Dobrý den, prosím o kontrolu logu.
Počítač se zpomalil, strašně dlouho se otevírá Windows, firefox i internet explorer běží hrozně pomalu a skoro se nedá používat. Před časem jsem dělal obnovu systému do nějakého staršího bodu obnovení, který byl asi špatný. Pak se načetly aktualizace, pak to začalo zlobit a už jsem nenašel žádný starší bod obnovení kromě jednoho. Počítač se obnovil do tohoto bodu, ale od té doby je to čím dál horší.
Přikládám log z RSIT, spuštěno v nouzovém režimu se sítí:
Děkuji,
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-29 07:57:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 52 GB (11%) free of 464 GB
Total RAM: 4007 MB (82% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:57:07, on 29.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11805 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
prefs.js - "browser.startup.homepage" - "www.google.com"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\
2020Player_IKEA@2020Technologies.com
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions.json
20-20 3D Viewer - IKEA - extension - 2020Player_IKEA@2020Technologies.com - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\2020Player_IKEA@2020Technologies.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
Avast Online Security - webextension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF48
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
Plugin - Shockwave Flash - 25.0.0.148 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-03 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-03 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-03 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-03 193136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-26 21:37:20 ----D---- C:\ProgramData\SWCUTemp
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-29 07:57:04 ----D---- C:\Program Files\trend micro
2017-04-29 07:53:14 ----D---- C:\Windows\System32
2017-04-29 07:53:14 ----D---- C:\Windows\inf
2017-04-29 07:53:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-29 07:49:47 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 07:42:38 ----D---- C:\Windows\Temp
2017-04-29 07:34:54 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-29 07:32:39 ----D---- C:\Windows\system32\config
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-27 21:08:27 ----SHD---- C:\Windows\Installer
2017-04-27 21:08:24 ----D---- C:\Config.Msi
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:22 ----RD---- C:\Program Files (x86)
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-26 21:37:20 ----D---- C:\ProgramData
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-22 20:21:00 ----D---- C:\Windows\system32\drivers
2017-04-16 12:30:07 ----D---- C:\Windows\Minidump
2017-04-16 12:29:56 ----D---- C:\Windows
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
2017-03-30 19:24:18 ----SD---- C:\Windows\system32\CompatTel
2017-03-30 19:24:18 ----D---- C:\Windows\system32\appraiser
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
S0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
S0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
S0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
S0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
S0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
S0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
S1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-05 556784]
S1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
S1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
S1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
S1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
S1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-05 127112]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-09-26 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
S2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
S2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
S2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 173512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalý počítač, nejde Internet explorer a Firefox
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač, nejde Internet explorer a Firefox
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač, nejde Internet explorer a Firefox
Zde je log:
# AdwCleaner v6.046 - Log vytvořen 29/04/2017 v 20:34:19
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-29.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Dan - CYPRIS
# Spuštěno z : C:\Users\Dan\Desktop\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.slunecnice.cz
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1807 Bajty] - [29/04/2017 20:34:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [2226 Bajty] - [29/04/2017 20:13:09]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1953 Bajty] ##########
# AdwCleaner v6.046 - Log vytvořen 29/04/2017 v 20:34:19
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-04-29.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Dan - CYPRIS
# Spuštěno z : C:\Users\Dan\Desktop\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.slunecnice.cz
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1807 Bajty] - [29/04/2017 20:34:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [2226 Bajty] - [29/04/2017 20:13:09]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1953 Bajty] ##########
Re: Pomalý počítač, nejde Internet explorer a Firefox
Ten ADW jsem pustil v normálním režimu, pak něco smazal, ale stejně nešel Firefox. Resp. načetl se hrozně pomalu, pak jakoby zasvětlal a zablokoval se počítač. Já jsem předtím ještě nainstaloval Malwarebytes, spustil jsem sken, ten nic nenašel a tak jsem ho zase odinstaloval.
