Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

vyskakují okna a sám se spouští firefox cca 1 sec

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#31 Příspěvek od tepan »

tak teď už FRST nejede vůbec. Hází to tyto hlášky--- viz v níže.
Přílohy
viry 3.jpg
viry 3.jpg (83.06 KiB) Zobrazeno 3101 x

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#32 Příspěvek od tepan »

a druhá hláška
Přílohy
viry 4.jpg
viry 4.jpg (77.81 KiB) Zobrazeno 3101 x

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#33 Příspěvek od altrok »

Omlouvám se za prodlevu. Vyzkoušejte prosím stáhnout nový FRST a použít jej (stačí spustit FRST, který máte v PC a on si sám stáhne verzi novější).
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#34 Příspěvek od tepan »

když jsem FRST spustil z počítače (z ikony co mám na ploše) tak si nic nestáhnul...když jsem tedy stahoval z netu nový FRSt )dal jsem nahradit již existující) a následně jej spustil,tak vyskakuje stála stejná hláška

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#35 Příspěvek od altrok »

Prosím o stažení aktuální verze FRST z https://www.bleepingcomputer.com/downlo ... scan-tool/
a printscreen konkrétní hlášky, kterou bych mohl autorovi reportnout.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#36 Příspěvek od tepan »

posílám
Přílohy
viry 5.jpg
viry 5.jpg (80.62 KiB) Zobrazeno 3061 x

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#37 Příspěvek od tepan »

a následný
Přílohy
viry 6.jpg
viry 6.jpg (77.37 KiB) Zobrazeno 3061 x

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#38 Příspěvek od tepan »

chtěl bych jen vědět,zda se tu bude ještě něco dít?...nedávno jste psal,že počítač nemám ještě čistý

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#39 Příspěvek od JaRon »

Jednorazovo zaskocim
Zatial vykonaj JRT https://forum.viry.cz/viewtopic.php?f=1 ... e#p1507609
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#40 Příspěvek od tepan »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Tepan (Administrator) on ne 05.08.2018 at 4:17:02,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 20

Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icpgjfneehieebagbmdbhnlpiopdcmna (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Roaming\Mozilla\Firefox\Profiles\sdckyap9.default-1405284649585\extensions\staged (Folder)
Successfully deleted: C:\Users\Tepan\AppData\Roaming\navigator (Folder)
Successfully deleted: C:\Users\Tepan\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\reimage.ini (File)
Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File)
Successfully deleted: C:\Users\Tepan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13IGSE76 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0BZ9C78 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1B869Y5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tepan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2WIT5KV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13IGSE76 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0BZ9C78 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1B869Y5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2WIT5KV (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 05.08.2018 at 5:09:11,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#41 Příspěvek od altrok »

