Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Ako zistím či mám v PC Keyloggera?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
uNfEiL
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 kvě 2018 15:00

Ako zistím či mám v PC Keyloggera?

#1 Příspěvek od uNfEiL »

Zdravím, potreboval by som zistiť či náhodou nemám Keyloggera v PC. Niekto sa mi nabúral do gmail účtu a do ešte do iného herného konta. Je nejaký 100% spôsob? Dá sa to aj nejak bez nutnosti preinštalovania PC?

Prikladám RSIT scan:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Patrik at 2018-05-25 16:05:56
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 101 GB (42%) free of 238 GB
Total RAM: 8071 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:06:07, on 25. 5. 2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19003)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Fraps\fraps.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Blizzard App\Battle.net.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\ProgramData\Battle.net\Agent\Agent.6160\Agent.exe
C:\Program Files (x86)\Blizzard App\Battle.net.10134\Battle.net Helper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Blizzard App\Battle.net.10134\Battle.net Helper.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\trend micro\Patrik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O1 - Hosts: 127.0.0.3 anchorfree.net
O1 - Hosts: 127.0.0.3 techbrowsing.com/away.php
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Blizzard App\Battle.net.exe" --autostarted
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{65545FB6-79F0-49FB-8065-32AFB92ED025}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Chrome Remote Desktop Service (chromoting) - Spoločnosť Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10766 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
winlogon.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe" --type=host --mojo-pipe-token=00A57DD0EFEF54E550F8D20B677B0D23 --mojo-platform-channel-handle=524
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files\Microsoft LifeCam\MSCamS64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
C:\Windows\system32\PnkBstrA.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
taskeng.exe {3BA84AB7-5033-4EFC-84D4-F98DD0C0D72C}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Fraps\fraps.exe"
igfxEM.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\vVX1000.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Blizzard App\Battle.net.exe" --autostarted
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --capture-python --no-upload-gzip --no-rate-limit --database=C:\Users\Patrik\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-win-50.4.71 --annotation=client_session_id=e75f61b7-c4f5-48fa-b0c7-936eb5f10f66 --annotation=host_int_account1_boot=4031336184 --annotation=machine_id=b10e0be3-32ce-492c-9fb5-19a4f94d9ece --annotation=platform=win --annotation=platform_version=7 --initial-client-data=0xd8,0xdc,0xe0,0xd4,0xe4,0x6bae8db8,0x6bae8dc8,0x6bae8dd8
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:e75f61b7-c4f5-48fa-b0c7-936eb5f10f66 -target-handle:212 -target-shutdown-event:228 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:2.7.11 -method:collectupload -handler-pipe:\\.\pipe\crashpad_3420_TAHKGKEQJADJGSUQ

"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Patrik\AppData\Local\Steam\htmlcache" "-steampid=3784" "-buildid=1526683293" "-steamid=0" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --disable-gpu-compositing --disable-gpu --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Patrik\AppData\Local\CEF\User Data\Crashpad" "--metrics-dir=C:\Users\Patrik\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1.0 --initial-client-data=0x188,0x18c,0x190,0x184,0x194,0x5fea86f0,0x5fea8700,0x5fea870c
"C:\ProgramData\Battle.net\Agent\Agent.6160\Agent.exe" --session=5238202070866972755
\??\C:\Windows\system32\conhost.exe "-12779217647636109101140677884-2050810073342675553-2426235-2069958672-931936458
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"Battle.net Helper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --no-sandbox --log-file="C:\Users\Patrik\AppData\Local\Battle.net\Logs\libcef-20180525T134317.487367.log" --log-severity=error --product-version="Battle.net/1.12.0.10134 Chrome/65.0.3325.181" --lang=en-US --watch-browser-pid=1184 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x10de --gpu-device-id=0x13c2 --gpu-driver-vendor=NVIDIA --gpu-driver-version=23.21.13.8813 --gpu-driver-date=10-27-2017 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0412 --log-file="C:\Users\Patrik\AppData\Local\Battle.net\Logs\libcef-20180525T134317.487367.log" --log-severity=error --product-version="Battle.net/1.12.0.10134 Chrome/65.0.3325.181" --lang=en-US --watch-browser-pid=1184 --service-request-channel-token=1EB76FE50B56668E39A473E83AA125C7 --mojo-platform-channel-handle=2264 /prefetch:2
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --disable-gpu-compositing --service-pipe-token=2279141D44BF1BAD68853788D183C026 --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1526683293 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2279141D44BF1BAD68853788D183C026 --renderer-client-id=2 --mojo-platform-channel-handle=1440 /prefetch:1
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=sk-SK --buildid=1526683293 --steamid=0 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x10de --gpu-device-id=0x13c2 --gpu-driver-vendor=NVIDIA --gpu-driver-version=23.21.13.8813 --gpu-driver-date=10-27-2017 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0412 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=sk-SK --buildid=1526683293 --steamid=0 --service-request-channel-token=16B3F13A1B36EAF72C7AD86904410B3D --mojo-platform-channel-handle=1452 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Fraps\fraps64.dat"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Patrik\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Patrik\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=66.0.3359.181 --initial-client-data=0x80,0x84,0x88,0x7c,0x8c,0x7fede7f3218,0x7fede7f3228,0x7fede7f3238
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=6440 --on-initialized-event-handle=320 --parent-handle=324 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --service-request-channel-token=222F261FDF582F202DFF82B660C3A26E --mojo-platform-channel-handle=1072 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --service-pipe-token=C34FABC631E64016C51F80EDCBC4FAB3 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=C34FABC631E64016C51F80EDCBC4FAB3 --renderer-client-id=3 --mojo-platform-channel-handle=2472 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=C975A3AC4D83D3745EDFCEF7EA54198A --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=C975A3AC4D83D3745EDFCEF7EA54198A --renderer-client-id=4 --mojo-platform-channel-handle=2728 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=0989F4A063C7496AD7CAE58A5ED0A689 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=0989F4A063C7496AD7CAE58A5ED0A689 --renderer-client-id=5 --mojo-platform-channel-handle=2832 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=B565EADB85786C898C1E87C150148B7A --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=B565EADB85786C898C1E87C150148B7A --renderer-client-id=6 --mojo-platform-channel-handle=2784 /prefetch:1
"Battle.net Helper.exe" --type=renderer --no-sandbox --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=2725A372F8835029E291C7C267DD74E1 --lang=en-US --log-file="C:\Users\Patrik\AppData\Local\Battle.net\Logs\libcef-20180525T134317.487367.log" --log-severity=error --product-version="Battle.net/1.12.0.10134 Chrome/65.0.3325.181" --disable-spell-checking --enable-system-flash --watch-browser-pid=1184 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2725A372F8835029E291C7C267DD74E1 --renderer-client-id=4 --mojo-platform-channel-handle=3520 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=4DF025430BC9D644194F99496D5E4E72 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=4DF025430BC9D644194F99496D5E4E72 --renderer-client-id=10 --mojo-platform-channel-handle=4712 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=79B41175A659B5D4A89A45D6D17DAFD8 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=79B41175A659B5D4A89A45D6D17DAFD8 --renderer-client-id=16 --mojo-platform-channel-handle=4352 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --lang=sk --service-sandbox-type=utility --service-request-channel-token=A499B787A808A855D82CD97D848178D6 --mojo-platform-channel-handle=5040 --ignored=" --type=renderer " /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=D0D21E434C573DC075854C8A75826C5F --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=D0D21E434C573DC075854C8A75826C5F --renderer-client-id=40 --mojo-platform-channel-handle=5640 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=876214A8EC8B7A6B4DFC5B56359BF23D --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=876214A8EC8B7A6B4DFC5B56359BF23D --renderer-client-id=44 --mojo-platform-channel-handle=6632 /prefetch:1
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=22C48273C6E12E7421BAAF4C72B2C2D4 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=22C48273C6E12E7421BAAF4C72B2C2D4 --renderer-client-id=60 --mojo-platform-channel-handle=6260 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=DD478DC58AC44D2054F6DDEE1561ADB4 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=DD478DC58AC44D2054F6DDEE1561ADB4 --renderer-client-id=61 --mojo-platform-channel-handle=6456 /prefetch:1
taskeng.exe {9CDC71C1-4EAF-4115-AA23-90ECEEAFDEE1}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,2790687985758724927,7397506793873562160,131072 --disable-gpu-compositing --service-pipe-token=07360C8180073A999593D46822648879 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=07360C8180073A999593D46822648879 --renderer-client-id=63 --mojo-platform-channel-handle=6024 /prefetch:1
"D:\Plocha\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d08dd350af27db.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\4wmeprz0.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.192 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.171.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.192 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-21 480200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-21 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24 13662936]
"VX1000"=C:\Windows\vVX1000.exe [2010-05-20 762736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [2018-04-29 178496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-08-20 8455960]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Battle.net"=C:\Program Files (x86)\Blizzard App\Battle.net.exe [2018-05-24 1054184]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-05-19 3200800]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-04-26 292848]
"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05 958576]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2018-05-21 3643712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"midi9"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-05-25 16:05:56 ----D---- C:\rsit
2018-05-25 16:05:56 ----D---- C:\Program Files\trend micro
2018-05-21 19:06:58 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2018-05-21 19:06:58 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2018-05-21 19:06:58 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2018-05-21 19:06:58 ----A---- C:\Windows\system32\DbxSvc.exe
2018-05-13 11:03:53 ----SHD---- C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-05-09 11:14:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-05-09 11:14:06 ----A---- C:\Windows\system32\mshtml.dll
2018-05-09 11:14:05 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-05-09 11:14:05 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-05-09 11:14:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-05-09 11:14:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-05-09 11:14:05 ----A---- C:\Windows\system32\jscript9.dll
2018-05-09 11:14:05 ----A---- C:\Windows\system32\ieframe.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-05-09 11:14:04 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\wucltux.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\wuaueng.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\winload.exe
2018-05-09 11:14:04 ----A---- C:\Windows\system32\wininet.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\win32k.sys
2018-05-09 11:14:04 ----A---- C:\Windows\system32\vbscript.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\urlmon.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\TSpkg.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\srvsvc.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\rpcss.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\oleaut32.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-05-09 11:14:04 ----A---- C:\Windows\system32\msfeeds.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\jscript.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\iertutil.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\drivers\srvnet.sys
2018-05-09 11:14:04 ----A---- C:\Windows\system32\drivers\srv2.sys
2018-05-09 11:14:04 ----A---- C:\Windows\system32\drivers\srv.sys
2018-05-09 11:14:04 ----A---- C:\Windows\system32\comsvcs.dll
2018-05-09 11:14:04 ----A---- C:\Windows\system32\clfs.sys
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\ole32.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\itss.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\itircl.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\hhsetup.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\hh.exe
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-05-09 11:14:03 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\wups2.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\wups.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\wudriver.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\webcheck.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\sscore.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\ole32.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\occache.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\ntdll.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 11:14:03 ----A---- C:\Windows\system32\msrating.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\mshtmled.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\jscript9diag.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\itss.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\itircl.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\ieui.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\iesetup.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\iedkcs32.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\ie4uinit.exe
2018-05-09 11:14:03 ----A---- C:\Windows\system32\hhsetup.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\hal.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\dxtrans.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\dxtmsft.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-05-09 11:14:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-05-09 11:14:03 ----A---- C:\Windows\system32\certcli.dll
2018-05-09 11:14:03 ----A---- C:\Windows\system32\catsrvut.dll
2018-05-09 11:14:03 ----A---- C:\Windows\hh.exe
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 11:14:02 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\wups.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\user.exe
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\sscore.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\oleres.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\comcat.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-05-09 11:14:02 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wuwebv.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wuauclt.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wuapp.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wuapi.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wow64win.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wow64cpu.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wow64.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\winsrv.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\WinSetupUI.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\wdigest.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\tzres.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\sspisrv.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\sspicli.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\srcore.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\srclient.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\smss.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\schannel.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\secur32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\rstrui.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\rpchttp.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\rpcrt4.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\oleres.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ntvdm64.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ncrypt.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\msv1_0.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\lsass.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\lsasrv.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\KernelBase.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\kernel32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\kerberos.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\jsproxy.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\inseng.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ieUnatt.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\iernonce.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\ieapfltr.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-05-09 11:14:02 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-05-09 11:14:02 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-05-09 11:14:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-05-09 11:14:02 ----A---- C:\Windows\system32\drivers\appid.sys
2018-05-09 11:14:02 ----A---- C:\Windows\system32\csrsrv.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\cryptbase.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\credssp.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\conhost.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\comcat.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\bcrypt.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\auditpol.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\appidsvc.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 11:14:02 ----A---- C:\Windows\system32\appidapi.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\apisetschema.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\advapi32.dll
2018-05-09 11:14:02 ----A---- C:\Windows\system32\adtschema.dll
2018-05-09 11:14:01 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-05-09 11:14:01 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-05-09 11:14:01 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-05-09 11:14:01 ----A---- C:\Windows\system32\msobjs.dll
2018-05-09 11:14:01 ----A---- C:\Windows\system32\msaudite.dll