Re: Pomalý počítač, nejde Internet explorer a Firefox
Zde je pro pořádek ještě ten log z Malwarebytes:
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 29.04.17
Čas skenování: 8:30
Logovací soubor: mbytes.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.1713
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 418592
Uplynulý čas: 11 min, 54 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 29.04.17
Čas skenování: 8:30
Logovací soubor: mbytes.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.1713
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 418592
Uplynulý čas: 11 min, 54 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač, nejde Internet explorer a Firefox
OK. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač, nejde Internet explorer a Firefox
OK, tady je a dělal jsem to v nouzovém režimu:
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-29 21:38:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 52 GB (11%) free of 464 GB
Total RAM: 4007 MB (78% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:38:53, on 29.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [DeleteOnReboot] C:\Users\Dan\AppData\Local\Temp\DeleteOnReboot.bat
O4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[C0].txt
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11962 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:865294 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:3945498 /prefetch:2
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
prefs.js - "browser.startup.homepage" - "www.google.com"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\
2020Player_IKEA@2020Technologies.com
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions.json
20-20 3D Viewer - IKEA - extension - 2020Player_IKEA@2020Technologies.com - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\2020Player_IKEA@2020Technologies.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
Avast Online Security - webextension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF48
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
Plugin - Shockwave Flash - 25.0.0.148 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-03 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-03 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-03 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-03 193136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=C:\AdwCleaner\AdwCleaner[C0].txt [2017-04-29 2056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteOnReboot"=C:\Users\Dan\AppData\Local\Temp\DeleteOnReboot.bat [2017-04-29 500]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 20:05:21 ----D---- C:\AdwCleaner
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-29 21:38:50 ----D---- C:\Program Files\trend micro
2017-04-29 20:46:36 ----D---- C:\Windows\Temp
2017-04-29 20:44:20 ----D---- C:\Windows\System32
2017-04-29 20:44:20 ----D---- C:\Windows\inf
2017-04-29 20:44:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 20:40:32 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 20:36:46 ----D---- C:\Windows\system32\config
2017-04-29 20:35:25 ----RD---- C:\Program Files
2017-04-29 20:35:23 ----D---- C:\Windows\system32\drivers
2017-04-29 20:34:53 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-29 20:34:52 ----D---- C:\ProgramData
2017-04-29 20:07:43 ----D---- C:\ProgramData\Malwarebytes
2017-04-29 20:04:53 ----SHD---- C:\Windows\Installer
2017-04-29 20:04:53 ----D---- C:\Config.Msi
2017-04-29 19:55:33 ----RD---- C:\Program Files (x86)
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-16 12:30:07 ----D---- C:\Windows\Minidump
2017-04-16 12:29:56 ----D---- C:\Windows
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
2017-03-30 19:24:18 ----SD---- C:\Windows\system32\CompatTel
2017-03-30 19:24:18 ----D---- C:\Windows\system32\appraiser
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
S0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
S0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
S0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
S0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
S0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
S0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
S1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
S1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
S1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
S1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
S1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
S1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
S2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
S2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
S2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 173512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-29 21:38:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 52 GB (11%) free of 464 GB
Total RAM: 4007 MB (78% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:38:53, on 29.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [DeleteOnReboot] C:\Users\Dan\AppData\Local\Temp\DeleteOnReboot.bat
O4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[C0].txt
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11962 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:865294 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:3945498 /prefetch:2
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
prefs.js - "browser.startup.homepage" - "www.google.com"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\
2020Player_IKEA@2020Technologies.com
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions.json
20-20 3D Viewer - IKEA - extension - 2020Player_IKEA@2020Technologies.com - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\2020Player_IKEA@2020Technologies.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
Avast Online Security - webextension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF48
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
Plugin - Shockwave Flash - 25.0.0.148 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-03 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-03 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-03 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-03 193136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=C:\AdwCleaner\AdwCleaner[C0].txt [2017-04-29 2056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteOnReboot"=C:\Users\Dan\AppData\Local\Temp\DeleteOnReboot.bat [2017-04-29 500]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 20:05:21 ----D---- C:\AdwCleaner