Farbar chybu opravil, tudíž poprosím o nový sken z FRST (FRST.txt i Addition.txt).
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#42 Příspěvek od tepan »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Tepan (18-08-2018 11:59:12)
Running from C:\Users\Tepan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-01-16 12:48:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1029120089-3632672932-3177029402-500 - Administrator - Disabled)
Guest (S-1-5-21-1029120089-3632672932-3177029402-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1029120089-3632672932-3177029402-1002 - Limited - Enabled)
Tepan (S-1-5-21-1029120089-3632672932-3177029402-1001 - Administrator - Enabled) => C:\Users\Tepan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
888poker (HKLM-x32\...\888poker) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.96 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Install Manager (HKLM\...\{3F48F53E-BC0F-A72E-AC89-EA9C3F8F4701}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG PC TuneUp Language Pack (en-US) (HKLM-x32\...\{FB03A941-815E-42F2-B604-FCE5636DB90B}) (Version: 12.0.4000.108 - AVG Technologies) Hidden
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Balíček ovladače systému Windows - u-blox AG (ubloxusb) Ports (09/12/2008 1.2.0.1) (HKLM\...\38C9A50B4FB83FBC3B6B66EAC2E4A7B2930F8D10) (Version: 09/12/2008 1.2.0.1 - u-blox AG)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
COMODO Internet Security Premium (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
Convert PDF to Word Desktop Software verze 4.1.0 (HKLM-x32\...\{84A79DF3-D855-4671-B67A-E6B8846EC5A3}_is1) (Version: 4.1.0 - Convertpdftoword.net)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0191 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (HKLM-x32\...\{5546F4E9-B0F4-4F54-B949-2AB006C9284F}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DualCoreCenter (HKLM-x32\...\DualCoreCenter_is1) (Version: - MSI, Inc.)
Duplicate Cleaner Free 3.2.7 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.7 - DigitalVolcano Software Ltd) <==== ATTENTION
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
F2400 (HKLM-x32\...\{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.28.1.WIN.FullTilt.EU - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Just Cause 2 verze 1.0.0.2 (HKLM-x32\...\{0A666A31-AA6B-4930-BE71-88D85868828B}_is1) (Version: 1.0.0.2 - Thomas Darkey)
L.A. Noire verzia 1.3.2617 (HKLM-x32\...\L.A. Noire_is1) (Version: 1.3.2617 - CzTorrent.net)
LibreOffice 5.3.2.2 (HKLM\...\{682C33C0-5D61-48F0-B0A2-1A504F4C5905}) (Version: 5.3.2.2 - The Document Foundation)
Malwarebytes verze 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 61.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 61.0.1 (x64 cs)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{470C8EFE-AEB0-402E-B05A-91E08C201029}) (Version: 8.3.416 - Nero AG)
NetBet Poker (HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\Netbet Poker) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
RAIDXpert (HKLM-x32\...\{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.19 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.19 - AMD)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.2.12.485 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of the Tomb Raider (HKLM-x32\...\Rise of the Tomb Raider_is1) (Version: 1.0.668.1 - Square-Enix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SIW Pro Edition (Trial Version) (HKLM-x32\...\{3B9704C8-1286-4a17-9EA8-F63004FC74A1}_is1) (Version: 2015.03.12 - Topala Software Solutions)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
SolutionCenter (HKLM-x32\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Tomb Raider - Legend, âĺđńč˙ 1.0.0.0 (HKLM-x32\...\Tomb Raider - Legend_is1) (Version: 1.0.0.0 - )
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2017-06-07] (Piriform Ltd)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-09-15] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2017-06-07] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19E6CE5F-CF3E-4413-A2FC-0CAA682A8F13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-20] (Piriform Ltd)
Task: {23473286-AC35-4D70-BA7F-B335E6A6510A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-15] (COMODO)
Task: {3E8DC780-4053-45D8-8836-3FBB914AD031} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-15] (COMODO)
Task: {511092FD-B1C7-43C0-A870-A54419C69CFE} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Task: {6090461B-C567-4DF9-A452-B6BEFBC066ED} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-08-03] (Oracle Corporation)
Task: {61AC7497-E518-48B9-B774-AE6DDEA2ED28} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-15] (COMODO)
Task: {64D0F0AC-CFAD-4DE9-9EEB-FE8C7B47ABBB} - System32\Tasks\SafeZone scheduled Autoupdate 1456592141 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A4CEE513-08E5-44C4-B7CA-E582AD40814C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-15] (COMODO)
Task: {BDCECEE6-CA95-456D-8B04-B3C2866DD169} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {CA650AE5-3A96-4B7B-8916-6932B2AACCA9} - System32\Tasks\Adobe online aktualizační program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {E547958E-F953-47D1-BF88-F39140FA40B2} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-15] (COMODO)
Task: {F20F4214-3B4F-4747-A7B2-F12BBD678A64} - System32\Tasks\Google Updater and Installer => C:\Users\Tepan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3BCB988B-E572-462B-B24A-ADD53330A481} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {495A8C1A-83A4-4286-A038-D6F6B12F0F04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {79688EA0-4A98-4A6A-8D5F-1D0F38766B0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForTepan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-26 09:58 - 2017-07-26 09:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-03-16 12:25 - 2016-03-16 12:25 - 000073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2018-08-10 03:05 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 03:05 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-15 02:17 - 2018-08-03 10:30 - 031303168 _____ () C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.154\pepflashplayer.dll
2011-07-22 14:48 - 2011-07-22 14:48 - 000516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DXPTaskRingtone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MigAutoPlay.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT-KB890830.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndptsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [32]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DXPTaskRingtone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MigAutoPlay.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msexch40.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msexcl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msjet40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msjetoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msjint40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msjter40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msjtes40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msltus40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mspbde40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrd2x40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrd3x40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrepl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstext40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswdat10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswstr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxbde40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndptsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AGP440.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdk8.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdppm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtliteusbbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\errdev.