======List of files/folders modified in the last 1 month======

2018-05-25 16:05:57 ----D---- C:\Windows\Temp
2018-05-25 16:05:56 ----RD---- C:\Program Files
2018-05-25 16:01:43 ----D---- C:\Users\Patrik\AppData\Roaming\TS3Client
2018-05-25 16:01:43 ----D---- C:\Program Files (x86)\Steam
2018-05-25 16:01:38 ----D---- C:\Windows\inf
2018-05-25 16:01:38 ----D---- C:\Windows\debug
2018-05-25 16:01:38 ----D---- C:\Windows
2018-05-25 15:48:16 ----D---- C:\Windows\system32\config
2018-05-25 15:43:26 ----D---- C:\Windows\system32\Tasks
2018-05-25 15:43:26 ----D---- C:\Program Files (x86)\Fraps
2018-05-25 15:43:18 ----D---- C:\Program Files (x86)\Blizzard App
2018-05-25 15:37:37 ----SHD---- C:\System Volume Information
2018-05-25 15:36:59 ----D---- C:\Windows\System32
2018-05-25 15:36:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-05-25 15:32:22 ----D---- C:\ProgramData\NVIDIA
2018-05-24 22:01:07 ----D---- C:\Users\Patrik\AppData\Roaming\uTorrent
2018-05-24 15:14:10 ----D---- C:\Program Files (x86)\Dropbox
2018-05-24 15:14:09 ----D---- C:\Windows\system32\drivers
2018-05-22 17:04:10 ----D---- C:\Users\Patrik\AppData\Roaming\vlc
2018-05-22 12:51:18 ----RD---- C:\Users
2018-05-21 12:31:45 ----SHD---- C:\Windows\Installer
2018-05-21 12:31:44 ----D---- C:\Windows\SysWOW64
2018-05-21 12:31:44 ----D---- C:\Program Files (x86)\Java
2018-05-21 12:31:25 ----D---- C:\Program Files (x86)\Common Files
2018-05-21 12:31:09 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2018-05-20 11:59:48 ----RD---- C:\Program Files (x86)
2018-05-13 10:46:35 ----D---- C:\ProgramData\Epic
2018-05-10 12:54:43 ----D---- C:\Windows\rescache
2018-05-10 12:40:55 ----D---- C:\Windows\Microsoft.NET
2018-05-10 12:37:40 ----RSD---- C:\Windows\assembly
2018-05-10 10:07:47 ----D---- C:\Windows\winsxs
2018-05-10 10:06:33 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-05-10 10:06:33 ----D---- C:\Windows\SYSWOW64\en-US
2018-05-10 10:06:33 ----D---- C:\Program Files\Internet Explorer
2018-05-10 10:06:33 ----D---- C:\Program Files (x86)\Internet Explorer
2018-05-10 10:06:32 ----D---- C:\Windows\system32\sk-SK
2018-05-10 10:06:32 ----D---- C:\Windows\system32\en-US
2018-05-10 10:06:32 ----D---- C:\Windows\system32\drivers\en-US
2018-05-10 10:06:32 ----D---- C:\Windows\system32\Boot
2018-05-10 10:06:32 ----D---- C:\Windows\AppPatch
2018-05-09 21:55:55 ----D---- C:\Windows\system32\MRT
2018-05-09 21:54:28 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-05-09 21:54:24 ----AC---- C:\Windows\system32\MRT.exe
2018-05-09 21:54:17 ----D---- C:\Windows\system32\catroot2
2018-05-09 21:52:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-05-03 20:33:16 ----D---- C:\Program Files (x86)\Overwatch
2018-04-29 15:37:15 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-04-26 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-05-14 254528]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-04-29 137928]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-04-29 196112]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-04-29 108320]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-19 4888368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-29 3698904]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 786416]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-11 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-11-09 233904]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2015-10-12 42088]
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [2012-07-04 93184]
S3 dbx;dbx; C:\Windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-03 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-08-03 27760]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2016-11-11 34720]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 64280]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [2013-05-30 41752]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 nvvhci;NVVHCI Enumerator Service; C:\Windows\system32\DRIVERS\nvvhci.sys [2017-06-28 57792]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-08-13 20992]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2016-01-04 4620040]
S3 rzendpt;rzendpt; C:\Windows\system32\DRIVERS\rzendpt.sys [2014-12-30 39592]
S3 rzudd;Razer Keyboard Driver; C:\Windows\system32\DRIVERS\rzudd.sys [2014-12-30 177832]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2016-10-17 38656]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2010-05-20 2060144]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2018-05-21 51024]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2018-04-29 2240264]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2016-05-11 9216]
R2 chromoting;Chrome Remote Desktop Service; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [2018-03-06 71000]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-19 345864]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2010-05-20 199536]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-27 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-07-19 449984]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2016-04-02 76152]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-08-29 10803440]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-05-19 1672992]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-06 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14 107848]
S2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-11-02 3002728]
S2 SkypeUpdate;Skype Updater; D:\Program Files\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2018-05-13 5745672]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-19 280840]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-06 143144]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2018-03-10 774272]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-04-22 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-10-06 175568]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2017-11-02 2123104]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-05-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]