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-29 21:38:50 ----D---- C:\Program Files\trend micro
2017-04-29 20:46:36 ----D---- C:\Windows\Temp
2017-04-29 20:44:20 ----D---- C:\Windows\System32
2017-04-29 20:44:20 ----D---- C:\Windows\inf
2017-04-29 20:44:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 20:40:32 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 20:36:46 ----D---- C:\Windows\system32\config
2017-04-29 20:35:25 ----RD---- C:\Program Files
2017-04-29 20:35:23 ----D---- C:\Windows\system32\drivers
2017-04-29 20:34:53 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-29 20:34:52 ----D---- C:\ProgramData
2017-04-29 20:07:43 ----D---- C:\ProgramData\Malwarebytes
2017-04-29 20:04:53 ----SHD---- C:\Windows\Installer
2017-04-29 20:04:53 ----D---- C:\Config.Msi
2017-04-29 19:55:33 ----RD---- C:\Program Files (x86)
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-16 12:30:07 ----D---- C:\Windows\Minidump
2017-04-16 12:29:56 ----D---- C:\Windows
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
2017-03-30 19:24:18 ----SD---- C:\Windows\system32\CompatTel
2017-03-30 19:24:18 ----D---- C:\Windows\system32\appraiser
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
S0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
S0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
S0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
S0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
S0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
S0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
S1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
S1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
S1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
S1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
S1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
S1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
S2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
S2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
S2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 173512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač, nejde Internet explorer a Firefox
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Program Files (x86)\Google\Google Toolbar
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
c:\Windows\system32\drivers\asw*.tmp
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]/64
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač, nejde Internet explorer a Firefox
Díky moc ! Udělal jsem to a tady je log:
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-29 23:14:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 58 GB (12%) free of 464 GB
Total RAM: 4007 MB (63% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:14:06, on 29.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [OTM] "C:\Users\Dan\Desktop\OTM.exe"
O4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[C0].txt
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11595 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:728 CREDAT:275457 /prefetch:2
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
prefs.js - "browser.startup.homepage" - "www.google.com"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\
2020Player_IKEA@2020Technologies.com
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions.json
20-20 3D Viewer - IKEA - extension - 2020Player_IKEA@2020Technologies.com - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\2020Player_IKEA@2020Technologies.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
Avast Online Security - webextension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF48
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
Plugin - Shockwave Flash - 25.0.0.148 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=C:\AdwCleaner\AdwCleaner[C0].txt [2017-04-29 2056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"=C:\Users\Dan\Desktop\OTM.exe [2017-04-29 522240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 23:06:03 ----D---- C:\ProgramData\SWCUTemp
2017-04-29 22:59:42 ----D---- C:\_OTM
2017-04-29 20:05:21 ----D---- C:\AdwCleaner
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-29 23:14:04 ----D---- C:\Program Files\trend micro
2017-04-29 23:11:17 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 23:07:49 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-29 23:07:39 ----D---- C:\Windows\Temp
2017-04-29 23:06:03 ----D---- C:\ProgramData
2017-04-29 22:59:43 ----D---- C:\Program Files (x86)\Google
2017-04-29 22:58:37 ----D---- C:\Windows\System32
2017-04-29 22:58:37 ----D---- C:\Windows\inf
2017-04-29 22:58:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 20:36:46 ----D---- C:\Windows\system32\config
2017-04-29 20:35:25 ----RD---- C:\Program Files
2017-04-29 20:35:23 ----D---- C:\Windows\system32\drivers
2017-04-29 20:07:43 ----D---- C:\ProgramData\Malwarebytes
2017-04-29 20:04:53 ----SHD---- C:\Windows\Installer
2017-04-29 20:04:53 ----D---- C:\Config.Msi
2017-04-29 19:55:33 ----RD---- C:\Program Files (x86)
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-16 12:30:07 ----D---- C:\Windows\Minidump
2017-04-16 12:29:56 ----D---- C:\Windows
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
2017-03-30 19:24:18 ----SD---- C:\Windows\system32\CompatTel
2017-03-30 19:24:18 ----D---- C:\Windows\system32\appraiser
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
S0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
S0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
S0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
S0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
S0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
S0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
S1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
S1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
S1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
S1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
S1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
S1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
S2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
S2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
S2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 173512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
Bohužel stále v normálním režimu nejde spustit Firefox... Resp. zablokuje PC...
