9.0-x64-->C:\Program Files\Unlocker\uninst.exe
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 5.31 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 16-->"C:\Program Files\Zoner\Photo Studio 16\unins000.exe"
Zoner Photo Studio 18-->"C:\Program Files\Zoner\Photo Studio 18\unins001.exe"
======Hosts File======
127.0.0.1 localhost
======System event log======
Computer Name: WIN-32QA9ECKBKJ
Event Code: 13
Message: Operační systém se vypíná v systémovém čase 2014-11-21T12:25:47.969531100Z.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20141121122547.969531-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 109
Message: Správce napájení jádra inicioval přechod do režimu vypnutí.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20141121122547.485155-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20160326201631.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 6009
Message: Microsoft (R) Windows (R) 6.03. 9600 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20160326201631.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z WIN-32QA9ECKBKJ na WIN-OMPR3IAONEN.
Record Number: 1
Source Name: EventLog
Time Written: 20160326201631.000000-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: WIN-32QA9ECKBKJ
Event Code: 102
Message: svchost (1720) Instance: Databázový stroj (6.03.9600.0000) spouští novou instanci (0).
Record Number: 5
Source Name: ESENT
Time Written: 20160326201704.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 9002
Message: Nepodařilo se spustit Správce oken plochy.
Record Number: 4
Source Name: Desktop Window Manager
Time Written: 20160326201656.000000-000
Event Type: Informace
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20160326201639.037167-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: WIN-32QA9ECKBKJ
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160326201632.174829-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20160326201632.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201621.330159-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-32QA9ECKBKJ$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Typ přihlášení: 5
Úroveň zosobnění: Zosobnění
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x1e8
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201621.330159-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.
Počet prvků: 0
ID zásady: 0x3E4DA
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201619.780459-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0
Typ přihlášení: 0
Úroveň zosobnění: -
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x4
Název procesu:
Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201618.160196-000
Event Type: Úspěšný audit
User:
Computer Name: WIN-32QA9ECKBKJ
Event Code: 4608
Message: Spouští se systém Windows.
Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160326201618.025240-000
Event Type: Úspěšný audit
User:
======Environment variables======
"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 55 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=3703
"VS140COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\Tools\
"ESET_OPTIONS"=
-----------------EOF-----------------