-----------------EOF-----------------
Vopred ďakujem za pomoc. :)
Naposledy upravil(a) uNfEiL dne 25 kvě 2018 19:43, celkem upraveno 6 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ako zistím či mám v PC Keyloggera?

#2 Příspěvek od Rudy »

Zdravím!
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

uNfEiL
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 kvě 2018 15:00

Re: Ako zistím či mám v PC Keyloggera?

#3 Příspěvek od uNfEiL »

Operačný systém mám legálny a pravidelne aktualizovaný.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ako zistím či mám v PC Keyloggera?

#4 Příspěvek od Rudy »

O tom zda nemáte Keyloggera se můžeme přesvědčit skenováním, např.:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

uNfEiL
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 kvě 2018 15:00

Re: Ako zistím či mám v PC Keyloggera?

#5 Příspěvek od uNfEiL »

2x som to zle nastavil takže až na tretí pokus.
OTL logfile created on: 25. 5. 2018 19:33:55 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Plocha
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19002)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,88 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 20,56% Memory free
15,76 Gb Paging File | 8,84 Gb Available in Paging File | 56,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 98,21 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 65,31 Gb Free Space | 7,01% Space Free | Partition Type: NTFS

Computer Name: PATRIK-PC | User Name: Patrik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2018/05/25 19:06:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Plocha\OTL.exe
PRC - [2018/05/24 15:13:15 | 002,542,056 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Blizzard App\Battle.net.10134\Battle.net Helper.exe
PRC - [2018/05/24 15:13:13 | 001,054,184 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Blizzard App\Battle.net.exe
PRC - [2018/05/21 19:07:58 | 003,643,712 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
PRC - [2018/05/19 01:01:24 | 003,826,976 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
PRC - [2018/05/19 01:01:24 | 001,672,992 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2018/05/19 01:01:22 | 003,200,800 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2018/04/18 20:34:58 | 004,845,544 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.6160\Agent.exe
PRC - [2018/03/06 21:19:08 | 000,071,000 | ---- | M] (Spoločnosť Google Inc.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
PRC - [2017/10/12 02:24:42 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2017/08/29 08:57:20 | 010,803,440 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2017/07/19 02:37:17 | 000,449,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
PRC - [2016/05/11 15:14:00 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2016/04/02 16:08:11 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/09/05 16:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/26 04:25:54 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/02/26 08:56:38 | 002,391,736 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\Fraps\fraps.exe
PRC - [2011/01/05 11:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2018/05/24 15:13:25 | 003,384,832 | ---- | M] () -- C:\Program Files (x86)\Blizzard App\Battle.net.10134\libGLESv2.dll
MOD - [2018/05/24 15:13:25 | 000,540,336 | ---- | M] () -- C:\Program Files (x86)\Blizzard App\Battle.net.10134\ortp.dll
MOD - [2018/05/24 15:13:24 | 080,169,984 | ---- | M] () -- C:\Program Files (x86)\Blizzard App\Battle.net.10134\libcef.dll
MOD - [2018/05/24 15:13:24 | 000,133,632 | ---- | M] () -- C:\Program Files (x86)\Blizzard App\Battle.net.10134\libEGL.dll
MOD - [2018/05/21 19:10:26 | 000,023,904 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
MOD - [2018/05/21 19:10:24 | 000,023,376 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
MOD - [2018/05/21 19:10:22 | 000,025,440 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2018/05/21 19:10:20 | 000,054,616 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
MOD - [2018/05/21 19:10:18 | 000,022,368 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
MOD - [2018/05/21 19:10:16 | 000,026,464 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
MOD - [2018/05/21 19:10:12 | 000,022,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
MOD - [2018/05/21 19:10:12 | 000,021,856 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
MOD - [2018/05/21 19:10:06 | 000,028,000 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
MOD - [2018/05/21 19:10:04 | 000,022,368 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
MOD - [2018/05/21 19:10:02 | 000,022,872 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
MOD - [2018/05/21 19:10:02 | 000,021,856 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
MOD - [2018/05/21 19:09:58 | 000,066,400 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
MOD - [2018/05/21 19:09:54 | 000,030,544 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
MOD - [2018/05/21 19:09:50 | 000,392,520 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
MOD - [2018/05/21 19:09:48 | 000,020,808 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
MOD - [2018/05/21 19:09:12 | 003,863,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
MOD - [2018/05/21 19:09:08 | 000,219,984 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
MOD - [2018/05/21 19:09:06 | 000,131,400 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
MOD - [2018/05/21 19:09:04 | 000,155,472 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
MOD - [2018/05/21 19:09:02 | 000,051,024 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
MOD - [2018/05/21 19:08:58 | 000,043,336 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
MOD - [2018/05/21 19:08:56 | 000,546,632 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
MOD - [2018/05/21 19:08:52 | 000,359,744 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
MOD - [2018/05/21 19:08:50 | 000,204,104 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
MOD - [2018/05/21 19:08:46 | 000,521,544 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
MOD - [2018/05/21 19:08:44 | 001,959,232 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
MOD - [2018/05/21 19:08:42 | 001,798,464 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
MOD - [2018/05/21 19:08:40 | 000,063,312 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
MOD - [2018/05/21 19:08:36 | 000,025,432 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
MOD - [2018/05/21 19:08:34 | 001,638,208 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
MOD - [2018/05/21 19:08:34 | 000,024,384 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\libEGL.dll
MOD - [2018/05/21 19:08:32 | 000,077,120 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
MOD - [2018/05/21 19:08:28 | 000,181,064 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll
MOD - [2018/05/21 19:08:16 | 000,027,496 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
MOD - [2018/05/21 19:08:14 | 000,022,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
MOD - [2018/05/21 19:08:12 | 001,845,600 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
MOD - [2018/05/21 19:08:10 | 000,021,856 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
MOD - [2018/05/21 19:08:08 | 000,022,864 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
MOD - [2018/05/21 19:08:06 | 000,021,840 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
MOD - [2018/05/21 19:06:58 | 002,079,048 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
MOD - [2018/05/21 19:06:58 | 000,847,688 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
MOD - [2018/05/21 19:06:58 | 000,392,664 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
MOD - [2018/05/21 19:06:58 | 000,116,696 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
MOD - [2018/05/21 19:06:58 | 000,036,312 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\librsync.dll
MOD - [2018/05/21 19:05:08 | 000,694,232 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
MOD - [2018/05/21 19:05:08 | 000,349,144 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
MOD - [2018/05/21 19:05:08 | 000,175,576 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
MOD - [2018/05/21 19:05:08 | 000,145,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
MOD - [2018/05/21 19:05:08 | 000,130,520 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
MOD - [2018/05/21 19:05:08 | 000,124,888 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32file.pyd
MOD - [2018/05/21 19:05:08 | 000,114,136 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32security.pyd
MOD - [2018/05/21 19:05:08 | 000,105,944 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32api.pyd
MOD - [2018/05/21 19:05:08 | 000,100,312 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
MOD - [2018/05/21 19:05:08 | 000,084,944 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\sip.pyd
MOD - [2018/05/21 19:05:08 | 000,060,888 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32print.pyd
MOD - [2018/05/21 19:05:08 | 000,057,816 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
MOD - [2018/05/21 19:05:08 | 000,048,600 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32service.pyd
MOD - [2018/05/21 19:05:08 | 000,043,480 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32process.pyd
MOD - [2018/05/21 19:05:08 | 000,035,808 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
MOD - [2018/05/21 19:05:08 | 000,030,168 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
MOD - [2018/05/21 19:05:08 | 000,028,632 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
MOD - [2018/05/21 19:05:08 | 000,026,072 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32job.pyd
MOD - [2018/05/21 19:05:08 | 000,024,536 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32event.pyd
MOD - [2018/05/21 19:05:08 | 000,024,024 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
MOD - [2018/05/21 19:05:08 | 000,024,024 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
MOD - [2018/05/21 19:05:08 | 000,020,952 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
MOD - [2018/05/21 19:05:08 | 000,018,896 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\select.pyd
MOD - [2018/05/19 01:01:30 | 002,632,480 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2018/05/19 01:01:24 | 000,979,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2018/05/14 21:39:12 | 002,253,600 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libGLESv2.dll
MOD - [2018/05/14 21:39:12 | 000,109,856 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libEGL.dll
MOD - [2018/05/14 21:39:02 | 083,524,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
MOD - [2018/05/01 09:32:36 | 000,788,256 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2018/05/01 09:32:36 | 000,788,256 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
MOD - [2017/12/20 03:43:50 | 005,137,696 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-57.dll
MOD - [2017/12/20 03:43:50 | 000,847,136 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-55.dll
MOD - [2017/12/20 03:43:50 | 000,783,648 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-4.dll
MOD - [2017/12/20 03:43:50 | 000,695,584 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-57.dll
MOD - [2017/12/20 03:43:50 | 000,351,520 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-3.dll
MOD - [2016/09/01 03:02:12 | 004,969,248 | ---- | M] () -- C:\Program Files (x86)\Steam\v8.dll
MOD - [2016/09/01 03:02:06 | 001,563,936 | ---- | M] () -- C:\Program Files (x86)\Steam\icui18n.dll
MOD - [2016/09/01 03:02:06 | 001,195,296 | ---- | M] () -- C:\Program Files (x86)\Steam\icuuc.dll
MOD - [2016/07/05 00:17:58 | 000,266,560 | ---- | M] () -- C:\Program Files (x86)\Steam\openvr_api.dll
MOD - [2015/09/25 01:52:04 | 000,119,208 | ---- | M] () -- C:\Program Files (x86)\Steam\winh264.dll


