Prosím o preventivní kontrolu
Napsal: 11 úno 2018 00:06
Zdravím,
rád bych poprosil o preventivní kontrolu – v mém PC byl nalezen Coin Miner, který byl v zápětí odstraněn.
Nyní je snad vše v pořádku, nicmně rád bych měl jistotu...
Přikládám log z RSIT:
soubor info.txt:
info.txt logfile of random's system information tool 1.10 2018-02-11 00:03:07
======MBR======
0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000176EA580000000000200EEFEFF3301000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->"C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"
-->"C:\Program Files\Lenovo\InstantOn\unins000.exe"
µTorrent-->C:\Users\rosti\AppData\Roaming\uTorrent\uninstall.exe
7-Zip 18.01 (x64)-->C:\Program Files\7-Zip\Uninstall.exe
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Aplikace Intel® PROSet/Wireless-->"C:\ProgramData\Package Cache\{ba25c46f-28f8-4449-97ab-7bb20f3f9a9c}\ISetup.exe" /uninstall
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DisplayLink Graphics Driver-->MsiExec.exe /X{3C81A4EC-A02B-4D8F-9482-E922C6B7D84C}
Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}
Dropbox-->"C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
Extended Asian Language font pack for Adobe Acrobat Reader DC-->MsiExec.exe /I{AC76BA86-7AD7-2530-0000-AC0F074E4100}
FastStone Image Viewer 6.4-->C:\Program Files (x86)\FastStone Image Viewer\uninst.exe
GIMP 2.8.22-->"C:\Program Files\GIMP 2\uninst\unins000.exe"
Git version 2.16.1-->"C:\Program Files\Git\unins000.exe"
gnuplot 5.2 patchlevel 2-->"C:\Program Files\gnuplot\unins000.exe"
GPL Ghostscript-->"C:\Program Files (x86)\gs\gs9.22\uninstgs.exe"
ImageMagick 7.0.7-22 Q16 (64-bit) (2018-01-22)-->"C:\Program Files\ImageMagick-7.0.7-Q16\unins000.exe"
Inkscape 0.92.2-->MsiExec.exe /I{81922150-317E-4BB0-A31D-FF1C14F707C5}
Intel(R) Chipset Device Software-->"C:\ProgramData\Package Cache\{bb0592a7-5772-4736-9d55-2402740085db}\SetupChipset.exe" /uninstall
Intel(R) Chipset Device Software-->MsiExec.exe /I{81520FC5-3518-40E9-9803-70CE8A801D07}
Intel(R) Management Engine Components-->"C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall
Intel(R) Management Engine Components-->MsiExec.exe /I{05A83C14-4C77-4985-8432-29863D7DA5FB}
Intel(R) Management Engine Components-->MsiExec.exe /I{72091C81-73B6-4CBB-A93E-47C36AD2CC43}
Intel(R) Management Engine Components-->MsiExec.exe /I{FD549EFF-B0EA-404E-836B-35314D3F5E50}
Intel(R) ME UninstallLegacy-->MsiExec.exe /I{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}
Intel(R) Processor Graphics-->"C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
Intel(R) Trusted Connect Service Client x64-->MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C442}
Intel(R) Trusted Connect Service Client x86-->MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C441}
Intel(R) Trusted Connect Services Client-->"C:\ProgramData\Package Cache\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}\iclsClientInstaller.exe" /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{86BC0F23-2560-4635-A7DE-95B174D7A95E}
Intel® Software Guard Extensions Platform Software-->MsiExec.exe /X{2DF17C75-9627-4213-8612-17955E92F782}
IrfanView 4.50 (32-bit)-->"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"
Lenovo Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
Lenovo On Screen Display-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\Lenovo\HOTKEY\cleanu0.dll",InfUninstallEx DefaultUninstall.W10 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
Lenovo Settings - Power-->"C:\Program Files (x86)\InstallShield Installation Information\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}\setup.exe" -runfromtemp -l0x0409 -AddRemove -removeonly