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\exfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\intelppm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\isapnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\luafv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msisadrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mssmbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\NV_AGP.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\processr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ULIAGPKX.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vdrvroot.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\videoprt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\wmiacpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\12417831_1240624622621575_654877359284896420_n.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\12417831_1240624622621575_654877359284896420_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\286029_1883657253403_3614366_o.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\286029_1883657253403_3614366_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\Automatické Vypnutí PC 2.1.0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\BitRemover.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\BitRemover.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\DriverToolkitInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\DriverToolkitInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\hwi_586.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\rkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\rkill.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\Shockwave_Installer_Slim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\Shockwave_Installer_Slim.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\slimdrivers-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Tepan\Desktop\slimdrivers-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\sportka.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\TDK.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Tepan\Desktop\VP.PDF:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-01 14:50 - 2018-01-01 14:50 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tepan\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetBetCoach => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tepan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hpqtra08.exe => C:\Windows\pss\hpqtra08.exe.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Tepan\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BingSvc => C:\Users\Tepan\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: Google Update => C:\Users\Tepan\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Plumbytes Anti-Malware => "C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe" /tray
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SystemExplorerAutoStart => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
MSCONFIG\startupreg: uTorrent => "C:\Users\Tepan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F5AACE19-C1BB-484E-8735-E553170A9994}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{88AA513B-93D6-41C7-B38C-92CC9D010437}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E2C8EA70-BC4D-474C-9DA8-EE8396B79004}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9F3178B2-628B-47DE-901D-384D3F1752F1}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [{BC603AB3-723A-4981-BAD6-E89F7F3F1257}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [{83F96732-6E30-41DD-8C85-B1C0EA2A9626}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [{DC9157F3-5E08-407A-B8BE-AF11AB387D92}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [{9E392439-E6D9-4B41-BE4C-FD957EDE646A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3B8DDE69-F278-4CB1-AB1A-59A0BE8A7EC8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{36F82312-8C7E-4036-9EEE-F65ACE783453}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B09226B6-3EA2-4F13-AB8A-AB9A83797D84}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{F9B7D28E-70BA-42E6-BF65-1D423BF8C194}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{7B36B7EC-6440-420A-835F-0C1D31DF5C37}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{49506D05-466D-4DCE-ABD8-D8A8591176C9}] => (Allow) LPort=9091
FirewallRules: [{A2CDC8CB-05FA-4132-84E4-EF01789FB623}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1BE8EE6C-F80F-4175-B421-F76B4CA2D582}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FDBB8AA6-96AD-4452-8BF7-282C5BEA864E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{DF2B1D65-4293-40D5-956F-CF967AD51ED0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5317532F-19A8-4925-8ECE-B063534407F5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C065C741-A9AD-4687-8234-A891C2E514D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FC018B0-6333-4062-A0D6-B6A36FC53FC7}] => (Allow) LPort=9091
FirewallRules: [{2CB75DB2-1193-4FB8-BD71-DDE8E42307AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3354B97F-488A-493C-BA0A-2D7E105F0DDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{CB21AC0C-18AD-4D23-A8B9-84708C2E6877}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{258A72F8-68C0-40C9-A22B-9F4EEE13FF25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{29EA81F8-4777-41F0-9577-E318F71DC6CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{A3AA2648-30CE-449D-B17A-9F25BAA0BCF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1B8C1CC1-B17D-4EDD-867A-D02544835C14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DFAE16F5-3FA2-4A75-93B3-3CAA263A3BE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4C872100-D12B-42F1-8BB7-2C67B01BA2D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1B0A6AB7-35C2-42BE-B00A-06B303BF0BD7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{66DADE87-7E55-48CE-8069-8D9003972BFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6DC13435-2488-419E-950A-5D38313E9842}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{D50A170B-DEF9-4DB7-BFA5-0EFF26378381}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{A7CB0C0C-5CE1-482E-BDE9-9D28FA093E45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3FDCDAC9-91AD-43F4-BF7C-1D6BCB332710}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39FF30CA-1AED-4D62-918D-9BD738F8BE4F}] => (Allow) LPort=2869
FirewallRules: [{05DDA838-2DA4-4CBA-8140-13259F447BFB}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{F91C1020-45B1-41AA-A63C-18667CEBD935}C:\users\tepan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tepan\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{ED682182-DBBC-419A-A2B7-B40D79523F87}C:\users\tepan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tepan\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A47BF579-C8E8-43FF-91DD-A1D59DE4DB6A}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{9814E84E-8F75-467A-8596-FB377DB51674}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [{96749CEE-7138-4504-973E-7EBABDA0A5C0}] => (Allow) C:\Users\Tepan\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{3F482726-4C2C-4BB2-B84A-A5FBAE212671}] => (Allow) C:\Users\Tepan\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [TCP Query User{6E991E87-D509-4655-8432-56D9D46B103F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{875F18DF-7FCC-422F-A284-724CDEC959D1}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{12E1603D-709F-4AEE-BCE2-4F3AE73A70FF}C:\users\tepan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tepan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2FBBE995-9E4D-47AD-A643-C0CD4762D50E}C:\users\tepan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tepan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7AB46580-EB02-4F76-968E-D2E7219CBDCA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C001D28F-60B8-48D6-B8C2-E3307DBA855C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{91AE5C45-A7DF-40CF-BA4C-668FD67D6C8E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B8F9BF5B-9BB1-46E1-91ED-877B59DE8632}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BE35004F-D71E-4E08-A61A-4D9C4B1FFB9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Do�lo k syst�mov� chyb� 123.