========== Services (SafeList) ==========

SRV:64bit: - [2018/05/21 19:06:58 | 000,051,024 | ---- | M] (Dropbox, Inc.) [Auto | Running] -- C:\Windows\SysNative\DbxSvc.exe -- (DbxSvc)
SRV:64bit: - [2018/04/29 15:37:13 | 002,240,264 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV:64bit: - [2018/04/22 09:26:33 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2017/10/27 18:37:11 | 000,462,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV:64bit: - [2016/08/22 18:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/04/02 16:35:22 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2015/03/19 21:02:14 | 000,345,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2018/05/19 01:01:24 | 001,672,992 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2018/05/13 10:48:58 | 005,745,672 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2018/03/10 13:31:42 | 000,774,272 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2018/03/06 21:19:08 | 000,071,000 | ---- | M] (Spoločnosť Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe -- (chromoting)
SRV - [2017/11/02 19:48:30 | 003,002,728 | ---- | M] (Electronic Arts) [Auto | Stopped] -- C:\Program Files (x86)\Origin\OriginWebHelperService.exe -- (Origin Web Helper Service)
SRV - [2017/11/02 19:48:24 | 002,123,104 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2017/10/06 21:35:25 | 000,175,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/10/04 02:21:36 | 000,107,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017/08/29 08:57:20 | 010,803,440 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2017/07/19 02:37:17 | 000,449,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -- (NvTelemetryContainer)
SRV - [2017/07/18 10:35:52 | 000,317,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016/05/11 15:14:00 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2016/04/02 16:08:11 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2016/03/06 14:42:58 | 000,143,144 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2016/03/06 14:42:58 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2015/03/19 21:02:18 | 000,280,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/05 16:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2018/04/29 15:37:12 | 000,196,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2018/04/29 15:37:12 | 000,137,928 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2018/04/29 15:37:12 | 000,108,320 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2017/11/09 06:01:20 | 000,233,904 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2017/08/13 23:45:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2017/06/28 00:38:18 | 000,057,792 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvvhci.sys -- (nvvhci)
DRV:64bit: - [2016/11/11 14:47:28 | 000,034,720 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2016/10/17 07:18:22 | 000,038,656 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap-tb-0901.sys -- (tap-tb-0901)
DRV:64bit: - [2016/01/04 10:51:06 | 004,620,040 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RtlWlanu)
DRV:64bit: - [2015/10/12 22:51:26 | 000,042,088 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2015/05/14 19:02:36 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2015/04/30 01:01:06 | 000,023,200 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2015/03/19 21:01:58 | 004,888,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/12/30 11:35:54 | 000,177,832 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/12/30 11:35:54 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2014/08/03 21:43:12 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014/08/03 21:43:10 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013/05/30 18:16:46 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys -- (LGSUsbFilt)
DRV:64bit: - [2013/05/30 18:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/04/26 04:24:58 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/04/26 04:24:56 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/04/26 04:24:56 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/10/25 11:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/07/04 13:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2012/07/03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sk
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 23 B1 49 D0 8D D0 01 [binary data]
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 39 CE 58 60 06 D7 D1 01 [binary data]
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-197642578-2553702949-3812249725-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "SK"
FF - prefs.js..browser.search.region: "SK"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.171.2: C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2: C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Patrik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 56.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 56.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 54.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 54.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/07/05 23:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\Extensions
[2017/04/26 11:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\Firefox\Profiles\4wmeprz0.default\extensions
[2017/08/08 18:08:37 | 000,008,945 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{27b70629-59bb-45fc-ba73-9796695b94b4}\e10srollout@mozilla.org.xpi
[2017/08/08 18:08:37 | 000,009,974 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{27b70629-59bb-45fc-ba73-9796695b94b4}\followonsearch@mozilla.com.xpi
[2017/08/08 18:08:37 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{27b70629-59bb-45fc-ba73-9796695b94b4}\shield-recipe-client@mozilla.org.xpi
[2017/04/26 09:50:11 | 000,006,253 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{2b39866f-5afb-4c35-8c6b-dd9fa659e10c}\e10srollout@mozilla.org.xpi
[2017/04/26 09:50:14 | 000,838,245 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{2b39866f-5afb-4c35-8c6b-dd9fa659e10c}\firefox@getpocket.com.xpi
[2017/04/26 09:50:11 | 000,005,391 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{2b39866f-5afb-4c35-8c6b-dd9fa659e10c}\loop@mozilla.org.xpi
[2017/04/26 09:50:11 | 000,006,446 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{2b39866f-5afb-4c35-8c6b-dd9fa659e10c}\websensehelper@mozilla.org.xpi
[2017/06/01 16:50:00 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{4111b14b-9f59-4ee8-bd66-8d839da07646}\shield-recipe-client@mozilla.org.xpi
[2017/05/17 18:58:19 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{851b164f-e7b0-4a0b-b720-822fd2397ddd}\disable-cert-transparency@mozilla.org.xpi
[2017/05/17 18:58:19 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{851b164f-e7b0-4a0b-b720-822fd2397ddd}\disable-prefetch@mozilla.org.xpi
[2017/05/17 18:58:19 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Patrik\AppData\Roaming\mozilla\firefox\profiles\4wmeprz0.default\features\{851b164f-e7b0-4a0b-b720-822fd2397ddd}\e10srollout@mozilla.org.xpi
[2017/10/06 21:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.7_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\7.2.1_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\4.3.1_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\63.0.3239.17_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.30.1_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk\6.3_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\5.12.3_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea\1.0.129_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6618.312.0.2_0\