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-29 23:14:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 58 GB (12%) free of 464 GB
Total RAM: 4007 MB (63% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:14:06, on 29.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [OTM] "C:\Users\Dan\Desktop\OTM.exe"
O4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[C0].txt
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11595 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:728 CREDAT:275457 /prefetch:2
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Mozilla firefox=========
ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
prefs.js - "browser.startup.homepage" - "www.google.com"
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.148 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\
2020Player_IKEA@2020Technologies.com
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions.json
20-20 3D Viewer - IKEA - extension - 2020Player_IKEA@2020Technologies.com - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\2020Player_IKEA@2020Technologies.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Avast SafePrice - webextension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
Avast Online Security - webextension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF48
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\pluginreg.dat
Plugin - Shockwave Flash - 25.0.0.127 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
Plugin - Shockwave Flash - 25.0.0.148 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=C:\AdwCleaner\AdwCleaner[C0].txt [2017-04-29 2056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"=C:\Users\Dan\Desktop\OTM.exe [2017-04-29 522240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 23:06:03 ----D---- C:\ProgramData\SWCUTemp
2017-04-29 22:59:42 ----D---- C:\_OTM
2017-04-29 20:05:21 ----D---- C:\AdwCleaner
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-29 23:14:04 ----D---- C:\Program Files\trend micro
2017-04-29 23:11:17 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 23:07:49 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-29 23:07:39 ----D---- C:\Windows\Temp
2017-04-29 23:06:03 ----D---- C:\ProgramData
2017-04-29 22:59:43 ----D---- C:\Program Files (x86)\Google
2017-04-29 22:58:37 ----D---- C:\Windows\System32
2017-04-29 22:58:37 ----D---- C:\Windows\inf
2017-04-29 22:58:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 20:36:46 ----D---- C:\Windows\system32\config
2017-04-29 20:35:25 ----RD---- C:\Program Files
2017-04-29 20:35:23 ----D---- C:\Windows\system32\drivers
2017-04-29 20:07:43 ----D---- C:\ProgramData\Malwarebytes
2017-04-29 20:04:53 ----SHD---- C:\Windows\Installer
2017-04-29 20:04:53 ----D---- C:\Config.Msi
2017-04-29 19:55:33 ----RD---- C:\Program Files (x86)
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-27 21:12:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-16 12:30:07 ----D---- C:\Windows\Minidump
2017-04-16 12:29:56 ----D---- C:\Windows
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
2017-03-30 19:24:18 ----SD---- C:\Windows\system32\CompatTel
2017-03-30 19:24:18 ----D---- C:\Windows\system32\appraiser
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
S0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
S0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
S0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
S0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
S0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
S0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
S1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
S1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
S1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
S1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
S1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
S1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
S2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
S2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
S2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 173512]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
Bohužel stále v normálním režimu nejde spustit Firefox... Resp. zablokuje PC...
Re: Pomalý počítač, nejde Internet explorer a Firefox
Tady je ještě log z normálního režimu. Nejdřív mi to hodilo modrou smrt, ale podruhé se to podařilo.
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-30 08:17:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 58 GB (12%) free of 464 GB
Total RAM: 4007 MB (55% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:42, on 30.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\AVAST Software\Avast\AvLaunch.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11674 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
C:\Windows\system32\WLANExt.exe 28523856
\??\C:\Windows\system32\conhost.exe "-1140367054239146101-10653623866292063141313891110-15022572161196672727-938671096
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE" -Embedding
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\04292017_225942.log
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe"
"C:\Program Files\File Association Helper\FAHWindow.exe" register
"C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[C0].txt
C:\Windows\SysWOW64\rundll32.exe
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 23:06:03 ----D---- C:\ProgramData\SWCUTemp
2017-04-29 22:59:42 ----D---- C:\_OTM
2017-04-29 20:05:21 ----D---- C:\AdwCleaner
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-30 08:17:40 ----D---- C:\Program Files\trend micro
2017-04-30 08:14:56 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-30 08:13:00 ----D---- C:\Windows\Temp
2017-04-30 08:11:50 ----D---- C:\Windows\Minidump
2017-04-30 08:11:46 ----D---- C:\Windows
2017-04-30 08:00:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-30 07:59:00 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 23:15:02 ----D---- C:\Windows\System32
2017-04-29 23:15:02 ----D---- C:\Windows\inf
2017-04-29 23:15:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 23:06:03 ----D---- C:\ProgramData
2017-04-29 22:59:43 ----D---- C:\Program Files (x86)\Google
2017-04-29 20:36:46 ----D---- C:\Windows\system32\config
2017-04-29 20:35:25 ----RD---- C:\Program Files
2017-04-29 20:35:23 ----D---- C:\Windows\system32\drivers
2017-04-29 20:07:43 ----D---- C:\ProgramData\Malwarebytes