Lightworks-->C:\Program Files\Lightworks\uninstall.exe
Malwarebytes verze 3.3.1.2183-->"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG
Mendeley Desktop 1.17.13-->C:\Program Files (x86)\Mendeley Desktop\Uninstaller.exe
Microsoft Office 365 ProPlus - cs-cz-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=O365ProPlusRetail.16_cs-cz_x-none culture=cs-cz version.16=16.0
Microsoft VC++ redistributables repacked.-->MsiExec.exe /I{CD9FCAE8-2AA8-4A39-B0CC-B1C2A74D466F}
Microsoft VC++ redistributables repacked.-->MsiExec.exe /I{D9D2E423-C81A-45F5-A170-059948263FAA}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026-->"C:\ProgramData\Package Cache\{e46eca4f-393b-40df-9f49-076faf788d83}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026-->MsiExec.exe /X{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026-->MsiExec.exe /X{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}
MiKTeX 2.9-->"C:\Program Files\MiKTeX 2.9\miktex/bin/x64/internal\copystart_admin.exe" "C:\Program Files\MiKTeX 2.9\miktex/bin/x64/internal\uninstall_admin.exe"
Mozilla Firefox 58.0.2 (x64 en-US)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Notepad++ (32-bit x86)-->C:\Program Files (x86)\Notepad++\uninstall.exe
Odinstalace tiskárny EPSON WF-2510 Series-->C:\Windows\system32\spool\DRIVERS\x64\3\E_YINSIXE.EXE /R /APD /P:"EPSON WF-2510 Series"
Office 16 Click-to-Run Extensibility Component 64-bit Registration-->MsiExec.exe /X{90160000-00DD-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0405-0000-0000000FF1CE}
Oracle VM VirtualBox 5.2.6-->MsiExec.exe /I{EA9602E3-0184-45B9-9E15-028776CD7A6E}
QGIS 2.18.16 'Las Palmas'-->C:\Program Files\QGIS 2.18\uninstall.exe
R for Windows 3.4.3-->"C:\Program Files\R\R-3.4.3\unins000.exe"
RStudio-->C:\Program Files\RStudio\Uninstall.exe
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
Structure-->MsiExec.exe /X{B77E7A36-E805-4FFC-9DD6-66CFE7438AF2}
TeamViewer 13-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
TeXstudio 2.12.6-->"C:\Program Files (x86)\TeXstudio\unins000.exe"
Thunderbolt(TM) Software-->MsiExec.exe /X{10877131-EC3F-4F2F-97CD-2B8341D461D7}
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vulkan Run Time Libraries 1.0.33.0-->C:\Program Files (x86)\VulkanRT\1.0.33.0\UninstallVulkanRT.exe
Windows Setup Remediations (x64) (KB4023057)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\Custom64\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb"
======System event log======
Computer Name: WIN-68DMFUCA214
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z disabled na auto start.
Record Number: 1883
Source Name: Service Control Manager
Time Written: 20170724213009.513758-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z auto start na disabled.
Record Number: 1882
Source Name: Service Control Manager
Time Written: 20170724213008.501888-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1881
Source Name: Microsoft-Windows-Eventlog
Time Written: 20170724213007.226474-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1880
Source Name: Microsoft-Windows-Eventlog
Time Written: 20170724213007.211005-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1879
Source Name: Microsoft-Windows-Eventlog
Time Written: 20170724213007.195248-000
Event Type: Informace
User: RL-THINKPAD\Administrator
=====Application event log=====
Computer Name: WIN-68DMFUCA214
Event Code: 4879
Message: Služba MSDTC zjistila chybu (HR=0x80000171) během pokusu o vytvoření zabezpečeného spojení se systémem WIN-68DMFUCA214.