N�zev souboru �i adres��e nebo jmenovka svazku je nespr�vn�.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 56%
Total physical RAM: 4095 MB
Available physical RAM: 1798.84 MB
Total Virtual: 5093.15 MB
Available Virtual: 2196.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:170.9 GB) (Free:11.81 GB) NTFS
Drive d: () (Fixed) (Total:127 GB) (Free:8.72 GB) NTFS
Drive g: (LaCie) (Fixed) (Total:931.51 GB) (Free:14.21 GB) NTFS

\\?\Volume{f0f270b6-5fd8-11e2-a2cb-806e6f6e6963}\ () (Fixed) (Total:0.2 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0F29FC2D)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=170.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 454C01D9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#43 Příspěvek od tepan »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Tepan (administrator) on TEPAN-PC (18-08-2018 11:57:12)
Running from C:\Users\Tepan\Desktop
Loaded Profiles: Tepan (Available Profiles: Tepan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-15] (COMODO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-08-03] (Oracle Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{224703BF-4E2B-4984-BECA-D22BB644A342}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{B7B4C87E-1BE6-4F4F-A6C5-702CD234D949}: [DhcpNameServer] 8.8.8.8 192.168.91.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-03] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: cj0rqt4a.default-1499283777627
FF ProfilePath: C:\Users\Tepan\AppData\Roaming\Mozilla\Firefox\Profiles\cj0rqt4a.default-1499283777627 [2018-08-14]
FF Homepage: Mozilla\Firefox\Profiles\cj0rqt4a.default-1499283777627 -> hxxps://www.seznam.cz/
FF Extension: (uBlock Origin) - C:\Users\Tepan\AppData\Roaming\Mozilla\Firefox\Profiles\cj0rqt4a.default-1499283777627\Extensions\uBlock0@raymondhill.net.xpi [2018-08-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-28] [Legacy] [not signed]
FF HKU\S-1-5-21-1029120089-3632672932-3177029402-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1029120089-3632672932-3177029402-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-06-22] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR DefaultSearchURL: Default -> hxxp://play.iprima.cz/sites/all/themes/prima/primaplay/favicon.ico
CHR Profile: C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default [2018-08-18]
CHR Extension: (Prezentace) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-28]
CHR Extension: (Dokumenty) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-28]
CHR Extension: (Disk Google) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-08-18]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-08-18]
CHR Extension: (YouTube) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-12]
CHR Extension: (Přístav (29) | Prima PLAY) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjmammaianfcnbbchgeeajdcifiihglj [2015-12-08]
CHR Extension: (uBlock Origin) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-19]
CHR Extension: (Tabulky) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-08-18]
CHR Extension: (Gmail) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-12]
CHR Extension: (Chrome Media Router) - C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-18]
CHR Profile: C:\Users\Tepan\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/"
OPR Extension: (No Name) - C:\Users\Tepan\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-10-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-15] (COMODO)
U3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-11] (Disc Soft Ltd)
U2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
U2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
U2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
U2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
U2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-06-16] (Razer Inc)
U2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-14] (Razer Inc.)
U2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-07-08] (Razer Inc.)
U2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2018-08-04] (Realtek Semiconductor.) [File not signed]
U3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-08-14] ()
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
U3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-11] (Disc Soft Ltd)
U3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-11] (Disc Soft Ltd)
U3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
U3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
U2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-08-14] ()
U3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7529v470\NTIOLib_X64.sys [11888 2011-01-06] (MSI) [File not signed]
U2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2017-04-13] (Razer, Inc.)
U0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-06-11] (Duplex Secure Ltd.)
U3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 21:19 - 2018-08-14 21:19 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-08-14 21:19 - 2018-08-14 21:19 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-08-14 21:19 - 2018-08-14 21:19 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-08-14 21:19 - 2018-08-14 21:19 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-08-14 21:19 - 2018-08-14 21:19 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-08-14 21:19 - 2018-08-14 21:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-08-14 21:19 - 2018-08-14 21:19 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-08-14 21:19 - 2018-08-14 21:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-08-14 21:19 - 2018-08-14 21:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-08-14 21:19 - 2018-08-14 21:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-08-14 21:19 - 2018-08-14 21:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-08-14 21:19 - 2018-07-19 06:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-08-14 21:19 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-08-14 21:19 - 2018-07-19 06:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-08-14 21:19 - 2018-07-19 06:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-08-09 03:51 - 2018-08-03 21:43 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-08-05 05:09 - 2018-08-05 05:09 - 000003292 _____ C:\Users\Tepan\Desktop\JRT.txt
2018-08-05 04:15 - 2018-08-05 04:15 - 001663040 _____ (Malwarebytes) C:\Users\Tepan\Desktop\JRT.exe
2018-08-04 20:28 - 2018-08-04 20:28 - 000165041 _____ C:\Users\Tepan\Desktop\sportka.csv
2018-08-04 20:12 - 2018-08-04 20:12 - 000001658 _____ C:\Users\Tepan\Desktop\JustCause2 – zástupce.lnk
2018-08-04 19:34 - 2018-08-04 19:34 - 000000000 ____D C:\Users\Tepan\Documents\Square Enix
2018-08-04 19:31 - 2018-08-04 19:31 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Cause 2.lnk
2018-08-04 19:31 - 2018-08-04 19:31 - 000001009 _____ C:\Users\Public\Desktop\Just Cause 2.lnk
2018-08-04 19:31 - 2018-08-04 19:31 - 000001009 _____ C:\ProgramData\Desktop\Just Cause 2.lnk
2018-08-04 19:20 - 2018-08-04 19:29 - 000000000 ____D C:\Program Files (x86)\Just Cause 2
2018-08-04 12:39 - 2018-08-04 12:39 - 041196184 _____ (AMD Inc.) C:\Users\Tepan\Desktop\radeon-software-adrenalin-18.7.1-minimalsetup-180712_web.exe
2018-08-04 12:29 - 2018-08-04 12:30 - 008145166 _____ C:\Users\Tepan\Desktop\hwi_586.zip
2018-08-04 12:26 - 2000-01-01 02:00 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2018-08-04 12:25 - 2018-08-04 12:25 - 000000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2018-08-04 12:19 - 2018-08-04 12:19 - 000002483 _____ C:\Users\Public\Desktop\SlimDrivers.lnk
2018-08-04 12:19 - 2018-08-04 12:19 - 000002483 _____ C:\ProgramData\Desktop\SlimDrivers.lnk
2018-08-04 12:19 - 2018-08-04 12:19 - 000000000 ____D C:\Users\Tepan\AppData\Local\SlimWare Utilities Inc
2018-08-04 12:19 - 2018-08-04 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2018-08-04 12:19 - 2018-08-04 12:19 - 000000000 ____D C:\Program Files (x86)\SlimDrivers
2018-08-04 12:05 - 2018-08-04 12:05 - 000858432 _____ (SlimWare Utilities, Inc.) C:\Users\Tepan\Desktop\slimdrivers-setup.exe
2018-08-04 12:05 - 2018-08-04 12:05 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-08-04 12:05 - 2018-08-04 12:05 - 000000000 ____D C:\ProgramData\Documents\Downloaded Installers
2018-08-04 12:01 - 2018-08-04 12:01 - 002449376 _____ (Megaify Software ) C:\Users\Tepan\Desktop\DriverToolkitInstaller.exe
2018-08-03 21:49 - 2018-08-03 21:49 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-03 21:49 - 2018-08-03 21:49 - 000000884 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-08-03 21:49 - 2018-08-03 21:49 - 000000884 _____ C:\ProgramData\Desktop\Firefox.lnk
2018-08-03 21:43 - 2018-08-03 21:43 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-03 21:42 - 2018-08-03 21:42 - 000000000 ____D C:\Program Files\Java
2018-08-02 17:10 - 2018-08-02 17:10 - 000000087 ____H C:\Users\Tepan\Desktop\.~lock.Nový Textový dokument OpenDocument.odt#