2017-04-29 20:04:53 ----SHD---- C:\Windows\Installer
2017-04-29 20:04:53 ----D---- C:\Config.Msi
2017-04-29 19:55:33 ----RD---- C:\Program Files (x86)
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
R1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by Dan at 2017-04-30 08:17:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 58 GB (12%) free of 464 GB
Total RAM: 4007 MB (55% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:42, on 30.4.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\AVAST Software\Avast\AvLaunch.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\trend micro\Dan_RSITx64.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A5E67D-D61A-4ABA-AA1C-3AC7B3D4F6CE}: NameServer = 77.234.40.79
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11674 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
C:\Windows\system32\WLANExt.exe 28523856
\??\C:\Windows\system32\conhost.exe "-1140367054239146101-10653623866292063141313891110-15022572161196672727-938671096
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE" -Embedding
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\04292017_225942.log
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe"
"C:\Program Files\File Association Helper\FAHWindow.exe" register
"C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[C0].txt
C:\Windows\SysWOW64\rundll32.exe
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Dan\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050A J611 series - "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1455135593 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1475521102 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\pcdrcui.exe -silentenumeration -st SystemToolsDailyTest
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-960529557-3528276582-3652460945-1003 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup - %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor - %systemroot%\system32\sdclt.exe /CHECKSKIPPED
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d - %windir%\system32\GWX\GWX.exe /event:10
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbjllphbppobebmjpjcijfbakobcheof 2 Rapport 1.14
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.30
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5316.725.0.15
Homepage:
default_search_provider.search_url:
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25 219304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05 895528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25 2340472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05 773920]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-12-17 1933584]
"TpShocks"=TpShocks.exe []
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-26 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-26 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-26 418840]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-01-27 41320]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-04-05 213824]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-05 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
====== List of files/folders created in the last 1 month ======
2017-04-29 23:06:03 ----D---- C:\ProgramData\SWCUTemp
2017-04-29 22:59:42 ----D---- C:\_OTM
2017-04-29 20:05:21 ----D---- C:\AdwCleaner
2017-04-29 07:57:01 ----D---- C:\rsit
2017-04-27 21:07:22 ----D---- C:\Program Files (x86)\Adobe
2017-04-15 09:22:29 ----A---- C:\Windows\system32\mshtml.dll
2017-04-15 09:22:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-04-15 09:22:26 ----A---- C:\Windows\system32\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-04-15 09:22:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-04-15 09:22:25 ----A---- C:\Windows\system32\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-04-15 09:22:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\wuaueng.dll
2017-04-15 09:22:24 ----A---- C:\Windows\system32\iertutil.dll
2017-04-15 09:22:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\win32k.sys
2017-04-15 09:22:23 ----A---- C:\Windows\system32\urlmon.dll
2017-04-15 09:22:23 ----A---- C:\Windows\system32\ole32.dll
2017-04-15 09:22:22 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wucltux.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\wuapi.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\win32spl.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\ucrtbase.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\samsrv.dll
2017-04-15 09:22:22 ----A---- C:\Windows\system32\quartz.dll
2017-04-15 09:22:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\gdi32.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\cdosys.dll
2017-04-15 09:22:21 ----A---- C:\Windows\system32\atmfd.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\ole32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\iedkcs32.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:20 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\jscript.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 09:22:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-04-15 09:22:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-04-15 09:22:17 ----A---- C:\Windows\system32\ntdll.dll
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-04-15 09:22:17 ----A---- C:\Windows\system32\asycfilt.dll
2017-04-15 09:22:16 ----A---- C:\Windows\system32\jscript9.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2017-04-15 09:22:15 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\webcheck.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\samlib.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\mfmjpegdec.dll
2017-04-15 09:22:15 ----A---- C:\Windows\system32\ie4uinit.exe
2017-04-15 09:22:15 ----A---- C:\Windows\system32\certcli.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups2.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wups.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\wudriver.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\vbscript.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\srcore.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\rpcrt4.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-04-15 09:22:14 ----A---- C:\Windows\system32\ieapfltr.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2017-04-15 09:22:13 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\wuauclt.exe