Record Number: 632
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20170724213009.645369-000
Event Type: Upozornění
User:
Computer Name: WIN-68DMFUCA214
Event Code: 4111
Message: Probíhá ukončování služby MS DTC.
Record Number: 631
Source Name: Microsoft-Windows-MSDTC
Time Written: 20170724213009.645369-000
Event Type: Informace
User:
Computer Name: WIN-68DMFUCA214
Event Code: 1003
Message: Služba Windows Search byla spuštěna.
Record Number: 630
Source Name: Microsoft-Windows-Search
Time Written: 20170724213009.529177-000
Event Type: Informace
User:
Computer Name: WIN-68DMFUCA214
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.
Record Number: 629
Source Name: Microsoft-Windows-Search
Time Written: 20170724213008.699197-000
Event Type: Informace
User:
Computer Name: WIN-68DMFUCA214
Event Code: 103
Message: SearchIndexer (6848) Windows: Databázový stroj zastavil instanci (0).
Nesprávné vypnutí: 0
Sekvence interního načasování:
[1] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[2] 0.000008 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
[3] 0.000018 +J(0)
[4] 0.000001 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[5] 0.052354 -0.000003 (44) CM +J(CM:44, PgRf:0, Rd:0/44, Dy:0/0, Lg:0/0) +M(C:0K, Fs:282, WS:328K # 0K, PF:0K # 0K, P:0K)
[6] 0.000587 +J(0) +M(C:0K, Fs:2, WS:-1644K # 0K, PF:-1988K # 0K, P:-1988K)
[7] -
[8] 0.000009 +J(0)
[9] 0.048495 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3672/2) +M(C:0K, Fs:37, WS:48K # 0K, PF:-8K # 0K, P:-8K)
[10] 0.002863 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:20K # 0K, P:20K)
[11] 0.000009 +J(0)
[12] 0.012438 +J(0)
[13] 0.000146 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.003203 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[15] 0.000077 +J(0) +M(C:0K, Fs:0, WS:-72K # 0K, PF:-92K # 0K, P:-92K)
[16] 0.000007 +J(0).
Record Number: 628
Source Name: ESENT
Time Written: 20170724213008.667923-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_netfx4-presentationframework-systemxml_b03f5f7f11d50a3a_4.0.15522.0_none_52bb08c3e6c480ce\PresentationFramework-SystemXml.dll
ID popisovače: 0x15a4
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81659
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.973872-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\msil_presentationframework-systemxml_b77a5c561934e089_4.0.15522.0_none_3973150c1c80faab\PresentationFramework-SystemXml.dll
ID popisovače: 0x185c
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81658
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.973321-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.16299.15_none_7a61d3b7474a46f8\EaseOfAccessSettings2013.xml
ID popisovače: 0x2130
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81657
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.904374-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.16299.15_none_3423ea666143ed4d\MicrosoftEdgeSquare71x71.scale-125_contrast-white.png
ID popisovače: 0x2310
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81656
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.826216-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_netfx4-microsoft.wi..server.applications_b03f5f7f11d50a3a_4.0.15522.0_none_2bfdaf85e248d456\Microsoft.Windows.ApplicationServer.Applications.dll
ID popisovače: 0x874
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81655
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.791738-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"Path"=C:\Program Files\ImageMagick-7.0.7-Q16;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\gnuplot\bin;C:\Program Files\Git\cmd;C:\Program Files\MiKTeX 2.9\miktex\bin\x64\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"configsetroot"=%SystemRoot%\ConfigSetRoot
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 142 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=8e09
"GNUPLOT_LIB"=C:\Program Files\gnuplot\demo;C:\Program Files\gnuplot\demo\games;C:\Program Files\gnuplot\share
"VBOX_MSI_INSTALL_PATH"=C:\Program Files\Oracle\VirtualBox\
-----------------EOF-----------------
rád bych poprosil o preventivní kontrolu – v mém PC byl nalezen Coin Miner, který byl v zápětí odstraněn.