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-18 11:58 - 2017-07-08 06:21 - 000016663 _____ C:\Users\Tepan\Desktop\FRST.txt
2018-08-18 11:52 - 2016-10-29 03:09 - 000000000 ____D C:\Users\Tepan\AppData\Roaming\uTorrent
2018-08-18 11:52 - 2013-01-16 20:32 - 000000000 ____D C:\Users\Tepan\AppData\Roaming\vlc
2018-08-18 06:13 - 2014-02-12 07:06 - 000000000 ____D C:\$Downloads
2018-08-18 04:17 - 2009-07-14 06:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-18 04:17 - 2009-07-14 06:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-17 07:37 - 2016-07-23 22:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-16 03:30 - 2009-07-14 17:18 - 000758152 _____ C:\Windows\system32\perfh005.dat
2018-08-16 03:30 - 2009-07-14 17:18 - 000194802 _____ C:\Windows\system32\perfc005.dat
2018-08-16 03:30 - 2009-07-14 07:13 - 001729532 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-16 03:30 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-16 03:23 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-16 03:05 - 2013-05-13 02:53 - 001704246 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-08-15 06:35 - 2018-06-13 08:13 - 000000000 ____D C:\Windows\rescache
2018-08-15 04:02 - 2009-07-14 06:45 - 000661408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-15 03:23 - 2013-08-16 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-08-15 03:16 - 2013-01-16 16:32 - 137343192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-14 19:00 - 2016-11-19 22:57 - 000000000 ____D C:\Users\Tepan\AppData\LocalLow\Mozilla
2018-08-10 03:05 - 2017-12-20 09:12 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 03:05 - 2017-12-20 09:12 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-10 03:05 - 2017-12-20 09:12 - 000002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-08-09 03:52 - 2013-06-25 01:23 - 000000000 ____D C:\Program Files (x86)\Java
2018-08-09 03:51 - 2015-03-10 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-04 18:09 - 2014-06-22 11:59 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-04 17:23 - 2015-04-22 23:17 - 000000000 ____D C:\Users\Tepan\AppData\Local\Steam
2018-08-04 16:36 - 2013-01-16 16:50 - 000000000 ____D C:\Users\Tepan\AppData\Roaming\DAEMON Tools Lite
2018-08-04 16:31 - 2015-01-10 19:46 - 000000000 ____D C:\AMD
2018-08-04 14:36 - 2014-02-25 12:58 - 000000000 ____D C:\Users\Tepan\AppData\Local\CrashDumps
2018-08-04 13:41 - 2013-01-16 15:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-04 13:39 - 2013-01-16 18:38 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-08-04 13:36 - 2016-11-12 19:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-04 13:31 - 2013-01-16 18:37 - 002838232 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-08-04 13:04 - 2015-01-19 02:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-03 21:49 - 2017-04-20 04:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-28 16:58 - 2016-07-23 15:29 - 000000000 ____D C:\Users\Tepan\Desktop\g