2017-04-15 09:22:13 ----A---- C:\Windows\system32\lsasrv.dll
2017-04-15 09:22:13 ----A---- C:\Windows\system32\ieui.dll
2017-04-15 09:22:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\srclient.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\smss.exe
2017-04-15 09:22:11 ----A---- C:\Windows\system32\msrating.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\mshtmled.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\kerberos.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtrans.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\dxtmsft.dll
2017-04-15 09:22:11 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-04-15 09:22:11 ----A---- C:\Windows\system32\advapi32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\schannel.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\rstrui.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\occache.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 09:22:10 ----A---- C:\Windows\system32\kernel32.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jsproxy.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-04-15 09:22:10 ----A---- C:\Windows\system32\conhost.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-04-15 09:22:09 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wuapp.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64win.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wow64.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\winsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\wdigest.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\TSpkg.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\sspicli.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\rpchttp.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ncrypt.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\msv1_0.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\KernelBase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\inseng.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iesetup.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\iernonce.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-04-15 09:22:09 ----A---- C:\Windows\system32\csrsrv.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cryptbase.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\cdd.dll
2017-04-15 09:22:09 ----A---- C:\Windows\system32\bcrypt.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 09:22:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\wow64cpu.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\sspisrv.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\secur32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\ntvdm64.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lsass.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\lpk.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\fontsub.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\drivers\appid.sys
2017-04-15 09:22:08 ----A---- C:\Windows\system32\dciman32.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\credssp.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\auditpol.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\atmlib.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidsvc.dll
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 09:22:08 ----A---- C:\Windows\system32\appidapi.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 09:22:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\user.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\tzres.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\msaudite.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\apisetschema.dll
2017-04-15 09:22:07 ----A---- C:\Windows\system32\adtschema.dll
2017-04-15 09:22:06 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\msobjs.dll
2017-04-15 09:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-04-14 21:34:25 ----A---- C:\Windows\system32\drivers\aswnetsec.sys
2017-04-14 21:33:32 ----A---- C:\Windows\system32\aswBoot.exe
====== List of files/folders modified in the last 1 month ======
2017-04-30 08:17:40 ----D---- C:\Program Files\trend micro
2017-04-30 08:14:56 ----A---- C:\Windows\SYSWOW64\log.txt
2017-04-30 08:13:00 ----D---- C:\Windows\Temp
2017-04-30 08:11:50 ----D---- C:\Windows\Minidump
2017-04-30 08:11:46 ----D---- C:\Windows
2017-04-30 08:00:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2017-04-30 07:59:00 ----A---- C:\Windows\ntbtlog.txt
2017-04-29 23:15:02 ----D---- C:\Windows\System32
2017-04-29 23:15:02 ----D---- C:\Windows\inf
2017-04-29 23:15:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-04-29 23:06:03 ----D---- C:\ProgramData
2017-04-29 22:59:43 ----D---- C:\Program Files (x86)\Google
2017-04-29 20:36:46 ----D---- C:\Windows\system32\config
2017-04-29 20:35:25 ----RD---- C:\Program Files
2017-04-29 20:35:23 ----D---- C:\Windows\system32\drivers
2017-04-29 20:07:43 ----D---- C:\ProgramData\Malwarebytes
2017-04-29 20:04:53 ----SHD---- C:\Windows\Installer
2017-04-29 20:04:53 ----D---- C:\Config.Msi
2017-04-29 19:55:33 ----RD---- C:\Program Files (x86)
2017-04-29 07:50:50 ----D---- C:\ProgramData\PCDr
2017-04-27 21:08:23 ----D---- C:\Windows\system32\Tasks
2017-04-27 21:07:30 ----D---- C:\Windows\SysWOW64
2017-04-27 21:07:04 ----D---- C:\ProgramData\Adobe
2017-04-23 13:14:25 ----SHD---- C:\System Volume Information
2017-04-22 20:53:57 ----D---- C:\Users\Dan\AppData\Roaming\vlc
2017-04-22 20:24:34 ----D---- C:\Windows\Prefetch
2017-04-16 03:45:22 ----D---- C:\Windows\winsxs
2017-04-16 03:42:16 ----D---- C:\Program Files\Microsoft Silverlight
2017-04-16 03:42:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-04-16 03:40:08 ----D---- C:\Windows\system32\catroot
2017-04-16 03:39:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-04-16 03:39:01 ----D---- C:\Program Files\Internet Explorer
2017-04-16 03:39:00 ----D---- C:\Windows\SYSWOW64\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\en-US
2017-04-16 03:38:56 ----D---- C:\Windows\system32\cs-CZ
2017-04-16 03:38:51 ----D---- C:\Windows\AppPatch
2017-04-16 03:38:51 ----D---- C:\Program Files (x86)\Internet Explorer
2017-04-16 03:38:50 ----D---- C:\Windows\system32\Boot
2017-04-16 03:25:24 ----D---- C:\Windows\Microsoft.NET
2017-04-16 03:21:09 ----RSD---- C:\Windows\assembly
2017-04-16 03:18:14 ----D---- C:\ProgramData\Microsoft Help
2017-04-16 03:16:41 ----D---- C:\Windows\system32\MRT
2017-04-16 03:09:47 ----AC---- C:\Windows\system32\MRT.exe