Nyní je snad vše v pořádku, nicmně rád bych měl jistotu...
Přikládám log z RSIT:
soubor info.txt:
info.txt logfile of random's system information tool 1.10 2018-02-11 00:03:07
======MBR======
0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000176EA580000000000200EEFEFF3301000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->"C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"
-->"C:\Program Files\Lenovo\InstantOn\unins000.exe"
µTorrent-->C:\Users\rosti\AppData\Roaming\uTorrent\uninstall.exe
7-Zip 18.01 (x64)-->C:\Program Files\7-Zip\Uninstall.exe
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Aplikace Intel® PROSet/Wireless-->"C:\ProgramData\Package Cache\{ba25c46f-28f8-4449-97ab-7bb20f3f9a9c}\ISetup.exe" /uninstall
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DisplayLink Graphics Driver-->MsiExec.exe /X{3C81A4EC-A02B-4D8F-9482-E922C6B7D84C}
Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}
Dropbox-->"C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
Extended Asian Language font pack for Adobe Acrobat Reader DC-->MsiExec.exe /I{AC76BA86-7AD7-2530-0000-AC0F074E4100}
FastStone Image Viewer 6.4-->C:\Program Files (x86)\FastStone Image Viewer\uninst.exe
GIMP 2.8.22-->"C:\Program Files\GIMP 2\uninst\unins000.exe"
Git version 2.16.1-->"C:\Program Files\Git\unins000.exe"
gnuplot 5.2 patchlevel 2-->"C:\Program Files\gnuplot\unins000.exe"
GPL Ghostscript-->"C:\Program Files (x86)\gs\gs9.22\uninstgs.exe"
ImageMagick 7.0.7-22 Q16 (64-bit) (2018-01-22)-->"C:\Program Files\ImageMagick-7.0.7-Q16\unins000.exe"
Inkscape 0.92.2-->MsiExec.exe /I{81922150-317E-4BB0-A31D-FF1C14F707C5}
Intel(R) Chipset Device Software-->"C:\ProgramData\Package Cache\{bb0592a7-5772-4736-9d55-2402740085db}\SetupChipset.exe" /uninstall
Intel(R) Chipset Device Software-->MsiExec.exe /I{81520FC5-3518-40E9-9803-70CE8A801D07}
Intel(R) Management Engine Components-->"C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall
Intel(R) Management Engine Components-->MsiExec.exe /I{05A83C14-4C77-4985-8432-29863D7DA5FB}
Intel(R) Management Engine Components-->MsiExec.exe /I{72091C81-73B6-4CBB-A93E-47C36AD2CC43}
Intel(R) Management Engine Components-->MsiExec.exe /I{FD549EFF-B0EA-404E-836B-35314D3F5E50}
Intel(R) ME UninstallLegacy-->MsiExec.exe /I{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}
Intel(R) Processor Graphics-->"C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
Intel(R) Trusted Connect Service Client x64-->MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C442}
Intel(R) Trusted Connect Service Client x86-->MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C441}
Intel(R) Trusted Connect Services Client-->"C:\ProgramData\Package Cache\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}\iclsClientInstaller.exe" /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{86BC0F23-2560-4635-A7DE-95B174D7A95E}
Intel® Software Guard Extensions Platform Software-->MsiExec.exe /X{2DF17C75-9627-4213-8612-17955E92F782}
IrfanView 4.50 (32-bit)-->"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"
Lenovo Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
Lenovo On Screen Display-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\Lenovo\HOTKEY\cleanu0.dll",InfUninstallEx DefaultUninstall.W10 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
Lenovo Settings - Power-->"C:\Program Files (x86)\InstallShield Installation Information\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}\setup.exe" -runfromtemp -l0x0409 -AddRemove -removeonly
Lightworks-->C:\Program Files\Lightworks\uninstall.exe
Malwarebytes verze 3.3.1.2183-->"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG
Mendeley Desktop 1.17.13-->C:\Program Files (x86)\Mendeley Desktop\Uninstaller.exe
Microsoft Office 365 ProPlus - cs-cz-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=O365ProPlusRetail.16_cs-cz_x-none culture=cs-cz version.16=16.0
Microsoft VC++ redistributables repacked.-->MsiExec.exe /I{CD9FCAE8-2AA8-4A39-B0CC-B1C2A74D466F}
Microsoft VC++ redistributables repacked.-->MsiExec.exe /I{D9D2E423-C81A-45F5-A170-059948263FAA}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026-->"C:\ProgramData\Package Cache\{e46eca4f-393b-40df-9f49-076faf788d83}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026-->MsiExec.exe /X{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026-->MsiExec.exe /X{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}
MiKTeX 2.9-->"C:\Program Files\MiKTeX 2.9\miktex/bin/x64/internal\copystart_admin.exe" "C:\Program Files\MiKTeX 2.9\miktex/bin/x64/internal\uninstall_admin.exe"
Mozilla Firefox 58.0.2 (x64 en-US)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Notepad++ (32-bit x86)-->C:\Program Files (x86)\Notepad++\uninstall.exe
Odinstalace tiskárny EPSON WF-2510 Series-->C:\Windows\system32\spool\DRIVERS\x64\3\E_YINSIXE.EXE /R /APD /P:"EPSON WF-2510 Series"
Office 16 Click-to-Run Extensibility Component 64-bit Registration-->MsiExec.exe /X{90160000-00DD-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0405-0000-0000000FF1CE}
Oracle VM VirtualBox 5.2.6-->MsiExec.exe /I{EA9602E3-0184-45B9-9E15-028776CD7A6E}
QGIS 2.18.16 'Las Palmas'-->C:\Program Files\QGIS 2.18\uninstall.exe
R for Windows 3.4.3-->"C:\Program Files\R\R-3.4.3\unins000.exe"
RStudio-->C:\Program Files\RStudio\Uninstall.exe
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
Structure-->MsiExec.exe /X{B77E7A36-E805-4FFC-9DD6-66CFE7438AF2}
TeamViewer 13-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
TeXstudio 2.12.6-->"C:\Program Files (x86)\TeXstudio\unins000.exe"
Thunderbolt(TM) Software-->MsiExec.exe /X{10877131-EC3F-4F2F-97CD-2B8341D461D7}
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vulkan Run Time Libraries 1.0.33.0-->C:\Program Files (x86)\VulkanRT\1.0.33.0\UninstallVulkanRT.exe
Windows Setup Remediations (x64) (KB4023057)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\Custom64\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb"
======System event log======
Computer Name: WIN-68DMFUCA214
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z disabled na auto start.
Record Number: 1883
Source Name: Service Control Manager
Time Written: 20170724213009.513758-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z auto start na disabled.
Record Number: 1882
Source Name: Service Control Manager
Time Written: 20170724213008.501888-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1881
Source Name: Microsoft-Windows-Eventlog
Time Written: 20170724213007.226474-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1880
Source Name: Microsoft-Windows-Eventlog
Time Written: 20170724213007.211005-000
Event Type: Informace
User: RL-THINKPAD\Administrator
Computer Name: WIN-68DMFUCA214
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1879
Source Name: Microsoft-Windows-Eventlog
Time Written: 20170724213007.195248-000
Event Type: Informace
User: RL-THINKPAD\Administrator
=====Application event log=====
Computer Name: WIN-68DMFUCA214
Event Code: 4879
Message: Služba MSDTC zjistila chybu (HR=0x80000171) během pokusu o vytvoření zabezpečeného spojení se systémem WIN-68DMFUCA214.
Record Number: 632
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20170724213009.645369-000
Event Type: Upozornění
User:
Computer Name: WIN-68DMFUCA214
Event Code: 4111
Message: Probíhá ukončování služby MS DTC.