O1 HOSTS File: ([2017/03/21 13:35:37 | 000,001,375 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 anchorfree.net
O1 - Hosts: 127.0.0.1 rss2search.com
O1 - Hosts: 127.0.0.1 techbrowsing.com
O1 - Hosts: 127.0.0.1 box.anchorfree.net
O1 - Hosts: 127.0.0.1 http://www.mefeedia.com
O1 - Hosts: 127.0.0.3 http://www.anchorfree.net
O1 - Hosts: 127.0.0.2 http://www.mefeedia.com
O1 - Hosts: 127.0.0.1 anchorfree.us
O1 - Hosts: 127.0.0.1 a433.com
O1 - Hosts: 127.0.0.3 anchorfree.net
O1 - Hosts: 127.0.0.1 rpt.anchorfree.net
O1 - Hosts: 127.0.0.1 delivery.anchorfree.us/land.php
O1 - Hosts: 127.0.0.1 hsselite.com
O1 - Hosts: 127.0.0.1 http://www.hsselite.com
O1 - Hosts: 127.0.0.1 http://www.hsselite.com
O1 - Hosts: 127.0.0.1 http://www.hsselite.com/trial/step2.php
O1 - Hosts: 127.0.0.1 techbrowsing.com/away.php
O1 - Hosts: 127.0.0.3 techbrowsing.com/away.php
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe (ESET)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-197642578-2553702949-3812249725-1000..\Run: [Battle.net] "C:\Program Files (x86)\Blizzard App\Battle.net.exe" --autostarted File not found
O4 - HKU\S-1-5-21-197642578-2553702949-3812249725-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-197642578-2553702949-3812249725-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-197642578-2553702949-3812249725-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-197642578-2553702949-3812249725-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: eset.com ([help] http in Trusted sites)
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65545FB6-79F0-49FB-8065-32AFB92ED025}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65545FB6-79F0-49FB-8065-32AFB92ED025}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCBFB769-3C06-4522-9FAF-0E8CAF1074E1}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\Shell - "" = AutoRun
O33 - MountPoints2\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{63d12a60-12a3-11e6-bc34-74d435849b44}\Shell - "" = AutoRun
O33 - MountPoints2\{63d12a60-12a3-11e6-bc34-74d435849b44}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f6ea0854-1195-11e5-bc24-74d435849b44}\Shell - "" = AutoRun
O33 - MountPoints2\{f6ea0854-1195-11e5-bc24-74d435849b44}\Shell\AutoRun\command - "" = E:\startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2018/05/25 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2018/05/25 16:05:56 | 000,000,000 | ---D | C] -- C:\rsit
[2018/05/24 15:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2018/05/21 19:06:58 | 000,051,024 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2018/05/21 19:06:58 | 000,050,232 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-dev.sys
[2018/05/21 19:06:58 | 000,045,672 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-canary.sys
[2018/05/21 19:06:58 | 000,045,640 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-stable.sys
[2018/05/21 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2018/05/21 12:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oracle
[2018/05/13 11:03:53 | 000,000,000 | -HSD | C] -- C:\82ace7d6-0197-474d-bf4b-a2043e72329b
[2018/05/09 11:14:05 | 005,779,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2018/05/09 11:14:04 | 005,583,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2018/05/09 11:14:04 | 004,047,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2018/05/09 11:14:04 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2018/05/09 11:14:04 | 002,135,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2018/05/09 11:14:04 | 002,059,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2018/05/09 11:14:04 | 001,735,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2018/05/09 11:14:04 | 001,241,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2018/05/09 11:14:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2018/05/09 11:14:04 | 000,809,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2018/05/09 11:14:04 | 000,794,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2018/05/09 11:14:04 | 000,708,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2018/05/09 11:14:04 | 000,701,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hhctrl.ocx
[2018/05/09 11:14:04 | 000,661,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2018/05/09 11:14:04 | 000,634,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2018/05/09 11:14:04 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2018/05/09 11:14:04 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2018/05/09 11:14:03 | 003,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2018/05/09 11:14:03 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2018/05/09 11:14:03 | 001,665,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2018/05/09 11:14:03 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2018/05/09 11:14:03 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2018/05/09 11:14:03 | 000,969,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2018/05/09 11:14:03 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2018/05/09 11:14:03 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2018/05/09 11:14:03 | 000,631,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2018/05/09 11:14:03 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2018/05/09 11:14:03 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2018/05/09 11:14:03 | 000,525,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2018/05/09 11:14:03 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hhctrl.ocx
[2018/05/09 11:14:03 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2018/05/09 11:14:03 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2018/05/09 11:14:03 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2018/05/09 11:14:03 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2018/05/09 11:14:03 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2018/05/09 11:14:03 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2018/05/09 11:14:03 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2018/05/09 11:14:03 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2018/05/09 11:14:03 | 000,262,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2018/05/09 11:14:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2018/05/09 11:14:03 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
[2018/05/09 11:14:03 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2018/05/09 11:14:03 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2018/05/09 11:14:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
[2018/05/09 11:14:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2018/05/09 11:14:03 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2018/05/09 11:14:03 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2018/05/09 11:14:03 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2018/05/09 11:14:03 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2018/05/09 11:14:03 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2018/05/09 11:14:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2018/05/09 11:14:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2018/05/09 11:14:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2018/05/09 11:14:03 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hhsetup.dll
[2018/05/09 11:14:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hhsetup.dll
[2018/05/09 11:14:03 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2018/05/09 11:14:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2018/05/09 11:14:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hh.exe
[2018/05/09 11:14:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2018/05/09 11:14:02 | 001,461,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2018/05/09 11:14:02 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2018/05/09 11:14:02 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2018/05/09 11:14:02 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2018/05/09 11:14:02 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2018/05/09 11:14:02 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2018/05/09 11:14:02 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2018/05/09 11:14:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2018/05/09 11:14:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2018/05/09 11:14:02 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2018/05/09 11:14:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2018/05/09 11:14:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2018/05/09 11:14:02 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2018/05/09 11:14:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2018/05/09 11:14:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2018/05/09 11:14:02 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2018/05/09 11:14:02 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2018/05/09 11:14:02 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2018/05/09 11:14:02 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2018/05/09 11:14:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2018/05/09 11:14:02 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2018/05/09 11:14:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2018/05/09 11:14:02 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2018/05/09 11:14:02 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2018/05/09 11:14:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys
[2018/05/09 11:14:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2018/05/09 11:14:02 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2018/05/09 11:14:02 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2018/05/09 11:14:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2018/05/09 11:14:02 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2018/05/09 11:14:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2018/05/09 11:14:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2018/05/09 11:14:02 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2018/05/09 11:14:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2018/05/09 11:14:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2018/05/09 11:14:02 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2018/05/09 11:14:02 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2018/05/09 11:14:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2018/05/09 11:14:02 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2018/05/09 11:14:02 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2018/05/09 11:14:02 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2018/05/09 11:14:02 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2018/05/09 11:14:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2018/05/09 11:14:02 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2018/05/09 11:14:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2018/05/09 11:14:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2018/05/09 11:14:02 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2018/05/09 11:14:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2018/05/09 11:14:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2018/05/09 11:14:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2018/05/09 11:14:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2018/05/09 11:14:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2018/05/09 11:14:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2018/05/09 11:14:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleres.dll
[2018/05/09 11:14:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleres.dll
[2018/05/09 11:14:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2018/05/09 11:14:02 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2018/05/09 11:14:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2018/05/09 11:14:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2018/05/09 11:14:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2018/05/09 11:14:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2018/05/09 11:14:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2018/05/09 11:14:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comcat.dll
[2018/05/09 11:14:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2018/05/09 11:14:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comcat.dll
[2018/05/09 11:14:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2018/05/09 11:14:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2018/05/09 11:14:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2018/05/09 11:14:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2018/05/09 11:14:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2018/05/09 11:14:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2018/05/09 11:14:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2018/05/09 11:14:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2018/05/09 11:14:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2018/05/09 11:14:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2018/05/09 11:14:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2018/05/09 11:14:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2018/05/09 11:14:01 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2018/05/09 11:14:01 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2018/05/09 11:14:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2018/05/09 11:14:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll

========== Files - Modified Within 30 Days ==========

[2018/05/25 19:35:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2018/05/25 19:35:01 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018/05/25 19:35:01 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018/05/25 19:09:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
[2018/05/25 18:59:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2018/05/25 15:56:54 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2018/05/25 15:43:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
[2018/05/25 15:36:59 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/05/25 15:36:59 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018/05/25 15:36:59 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018/05/25 15:32:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018/05/21 19:06:58 | 000,051,024 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2018/05/21 19:06:58 | 000,050,232 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-dev.sys
[2018/05/21 19:06:58 | 000,045,672 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-canary.sys
[2018/05/21 19:06:58 | 000,045,640 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-stable.sys
[2018/05/21 12:31:09 | 000,098,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2018/05/10 10:07:04 | 000,316,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018/05/09 21:54:28 | 141,696,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe
[2018/05/09 21:52:15 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2018/05/03 12:54:11 | 000,000,222 | ---- | M] () -- C:\Users\Patrik\Desktop\Battlerite.url
[2018/04/29 15:37:12 | 000,196,112 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys
[2018/04/29 15:37:12 | 000,137,928 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys
[2018/04/29 15:37:12 | 000,108,320 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfp.sys

========== Files Created - No Company Name ==========

[2018/05/25 19:17:32 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2018/05/03 12:54:11 | 000,000,222 | ---- | C] () -- C:\Users\Patrik\Desktop\Battlerite.url
[2018/01/02 18:30:46 | 000,000,293 | ---- | C] () -- C:\Users\Patrik\AppData\Roaming\burnaware.ini
[2017/12/09 17:33:08 | 000,798,008 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2017/12/09 17:33:08 | 000,490,296 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2017/09/14 01:20:30 | 000,798,008 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-61-0.dll
[2017/09/14 01:20:14 | 000,490,296 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
[2017/08/19 14:15:20 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2017/08/09 09:20:18 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/07/24 19:11:32 | 000,007,609 | ---- | C] () -- C:\Users\Patrik\AppData\Local\Resmon.ResmonCfg
[2017/02/22 18:12:12 | 000,000,000 | ---- | C] () -- C:\Users\Patrik\AppData\Local\{6F11FA7D-7357-4DF6-A333-1CEA832FA5DC}
[2015/09/04 01:22:00 | 000,000,000 | ---- | C] () -- C:\Users\Patrik\AppData\Local\{A5A5902F-AAAC-4B17-8AAC-7489F5201B9F}
[2015/05/14 00:50:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2018/01/01 04:18:30 | 014,183,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2018/01/01 04:00:12 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2017/08/18 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Battle.net
[2017/08/30 14:15:33 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Origin
[2017/08/30 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Publish Providers
[2017/08/30 13:37:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Sony
[2018/02/27 19:46:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TS3Client
[2018/04/16 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\.mono
[2017/01/17 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Amanita-Design.Samorost3
[2018/01/02 18:21:16 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Ashampoo
[2017/08/02 10:23:46 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Battle.net
[2018/04/24 14:12:44 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Battlerite
[2018/01/02 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Canneverbe Limited
[2016/12/03 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Crystal Dynamics
[2017/07/25 10:39:38 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\DAEMON Tools Lite
[2018/03/12 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\discord
[2017/11/18 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\discordsdk
[2015/06/03 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Dropbox
[2018/03/10 13:36:08 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\EasyAntiCheat
[2015/12/18 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Greenshot
[2016/05/08 18:31:23 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Hotspot Shield
[2017/01/06 19:01:43 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\java
[2015/11/02 03:59:58 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\livestreamer
[2015/10/20 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\LolClient
[2016/02/27 22:11:42 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\New Technology Studio
[2016/10/20 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Notepad++
[2016/07/23 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\OBS
[2018/04/03 11:11:59 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\OpenOffice
[2015/06/13 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Opera Software
[2017/12/02 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Origin
[2016/01/18 23:12:13 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Publish Providers
[2015/05/14 03:21:09 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Riot Games
[2016/04/27 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Sony
[2016/03/08 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Sony Creative Software Inc
[2016/12/05 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Steam
[2017/02/10 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\TeamViewer
[2018/05/25 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\TS3Client
[2018/03/12 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\TunnelBear
[2016/07/06 00:13:12 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Unity
[2018/05/24 22:01:07 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015/05/14 01:19:52 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/05/14 01:19:52 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015/05/14 01:19:52 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08dd350af27db.job
[2015/06/03 21:12:00 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
[2015/06/03 21:12:00 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2016/08/29 17:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\explorer.exe
[2016/08/29 17:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_b0517adca98752cc\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2016/08/29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\SysWOW64\explorer.exe
[2016/08/29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_baa6252edde814c7\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2018/04/23 02:35:12 | 000,262,336 | ---- | M] (Microsoft Corporation) MD5=411DD61AD82E6A12B4C427BB46E28E21 -- C:\Windows\SysNative\hal.dll
[2018/04/23 02:35:12 | 000,262,336 | ---- | M] (Microsoft Corporation) MD5=411DD61AD82E6A12B4C427BB46E28E21 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.24117_none_09db47e689650885\hal.dll
[2018/01/12 18:44:04 | 000,262,376 | ---- | M] (Microsoft Corporation) MD5=862CD07636A225974281366106BA7EE6 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.24024_none_09cd7536896fdb4a\hal.dll
[2018/03/31 04:09:30 | 000,262,336 | ---- | M] (Microsoft Corporation) MD5=87A61E2B26BF9F71F687FB4B79E39471 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.24094_none_0981c5c289a89ee1\hal.dll
[2018/03/09 05:39:06 | 000,262,336 | ---- | M] (Microsoft Corporation) MD5=C7B3F42BE42D1B880397A2C1A2FBB450 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.24059_none_09b206e48983add0\hal.dll
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
[2018/01/01 04:21:11 | 000,262,376 | ---- | M] (Microsoft Corporation) MD5=EDEFDA684596C4866C54FD73D744F82B -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.24000_none_09df13e689633e0c\hal.dll