2017-04-16 03:07:09 ----D---- C:\Windows\system32\catroot2
2017-04-16 03:04:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-04-15 08:55:13 ----D---- C:\Windows\system32\wfp
2017-04-15 08:55:07 ----D---- C:\Windows\system32\wbem
2017-04-15 08:53:17 ----D---- C:\Windows\Tasks
2017-04-15 08:53:17 ----D---- C:\Windows\SYSWOW64\wbem
2017-04-15 08:53:16 ----D---- C:\Windows\system32\DriverStore
2017-04-15 08:53:07 ----D---- C:\Windows\system32\CodeIntegrity
2017-04-15 08:53:07 ----D---- C:\Windows\servicing
2017-04-15 08:52:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-04-15 08:51:23 ----D---- C:\Windows\registration
2017-04-14 21:35:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-04-14 21:34:49 ----D---- C:\Windows\system32\Macromed
2017-04-14 21:34:41 ----D---- C:\Windows\SYSWOW64\Macromed
2017-04-14 21:34:29 ----D---- C:\ProgramData\AVAST Software
2017-04-09 10:31:53 ----D---- C:\Windows\rescache
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4C7C.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4BCF.tmp
2017-04-05 21:03:54 ----A---- C:\Windows\system32\drivers\asw4B42.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw49F9.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw48D0.tmp
2017-04-05 21:03:53 ----A---- C:\Windows\system32\drivers\asw47F4.tmp
2017-04-05 21:03:52 ----A---- C:\Windows\system32\drivers\asw4709.tmp
2017-04-05 21:02:59 ----A---- C:\Windows\system32\drivers\asw469B.tmp
2017-04-05 21:02:58 ----A---- C:\Windows\system32\drivers\asw462D.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4590.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw44B4.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4417.tmp
2017-04-05 21:02:07 ----A---- C:\Windows\system32\drivers\asw4290.tmp
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-04-05 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-04-05 334088]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-04-05 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-04-05 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-04-05 339696]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2017-03-01 252288]
R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2017-03-01 506016]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-01-13 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-04-05 307736]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-04-05 32600]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-04-21 507416]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-04-05 101152]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-04-05 1005048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-04-29 556784]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
R1 RapportAegle64;RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-03-01 382432]
R1 RapportCerberus_1804047;RapportCerberus_1804047; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [2017-03-08 1264776]
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-03-01 582208]
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-03-01 605024]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-02-03 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-04-29 128648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-04-05 164064]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-02-05 8283136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-02-05 295424]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-11-23 1567360]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-09 42392]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-04-05 38296]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2017-02-24 53904]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-12-18 145960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-12-18 162344]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-12-18 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-02-02 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-02-05 203776]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-04-05 261712]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-04-14 310496]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-19 962848]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-09-11 2774104]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-03-01 2401264]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-04-05 7398336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-20 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14 271448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-10-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-25 114688]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-09-11 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-09-11 5132888]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-01-13 47728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-20 51320]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-20 135800]
-----------------EOF-----------------
Re: Pomalý počítač, nejde Internet explorer a Firefox
Firefox nejde ani v nouzovém režimu, tak jsem ho odinstaloval
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač, nejde Internet explorer a Firefox
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač, nejde Internet explorer a Firefox
Posílám log. Poprvé v normálním režimu mi to hodilo modrou smrt, v nouzovém už to šlo spustit. Mám v počítači nějaký reziduální zbytek malwarebytes z předchozí instalace, který nelze smazat...
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 30.04.17
Čas skenování: 21:24
Logovací soubor: mbytes.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.1713
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 417201
Uplynulý čas: 13 min, 17 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 30.04.17
Čas skenování: 21:24
Logovací soubor: mbytes.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.1713
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: System
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 417201
Uplynulý čas: 13 min, 17 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač, nejde Internet explorer a Firefox
Virový problém to nebude. Zkuste obnovu systému k datu, kdy korketně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač, nejde Internet explorer a Firefox
No ale ono mi to už nenabízí žádnej starší bod obnovy, respektive nevim, jestli se to dá nějak vyvolat...
Přispějete na provoz fóra?