Record Number: 631
Source Name: Microsoft-Windows-MSDTC
Time Written: 20170724213009.645369-000
Event Type: Informace
User:
Computer Name: WIN-68DMFUCA214
Event Code: 1003
Message: Služba Windows Search byla spuštěna.
Record Number: 630
Source Name: Microsoft-Windows-Search
Time Written: 20170724213009.529177-000
Event Type: Informace
User:
Computer Name: WIN-68DMFUCA214
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.
Record Number: 629
Source Name: Microsoft-Windows-Search
Time Written: 20170724213008.699197-000
Event Type: Informace
User:
Computer Name: WIN-68DMFUCA214
Event Code: 103
Message: SearchIndexer (6848) Windows: Databázový stroj zastavil instanci (0).
Nesprávné vypnutí: 0
Sekvence interního načasování:
[1] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[2] 0.000008 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
[3] 0.000018 +J(0)
[4] 0.000001 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[5] 0.052354 -0.000003 (44) CM +J(CM:44, PgRf:0, Rd:0/44, Dy:0/0, Lg:0/0) +M(C:0K, Fs:282, WS:328K # 0K, PF:0K # 0K, P:0K)
[6] 0.000587 +J(0) +M(C:0K, Fs:2, WS:-1644K # 0K, PF:-1988K # 0K, P:-1988K)
[7] -
[8] 0.000009 +J(0)
[9] 0.048495 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3672/2) +M(C:0K, Fs:37, WS:48K # 0K, PF:-8K # 0K, P:-8K)
[10] 0.002863 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:20K # 0K, P:20K)
[11] 0.000009 +J(0)
[12] 0.012438 +J(0)
[13] 0.000146 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.003203 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[15] 0.000077 +J(0) +M(C:0K, Fs:0, WS:-72K # 0K, PF:-92K # 0K, P:-92K)
[16] 0.000007 +J(0).
Record Number: 628
Source Name: ESENT
Time Written: 20170724213008.667923-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_netfx4-presentationframework-systemxml_b03f5f7f11d50a3a_4.0.15522.0_none_52bb08c3e6c480ce\PresentationFramework-SystemXml.dll
ID popisovače: 0x15a4
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81659
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.973872-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\msil_presentationframework-systemxml_b77a5c561934e089_4.0.15522.0_none_3973150c1c80faab\PresentationFramework-SystemXml.dll
ID popisovače: 0x185c
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81658
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.973321-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.16299.15_none_7a61d3b7474a46f8\EaseOfAccessSettings2013.xml
ID popisovače: 0x2130
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81657
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.904374-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.16299.15_none_3423ea666143ed4d\MicrosoftEdgeSquare71x71.scale-125_contrast-white.png
ID popisovače: 0x2310
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81656
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.826216-000
Event Type: Úspěšný audit
User:
Computer Name: RL-Thinkpad
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RL-THINKPAD$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_netfx4-microsoft.wi..server.applications_b03f5f7f11d50a3a_4.0.15522.0_none_2bfdaf85e248d456\Microsoft.Windows.ApplicationServer.Applications.dll
ID popisovače: 0x874
Informace o procesu:
ID procesu: 0x2a54
Název procesu: C:\$WINDOWS.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 81655
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180210122321.791738-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"Path"=C:\Program Files\ImageMagick-7.0.7-Q16;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\gnuplot\bin;C:\Program Files\Git\cmd;C:\Program Files\MiKTeX 2.9\miktex\bin\x64\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"configsetroot"=%SystemRoot%\ConfigSetRoot
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 142 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=8e09
"GNUPLOT_LIB"=C:\Program Files\gnuplot\demo;C:\Program Files\gnuplot\demo\games;C:\Program Files\gnuplot\share
"VBOX_MSI_INSTALL_PATH"=C:\Program Files\Oracle\VirtualBox\
-----------------EOF-----------------
Stiahni AdwCleaner: 