==================== Files in the root of some directories =======

2014-04-20 23:40 - 2014-04-20 23:43 - 000003750 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-03-19 13:16 - 2015-07-06 19:48 - 000159200 ____T () C:\Users\Tepan\AppData\Roaming\CrashRpt1402.dll
2002-08-29 19:33 - 2002-08-29 19:33 - 000319488 ____R () C:\Users\Tepan\AppData\Roaming\MafiaSetup.exe
2015-04-17 13:51 - 2015-04-17 13:51 - 000000407 _____ () C:\Users\Tepan\AppData\Roaming\wameu_state.xml
2015-04-16 06:31 - 2015-04-16 06:56 - 000001000 _____ () C:\Users\Tepan\AppData\Roaming\__AvidCloudManager.log
2014-12-10 22:00 - 2014-12-10 22:00 - 000000124 _____ () C:\Users\Tepan\AppData\Local\NetBetCoach_SettingsPath.txt
2014-12-26 01:52 - 2014-12-26 01:52 - 000007664 _____ () C:\Users\Tepan\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-07-11 15:27 - 2018-07-11 15:27 - 015208160 _____ (Reimage) C:\Users\Tepan\AppData\Local\Temp\ReimagePackage.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-16 00:53

==================== End of FRST.txt ============================

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#44 Příspěvek od altrok »

Počítač je dle mého na havěť čistý.

Win + R -> rstrui.exe

máš možnost se vrátit k některému z bodů obnovení vytvořených v minulosti? Nic nevracej - mě zajímá pouze, zda máš možnost vybrat konkrétní body obnovení nebo ne.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: vyskakují okna a sám se spouští firefox cca 1 sec

#45 Příspěvek od tepan »

děkuji za pomoc...doufám,že nějakou dobu čistý zůstane :)

Zamčeno