< MD5 for: SCECLI.DLL >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2015/04/11 06:31:36 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=43DCEC23557C32F7702C8D5BC729738F -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2015/04/13 05:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\SysNative\services.exe
[2015/04/13 05:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2017/04/04 17:34:38 | 001,895,656 | ---- | M] (Microsoft Corporation) MD5=351A21ED3971ADD558956FF3EB0F6FED -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23761_none_11947868964edb1a\tcpip.sys
[2012/10/03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2014/04/05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010/11/21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2017/05/30 06:56:22 | 001,895,656 | ---- | M] (Microsoft Corporation) MD5=7FB36A0A036ADDACE0A868E4A43C1C27 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23821_none_11bfb9fe962e687d\tcpip.sys
[2018/01/12 18:44:05 | 001,894,120 | ---- | M] (Microsoft Corporation) MD5=8A54B9C4206FBAB2CEE3525CFD365241 -- C:\Windows\SysNative\drivers\tcpip.sys
[2018/01/12 18:44:05 | 001,894,120 | ---- | M] (Microsoft Corporation) MD5=8A54B9C4206FBAB2CEE3525CFD365241 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.24024_none_11c294e4962be4eb\tcpip.sys
[2016/07/07 17:36:20 | 001,896,168 | ---- | M] (Microsoft Corporation) MD5=B2875D7ABB82867DC3AA03D991940201 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_117904649662b62b\tcpip.sys
[2012/10/03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2018/01/01 03:50:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=11D6A262B617130F7C16E308C12E0D41 -- C:\Windows\SysNative\winlogon.exe
[2018/01/01 03:50:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=11D6A262B617130F7C16E308C12E0D41 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.24000_none_ce79225904aa82ac\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[45 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\48fbe407d49485768c5b6dc4d67ff734\*.tmp files -> C:\Windows\SoftwareDistribution\Download\48fbe407d49485768c5b6dc4d67ff734\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\8dd264a02c9a20d44f9da7403f7bc943\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8dd264a02c9a20d44f9da7403f7bc943\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\de55961f44d3cfd8e7346b59f154e5b0\*.tmp files -> C:\Windows\SoftwareDistribution\Download\de55961f44d3cfd8e7346b59f154e5b0\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f74b5f004270ed13438f2c2f96e9e982\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f74b5f004270ed13438f2c2f96e9e982\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2018/04/16 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\.mono
[2015/05/14 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Adobe
[2015/10/10 14:31:46 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Ahead
[2017/01/17 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Amanita-Design.Samorost3
[2018/01/02 18:21:16 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Ashampoo
[2017/08/02 10:23:46 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Battle.net
[2018/04/24 14:12:44 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Battlerite
[2018/01/02 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Canneverbe Limited
[2016/12/03 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Crystal Dynamics
[2017/07/25 10:39:38 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\DAEMON Tools Lite
[2018/03/12 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\discord
[2017/11/18 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\discordsdk
[2015/06/03 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Dropbox
[2018/03/10 13:36:08 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\EasyAntiCheat
[2017/05/18 17:20:21 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Google
[2015/12/18 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Greenshot
[2016/05/08 18:31:23 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Hotspot Shield
[2015/05/14 00:07:18 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Identities
[2015/05/14 00:49:42 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\InstallShield
[2017/01/06 19:01:43 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\java
[2015/11/02 03:59:58 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\livestreamer
[2015/06/09 16:06:30 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Logishrd
[2015/06/09 16:06:30 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Logitech
[2015/10/20 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\LolClient
[2015/05/14 05:29:50 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Macromedia
[2010/11/21 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Media Center Programs
[2018/04/03 11:16:43 | 000,000,000 | --SD | M] -- C:\Users\Patrik\AppData\Roaming\Microsoft
[2017/04/03 19:40:21 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\mIRC
[2016/07/05 23:36:34 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Mozilla
[2016/02/27 22:11:42 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\New Technology Studio
[2016/10/20 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Notepad++
[2017/12/25 21:44:44 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\NVIDIA
[2016/07/23 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\OBS
[2018/04/03 11:11:59 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\OpenOffice
[2015/06/13 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Opera Software
[2017/12/02 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Origin
[2016/01/18 23:12:13 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Publish Providers
[2015/05/14 03:21:09 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Riot Games
[2018/01/14 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Skype
[2016/04/27 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Sony
[2016/03/08 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Sony Creative Software Inc
[2016/12/05 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Steam
[2017/01/06 19:00:14 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Sun
[2017/02/10 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\TeamViewer
[2018/05/25 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\TS3Client
[2018/03/12 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\TunnelBear
[2016/07/06 00:13:12 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\Unity
[2018/05/24 22:01:07 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\uTorrent
[2018/05/22 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\vlc
[2015/05/14 18:57:44 | 000,000,000 | ---D | M] -- C:\Users\Patrik\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2018/03/12 19:43:12 | 000,327,672 | ---- | M] () -- C:\Users\Patrik\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\2\DiscordOverlayHelper.exe
[2018/03/12 19:43:12 | 000,397,304 | ---- | M] () -- C:\Users\Patrik\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\2\DiscordOverlayHelper64.exe
[2018/03/12 19:43:13 | 001,925,624 | ---- | M] () -- C:\Users\Patrik\AppData\Roaming\discord\0.0.300\modules\discord_voice\2\x64\inject.x64.exe
[2018/03/12 19:43:13 | 001,420,280 | ---- | M] () -- C:\Users\Patrik\AppData\Roaming\discord\0.0.300\modules\discord_voice\2\x86\inject.x86.exe
[2016/03/02 00:24:08 | 000,307,328 | ---- | M] (AnchorFree Inc.) -- C:\Users\Patrik\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe
[2016/03/02 00:14:30 | 000,937,088 | ---- | M] () -- C:\Users\Patrik\AppData\Roaming\Hotspot Shield\report\CrashSender1403.exe
[2015/07/09 16:02:07 | 000,257,872 | ---- | M] (obsproject.com) -- C:\Users\Patrik\AppData\Roaming\OBS\updates\updater.exe
[2014/04/14 00:00:00 | 000,042,496 | ---- | M] () -- C:\Users\Patrik\AppData\Roaming\uTorrent\uninstall.exe
[2014/04/14 00:00:00 | 000,398,760 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Patrik\AppData\Roaming\uTorrent\utorrent.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2018/01/01 04:00:01 | 000,463,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2017/10/12 02:37:33 | 011,410,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll

< %systemroot%\Tasks\*.job >
[2018/05/25 15:43:12 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
[2018/05/25 19:09:01 | 000,000,908 | ---- | M] () -- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
[2018/05/25 18:59:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/05/14 01:19:52 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015/05/16 18:54:57 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08dd350af27db.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2018/01/01 04:00:01 | 000,463,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2017/10/12 02:37:33 | 011,410,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011/01/05 11:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2015/08/20 01:08:54 | 008,455,960 | ---- | M] (Piriform Ltd)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG)
"Battle.net" = "C:\Program Files (x86)\Blizzard App\Battle.net.exe" --autostarted
"Steam" = "C:\Program Files (x86)\Steam\steam.exe" -silent -- [2018/05/19 01:01:22 | 003,200,800 | ---- | M] (Valve Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2017/10/06 21:35:25 | 000,531,408 | ---- | M] (Mozilla Corporation) MD5=52FFABA4273678BAE75442F2BC85B470 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2018/04/23 20:02:32 | 000,815,264 | ---- | M] (Microsoft Corporation) MD5=504C12F8BC573E324FDEB54919840243 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2018/05/15 05:13:45 | 001,586,008 | ---- | M] (Google Inc.) MD5=29C74BFDB61FBFBEEA6EAB7AFE81EDDA -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2018/05/25 19:35:55 | 000,000,512 | ---- | M] () MD5=0CBA2146314499DB9FD9C75043A208AD -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2008/10/15 18:23:14 | 011,474,243 | ---- | M] () -- \KOMPLET hudba\MusiC JeT\Moje pesničky\the best\El Crack Total czyli Ronladinho Gaucho by BARCAM.wma
[2008/03/09 21:08:44 | 011,474,243 | ---- | M] () -- \KOMPLET hudba\MusiC JeT\Stare pesničky a artattack\CD\Najlepšie pesničky\uNfEiL\El Crack Total czyli Ronladinho Gaucho by BARCAM.wma
[2005/10/30 15:19:06 | 139,830,526 | ---- | M] () -- \Movies\El Crack Total czyli Ronaldinho Gaucho by BARCAM.wmv
[2015/09/16 23:48:51 | 180,315,491 | ---- | M] () -- \Plocha\Filmy NEW\a SERIÁLY\south park\S15E05 - Sportovní asociace pro děti závislé na cracku .mkv
[2017/12/21 11:06:13 | 000,000,124 | ---- | M] () -- \Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo\materials\sprites\store\trails\crackedbeam.vmt
[2017/12/21 11:06:13 | 000,022,080 | ---- | M] () -- \Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo\materials\sprites\store\trails\crackedbeam.vtf
[2015/06/04 20:28:08 | 139,830,526 | ---- | M] () -- \Zz A L O H A mobil\Video\El Crack Total czyli Ronaldinho Gaucho by BARCAM.wmv

< *keygen* /s >
[2008/10/24 20:12:08 | 000,049,152 | ---- | M] () -- \Plocha\DIAGNOSTIKA\OBD 2 driver a VAG 304 CZ win xp, vista,7 verzia 3 + fiat, lancia, alfaromeo\VAG-COM_304.0_CZ\Vag-Com_KeyGen.exe
[2015/10/21 06:45:46 | 000,018,947 | ---- | M] () -- \Plocha\DIAGNOSTIKA\OBD 2 driver a VAG 304 CZ win xp, vista,7 verzia 3 + fiat, lancia, alfaromeo\VAG-COM_304.0_CZ\Vag-Com_KeyGen.rar

< *loader* /s >
[2012/08/08 13:34:10 | 000,023,346 | ---- | M] () -- \Plocha\tbc\BigWigs-r9097-release\BigWigs\Loader.lua
[2014/02/20 10:57:06 | 000,000,380 | ---- | M] () -- \Plocha\tbc\MoP 5.4.8 addons\Prat-3.0-r924\Prat-3.0\pullouts\Prat-3.0_Loader\Prat-3.0_Loader.toc
[2018/01/27 16:58:14 | 000,000,930 | ---- | M] () -- \Program Files\Rockstar Games\Grand Theft Auto V\asiloader.log
[2016/06/28 16:24:57 | 000,319,488 | ---- | M] () -- \Program Files\Steam\steamapps\common\H1Z1 King of the Kill\wws_crashreport_uploader.exe
[2013/05/02 01:07:58 | 000,300,392 | ---- | M] () -- \Program Files\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.libs\wws_crashreport_uploader.exe
[2017/03/09 21:24:01 | 000,003,013 | ---- | M] () -- \World of Warcraft 2.4.3 TBC\data\enUS\Documentation\Troubleshooting\(Mac)BlizzardDownloaderProblems.html
[2017/03/09 21:24:01 | 000,004,227 | ---- | M] () -- \World of Warcraft 2.4.3 TBC\data\enUS\Documentation\Troubleshooting\(PC)BlizzardDownloaderProblems.html
[2011/11/20 16:15:10 | 002,172,400 | ---- | M] () -- \World of Warcraft 3.3.5a WOTLK\BackgroundDownloader.exe
[2011/11/20 16:15:28 | 000,003,026 | ---- | M] () -- \World of Warcraft 3.3.5a WOTLK\Data\enGB\Documentation\Troubleshooting\(Mac)BlizzardDownloaderProblems.html
[2011/11/20 16:15:28 | 000,004,261 | ---- | M] () -- \World of Warcraft 3.3.5a WOTLK\Data\enGB\Documentation\Troubleshooting\(PC)BlizzardDownloaderProblems.html
[2012/03/04 21:01:40 | 000,006,235 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\Interface\AddOns\AtlasLoot_Loader\AtlasLoot_Loader.lua
[2012/03/04 21:01:40 | 000,000,930 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\Interface\AddOns\AtlasLoot_Loader\AtlasLoot_Loader.toc
[2012/08/08 13:34:10 | 000,023,346 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\Interface\AddOns\BigWigs\Loader.lua
[2014/09/27 22:12:02 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\BOHHYCZE\SavedVariables\AtlasLoot_Loader.lua
[2014/09/06 13:24:34 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\BOHHYCZE\SavedVariables\AtlasLoot_Loader.lua.bak
[2014/09/28 13:26:07 | 000,000,117 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\CASZADOR\SavedVariables\AtlasLoot_Loader.lua
[2014/09/11 22:51:25 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\CASZADOR\SavedVariables\AtlasLoot_Loader.lua.bak
[2014/12/17 00:30:30 | 000,000,117 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\NEAR\SavedVariables\AtlasLoot_Loader.lua
[2014/11/14 13:30:47 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\NEAR\SavedVariables\AtlasLoot_Loader.lua.bak
[2014/12/18 01:35:34 | 000,000,116 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\THREN\SavedVariables\AtlasLoot_Loader.lua
[2014/09/22 14:52:54 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\THREN\SavedVariables\AtlasLoot_Loader.lua.bak
[2017/07/28 14:50:58 | 000,000,117 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\UNFEIL\SavedVariables\AtlasLoot_Loader.lua
[2014/09/19 19:50:05 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\UNFEIL\SavedVariables\AtlasLoot_Loader.lua.bak
[2018/03/12 20:12:41 | 000,000,116 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\UNFEIL2\SavedVariables\AtlasLoot_Loader.lua
[2014/09/19 19:50:05 | 000,000,078 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\UNFEIL2\SavedVariables\AtlasLoot_Loader.lua.bak
[2014/11/23 23:54:32 | 000,000,117 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\UNFEIL3\SavedVariables\AtlasLoot_Loader.lua
[2014/11/23 00:27:51 | 000,000,117 | ---- | M] () -- \World of Warcraft 4.3.4 Cataclysm\WTF\Account\UNFEIL3\SavedVariables\AtlasLoot_Loader.lua.bak
[2014/02/27 18:20:14 | 000,006,231 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\Interface\AddOns\AtlasLoot_Loader\AtlasLoot_Loader.lua
[2014/02/27 18:20:14 | 000,000,832 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\Interface\AddOns\AtlasLoot_Loader\AtlasLoot_Loader.toc
[2014/02/20 10:57:06 | 000,000,380 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\Interface\AddOns\Prat-3.0\pullouts\Prat-3.0_Loader\Prat-3.0_Loader.toc
[2017/03/22 18:35:18 | 000,000,078 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\WTF\Account\MIGHTWOW\SavedVariables\AtlasLoot_Loader.lua
[2018/05/25 19:34:07 | 000,000,117 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\WTF\Account\UNFEIL\SavedVariables\AtlasLoot_Loader.lua
[2017/03/13 17:04:51 | 000,000,078 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\WTF\Account\UNFEIL\SavedVariables\AtlasLoot_Loader.lua.bak
[2017/03/22 18:33:53 | 000,000,078 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\WTF\Account\UNFEIL2\SavedVariables\AtlasLoot_Loader.lua
[2017/03/19 15:03:33 | 000,000,078 | ---- | M] () -- \World of Warcraft 5.4.8 Mists of Pandaria\WTF\Account\UNFEIL2\SavedVariables\AtlasLoot_Loader.lua.bak

========== Alternate Data Streams ==========

@Alternate Data Stream - 83 bytes -> C:\Users\Patrik\Desktop\Cestovný príkaz vzor.xls:com.dropbox.attributes
@Alternate Data Stream - 21 bytes -> \Program Files\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.libs\wws_crashreport_uploader.exe:crc

< End of report >
Naposledy upravil(a) uNfEiL dne 25 kvě 2018 19:42, celkem upraveno 1 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ako zistím či mám v PC Keyloggera?

#6 Příspěvek od Rudy »

Spusťte znovu OTL jako správce a do bílého okna zkopírujte:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O33 - MountPoints2\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\Shell - "" = AutoRun
O33 - MountPoints2\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{63d12a60-12a3-11e6-bc34-74d435849b44}\Shell - "" = AutoRun
O33 - MountPoints2\{63d12a60-12a3-11e6-bc34-74d435849b44}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f6ea0854-1195-11e5-bc24-74d435849b44}\Shell - "" = AutoRun
O33 - MountPoints2\{f6ea0854-1195-11e5-bc24-74d435849b44}\Shell\AutoRun\command - "" = E:\startme.exe
@Alternate Data Stream - 83 bytes -> C:\Users\Patrik\Desktop\Cestovný príkaz vzor.xls:com.dropbox.attributes
@Alternate Data Stream - 21 bytes -> \Program Files\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.libs\wws_crashreport_uploader.exe:crc

:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08dd350af27db.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

uNfEiL
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 kvě 2018 15:00

Re: Ako zistím či mám v PC Keyloggera?

#7 Příspěvek od uNfEiL »

Opäť zaškrtnúť pre všetkých užívateľoch, kontrolu LOP aj PURITY?

uNfEiL
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 kvě 2018 15:00

Re: Ako zistím či mám v PC Keyloggera?

#8 Příspěvek od uNfEiL »

Nakoniec som tie 3 políčka nezaškrtol ale log je tu:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03f1f6d2-fbec-11e4-b0be-74d435849b44}\ not found.
File H:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d12a60-12a3-11e6-bc34-74d435849b44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63d12a60-12a3-11e6-bc34-74d435849b44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d12a60-12a3-11e6-bc34-74d435849b44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63d12a60-12a3-11e6-bc34-74d435849b44}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6ea0854-1195-11e5-bc24-74d435849b44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6ea0854-1195-11e5-bc24-74d435849b44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6ea0854-1195-11e5-bc24-74d435849b44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6ea0854-1195-11e5-bc24-74d435849b44}\ not found.
File E:\startme.exe not found.
ADS C:\Users\Patrik\Desktop\Cestovný príkaz vzor.xls:com.dropbox.attributes deleted successfully.
ADS \Program Files\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.libs\wws_crashreport_uploader.exe:crc deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\DP45977C.lfl moved successfully.
File\Folder C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08dd350af27db.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 64696290 bytes
->Temporary Internet Files folder emptied: 67679 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53679 bytes
->Google Chrome cache emptied: 416769064 bytes

User: Patrik
->Temp folder emptied: 20510092 bytes
->Temporary Internet Files folder emptied: 1413731 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8305590 bytes
->Google Chrome cache emptied: 407179192 bytes
->Flash cache emptied: 511 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5679874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 882,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest

User: Patrik
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05252018_204122

Files\Folders moved on Reboot...
C:\Users\Patrik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ako zistím či mám v PC Keyloggera?

#9 Příspěvek od Rudy »

Správně, ta políčka se zaškrtávají jen při prvním skenu. Jinak smazáno, keylooger jsem tam nenašel.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

uNfEiL
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 25 kvě 2018 15:00

Re: Ako zistím či mám v PC Keyloggera?

#10 Příspěvek od uNfEiL »

Ďakujem veľmi pekne za pomoc. Prajem pekný deň a všetko dobré :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ako zistím či mám v PC Keyloggera?

#11 Příspěvek od Rudy »

Hezký den i vám a nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno