Dobrý den, naletěl jsem na podvodnou sms s podvrženou stránkou banky. Peníze mi převedli pryč , ale banka je nakonec zablokovala. Prosím o kontrolu zda jsem zaroveň do notebooku něco nechytil.
Děkuji
Marek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Marek (administrator) on MAREK-DELL_W7 (11-07-2017 07:40:29)
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe
(Andrey Gruber) C:\PNotes.NET\PNotes.NET.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files\AnyDATA\Ufonuv fofr internet\EasyWirelessNet.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(forum.viry.cz) C:\Users\Marek\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [120592 2012-01-10] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1488064 2017-07-06] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2017-03-28] (Nokia)
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\...\Run: [Boxcryptor.exe] => C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [2376512 2017-06-13] (Secomba GmbH)
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\...\MountPoints2: {0600726f-1390-11e7-811a-5cf9dd5e90b0} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\...\MountPoints2: {6006c431-8579-11e6-81aa-806e6f6e6963} - D:\autoRcd.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [179952 2016-09-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [157464 2016-09-17] (NVIDIA Corporation)
SSODL: EldosMountNotificator-cbfs6 - {B51107D4-1F82-4078-87B3-A080DCEF0193} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {B51107D4-1F82-4078-87B3-A080DCEF0193} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.NET.lnk [2016-09-29]
ShortcutTarget: PNotes.NET.lnk -> C:\PNotes.NET\PNotes.NET.exe (Andrey Gruber)
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2017-07-01]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{0CF2F72F-9262-4656-8877-F48E204AABC4}: [NameServer] 78.136.128.4 78.136.128.12
Tcpip\..\Interfaces\{54D65DA1-37E5-4F8D-98E5-8B5FE2126047}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-4203383451-3801082500-1579297563-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: vg4o29mo.default
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default [2017-07-11]
FF Homepage: Mozilla\Firefox\Profiles\vg4o29mo.default -> hxxp://www.seznam.cz/
FF Extension: (Disconnect) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Plná Peněženka Lištička) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\@plnapenezenkacz-firefox-extension.xpi [2017-02-24]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-09-28]
FF Extension: (Print Edit) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\printedit@DW-dev.xpi [2017-05-08]
FF Extension: (QuickDrag) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2016-09-28]
FF Extension: (Smart Referer) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2017-07-08]
FF Extension: (Google Translator for Firefox) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\translator@zoli.bod.xpi [2017-02-02]
FF Extension: (ColorfulTabs) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2017-07-06]
FF Extension: (Image Zoom) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2016-09-28]
FF Extension: (Multirow Bookmarks Toolbar Plus) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2016-09-28]
FF Extension: (Google Shortcuts) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2016-09-28]
FF Extension: (IE Tab) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-09-28]
FF Extension: (All-in-One Gestures) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-09-28]
FF Extension: (ImTranslator) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2017-06-13]
FF Extension: (gtranslate) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-12-01]
FF Extension: (Show my Password) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2016-09-28]
FF Extension: (Adblock Plus) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Tab Mix Plus) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\vg4o29mo.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-05-09]
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Marek [2016-09-28]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-19] (Apple Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10499568 2017-07-06] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-06] (COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [154112 2009-11-06] (AnyDATA.NET INC.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-05-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [849248 2017-05-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-05-31] (COMODO)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-28] (Disc Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-06-07] (COMODO)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-07-05] (COMODO)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-08-04] (NVIDIA Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 07:40 - 2017-07-11 07:40 - 00018507 _____ C:\Users\Marek\Desktop\FRST.txt
2017-07-11 07:39 - 2017-07-11 07:40 - 00000000 ____D C:\FRST
2017-07-11 07:37 - 2017-07-11 07:38 - 00112640 _____ (forum.viry.cz) C:\Users\Marek\Desktop\FRSTLauncher.exe
2017-07-11 07:37 - 2017-07-11 07:36 - 02437120 _____ (Farbar) C:\Users\Marek\Desktop\FRST64.exe
2017-07-01 16:52 - 2017-07-01 16:52 - 00000000 ____D C:\Users\Marek\Documents\Poznámkové bloky aplikace OneNote
2017-06-30 14:09 - 2017-06-30 14:09 - 00000000 ____D C:\Users\Marek\Desktop\dilna
2017-06-27 20:04 - 2017-06-27 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-26 12:27 - 2017-06-26 12:27 - 00049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-06-26 12:27 - 2017-06-26 12:27 - 00045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-06-26 12:27 - 2017-06-26 12:27 - 00045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-06-26 12:27 - 2017-06-26 12:27 - 00045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-06-15 19:15 - 2017-06-15 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxcryptor
2017-06-15 19:15 - 2017-06-15 19:15 - 00000000 ____D C:\Program Files (x86)\Boxcryptor
2017-06-12 11:20 - 2017-06-12 11:20 - 00000331 _____ C:\Start_.cmd
2017-06-12 11:20 - 2017-06-12 11:20 - 00000000 ___SD C:\32788R22FWJFW
2017-06-12 11:20 - 2017-06-12 11:20 - 00000000 ____D C:\ComboFix
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 07:40 - 2017-04-07 11:54 - 00000000 ____D C:\Users\Marek\AppData\Roaming\NetSpeedMonitor
2017-07-11 07:32 - 2009-07-14 06:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-11 07:32 - 2009-07-14 06:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 07:30 - 2016-09-29 00:43 - 00804594 _____ C:\Windows\system32\perfh005.dat
2017-07-11 07:30 - 2016-09-29 00:43 - 00221870 _____ C:\Windows\system32\perfc005.dat
2017-07-11 07:30 - 2009-07-14 07:13 - 01882388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-11 07:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-11 07:29 - 2016-09-28 16:06 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-11 07:28 - 2016-11-19 11:32 - 00000000 ____D C:\Users\Marek\AppData\LocalLow\Mozilla
2017-07-11 07:27 - 2016-09-28 18:34 - 00000000 ____D C:\PNotes.NET
2017-07-11 07:27 - 2016-09-28 16:06 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-11 07:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-10 18:58 - 2016-09-28 16:46 - 00002024 ____H C:\Users\Marek\Documents\Default.rdp
2017-07-09 13:45 - 2016-12-22 20:41 - 00000000 ____D C:\Users\Marek\AppData\Roaming\vlc
2017-07-06 22:15 - 2017-04-06 21:58 - 00722898 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-07-06 21:07 - 2016-09-28 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-07-06 21:07 - 2016-09-28 20:21 - 00000000 ____D C:\ProgramData\Comodo
2017-07-06 13:01 - 2016-09-28 20:14 - 00000000 ____D C:\Users\Marek\AppData\Local\Room Arranger
2017-07-06 06:29 - 2016-09-15 00:07 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2017-07-06 06:28 - 2016-09-15 00:07 - 00943304 _____ (COMODO) C:\Windows\system32\guard64.dll
2017-07-06 06:28 - 2016-09-15 00:07 - 00733456 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2017-07-06 06:26 - 2016-09-15 00:05 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2017-07-06 06:24 - 2016-09-15 00:02 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2017-07-05 09:30 - 2017-04-06 21:58 - 00256040 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2017-07-05 09:29 - 2017-04-06 21:58 - 00205536 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2017-07-05 09:29 - 2017-04-06 21:58 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2017-06-30 14:11 - 2016-11-18 11:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-30 14:11 - 2016-09-28 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-27 20:04 - 2016-09-28 16:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-18 17:19 - 2016-09-28 18:56 - 00000000 ____D C:\Users\Marek\AppData\Local\CrashDumps
2017-06-14 20:58 - 2016-09-28 16:06 - 00000000 ____D C:\Users\Marek\AppData\Local\Dropbox
2017-06-13 19:53 - 2017-05-26 15:38 - 00000000 ____D C:\Users\Marek\Desktop\cc
2017-06-12 11:11 - 2016-11-26 21:22 - 00000000 ____D C:\AdwCleaner
==================== Files in the root of some directories =======
2016-12-08 21:01 - 2017-04-22 10:55 - 0007614 _____ () C:\Users\Marek\AppData\Local\Resmon.ResmonCfg
2017-04-21 22:34 - 2017-04-27 13:45 - 0000010 _____ () C:\ProgramData\4BF74AD4-8570-4DAD-8495-98BA79B33A40.data
2017-04-20 16:39 - 2017-04-21 22:01 - 0000010 _____ () C:\ProgramData\4R329H8A_4S3O_3GY2_GU6B_D3R067E2Q321.data
2017-04-20 17:07 - 2017-04-20 19:04 - 0000010 _____ () C:\ProgramData\85K8CH59_6SF3_7B6Z_G170_P4J0J2327942.data
Some files in TEMP:
====================
2017-04-20 16:38 - 2016-01-26 12:40 - 0066496 _____ (Autodesk, Inc.) C:\Users\Marek\AppData\Local\Temp\AcDeltree.exe
2017-07-06 09:18 - 2017-07-06 09:18 - 4109176 _____ (COMODO) C:\Users\Marek\AppData\Local\Temp\ise_installer.exe
2017-05-25 07:51 - 2017-05-25 07:54 - 32100680 _____ () C:\Users\Marek\AppData\Local\Temp\vlc-2.2.6-win64.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\admwprox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ahadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ccdcmbwux64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iisreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iisrstap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iisRtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nmwcdcoclsx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wamregps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\admwprox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ahadmin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COMDLG32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iisreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iisrstap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iisRtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSCOMCT2.OCX:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSFLXGRD.OCX:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenAL32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\QuickPDFAX0726.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Vb6stkit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wamregps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ccdcmbox64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ccdcmbx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pccsmcfdx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser_lowerfltjx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbser_lowerfltx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marek\AppData\Roaming\Milestone:com.dropbox.attributes [168]
==================== Security Center ==================
AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Marek\Desktop" je 476 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Preventivka
- Přílohy
-
- Addition.zip
- (15.12 KiB) Staženo 93 x
Re: Preventivka
ahoj,
doporucujem prescanovat PC s MBAM a zmenit hesla do IB - ak si tak este neurobil
doporucujem prescanovat PC s MBAM a zmenit hesla do IB - ak si tak este neurobil
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
Ahoj, IB jsem skrz banku vyřešil.
Proskenoval jsem s Malwarebytes s tímto výsledkem. Jak tak koukam asi toho mám dost. Smazat vše do karanteny?
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 11.07.17
Čas skenování: 11:59
Logovací soubor: Malwarebytes.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.1.2.1733
Verze komponentů: 1.0.160
Aktualizovat verzi balíku komponent: 1.0.2339
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Marek-Dell_W7\Marek
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 393217
Zjištěné hrozby: 14
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 52 min, 57 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 1
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\GeekBuddyRSP, Žádná uživatelská akce, [1966], [342277],1.0.2339
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 13
RiskWare.GameHack, C:\PROGRAM FILES (X86)\WRC 4 FIA WORLD RALLY CHAMPIONSHIP\STEAM_API.DLL, Žádná uživatelská akce, [471], [305544],1.0.2339
CrackTool.AutoDesk.Keygen, C:\USERS\MAREK\APPDATA\LOCAL\TEMP\_TC\X-FORCE_2017.RAR, Žádná uživatelská akce, [9097], [117344],1.0.2339
CrackTool.AutoDesk.Keygen, C:\USERS\MAREK\APPDATA\LOCAL\TEMP\_TC0\X-FORCE_2017.RAR, Žádná uživatelská akce, [9097], [117344],1.0.2339
Adware.InstallMonster, D:\$RECYCLE.BIN\S-1-5-21-1146298307-396276263-71453719-1000\$RABPFLF.RAR, Žádná uživatelská akce, [146], [329376],1.0.2339
Adware.InstallMonster, D:\$RECYCLE.BIN\S-1-5-21-1146298307-396276263-71453719-1000\$RPULFMC.EXE, Žádná uživatelská akce, [146], [329376],1.0.2339
PUP.Optional.BundleInstaller, D:\DOWNLOADS\FIREFOX_DOWNLOADS\SETUP_IC.EXE, Žádná uživatelská akce, [25], [326153],1.0.2339
PUP.Optional.BundleInstaller, D:\DOWNLOADS\FIREFOX_DOWNLOADS\EAGLEGET_SETUP.EXE, Žádná uživatelská akce, [25], [326153],1.0.2339
CrackTool.AutoDesk.Keygen, D:\DOWNLOADS\FIREFOX_DOWNLOADS\X-FORCE_2017.RAR, Žádná uživatelská akce, [9097], [117344],1.0.2339
RiskWare.Tool.HCK, D:\DOWNLOADS\TORRENT\ADOBE PREMIERE PRO CC 2014.1 8.1.0.81\ADOBE.SNR.PATCH-PAINTER\ADOBE.SNR.PATCH-PAINTER.EXE, Žádná uživatelská akce, [2269], [69152],1.0.2339
Trojan.Injector, D:\SOFTWARE\AUTODESK REMAKE 2017\AUTODESK_REMAKE_2017_DOWNLOAD_X64_PRODUCT_KEY_FULL_CRACKED.EXE, Žádná uživatelská akce, [10], [391582],1.0.2339
CrackTool.AutoDesk.Keygen, D:\SOFTWARE\AUTODESK REMAKE 2017\XF-ADSK2017_X86.EXE, Žádná uživatelská akce, [9097], [117344],1.0.2339
CrackTool.AutoDesk.Keygen, D:\SOFTWARE\AUTODESK REMAKE 2017\XF_ADSK2017_64BIT.EXE, Žádná uživatelská akce, [9097], [117344],1.0.2339
RiskWare.Tool.HCK, D:\SOFTWARE\WYSIWYG WEB BUILDER 10.2.0 + CRACK [S0FT4PC]\CRACK\CRACK.EXE, Žádná uživatelská akce, [2269], [68860],1.0.2339
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Proskenoval jsem s Malwarebytes s tímto výsledkem. Jak tak koukam asi toho mám dost. Smazat vše do karanteny?
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 11.07.17
Čas skenování: 11:59
Logovací soubor: Malwarebytes.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.1.2.1733
Verze komponentů: 1.0.160
Aktualizovat verzi balíku komponent: 1.0.2339
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Marek-Dell_W7\Marek
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 393217
Zjištěné hrozby: 14
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 52 min, 57 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 1
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\GeekBuddyRSP, Žádná uživatelská akce, [1966], [342277],1.0.2339
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 13
RiskWare.GameHack, C:\PROGRAM FILES (X86)\WRC 4 FIA WORLD RALLY CHAMPIONSHIP\STEAM_API.DLL, Žádná uživatelská akce, [471], [305544],1.0.2339
CrackTool.AutoDesk.Keygen, C:\USERS\MAREK\APPDATA\LOCAL\TEMP\_TC\X-FORCE_2017.RAR, Žádná uživatelská akce, [9097], [117344],1.0.2339
CrackTool.AutoDesk.Keygen, C:\USERS\MAREK\APPDATA\LOCAL\TEMP\_TC0\X-FORCE_2017.RAR, Žádná uživatelská akce, [9097], [117344],1.0.2339
Adware.InstallMonster, D:\$RECYCLE.BIN\S-1-5-21-1146298307-396276263-71453719-1000\$RABPFLF.RAR, Žádná uživatelská akce, [146], [329376],1.0.2339
Adware.InstallMonster, D:\$RECYCLE.BIN\S-1-5-21-1146298307-396276263-71453719-1000\$RPULFMC.EXE, Žádná uživatelská akce, [146], [329376],1.0.2339
PUP.Optional.BundleInstaller, D:\DOWNLOADS\FIREFOX_DOWNLOADS\SETUP_IC.EXE, Žádná uživatelská akce, [25], [326153],1.0.2339
PUP.Optional.BundleInstaller, D:\DOWNLOADS\FIREFOX_DOWNLOADS\EAGLEGET_SETUP.EXE, Žádná uživatelská akce, [25], [326153],1.0.2339
CrackTool.AutoDesk.Keygen, D:\DOWNLOADS\FIREFOX_DOWNLOADS\X-FORCE_2017.RAR, Žádná uživatelská akce, [9097], [117344],1.0.2339
RiskWare.Tool.HCK, D:\DOWNLOADS\TORRENT\ADOBE PREMIERE PRO CC 2014.1 8.1.0.81\ADOBE.SNR.PATCH-PAINTER\ADOBE.SNR.PATCH-PAINTER.EXE, Žádná uživatelská akce, [2269], [69152],1.0.2339
Trojan.Injector, D:\SOFTWARE\AUTODESK REMAKE 2017\AUTODESK_REMAKE_2017_DOWNLOAD_X64_PRODUCT_KEY_FULL_CRACKED.EXE, Žádná uživatelská akce, [10], [391582],1.0.2339
CrackTool.AutoDesk.Keygen, D:\SOFTWARE\AUTODESK REMAKE 2017\XF-ADSK2017_X86.EXE, Žádná uživatelská akce, [9097], [117344],1.0.2339
CrackTool.AutoDesk.Keygen, D:\SOFTWARE\AUTODESK REMAKE 2017\XF_ADSK2017_64BIT.EXE, Žádná uživatelská akce, [9097], [117344],1.0.2339
RiskWare.Tool.HCK, D:\SOFTWARE\WYSIWYG WEB BUILDER 10.2.0 + CRACK [S0FT4PC]\CRACK\CRACK.EXE, Žádná uživatelská akce, [2269], [68860],1.0.2339
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Re: Preventivka
zmazat vsetko, zahravas sa s nebezpecnymi SW 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
Všechno smazáno. Hmm co dodat. Snad bez trvalých následku 
Ty nepravé stránky IB zřejmě nic nenacpaly do mého noťasu, šlo jim jen zřejmě jen o hesla.
Ty nepravé stránky IB zřejmě nic nenacpaly do mého noťasu, šlo jim jen zřejmě jen o hesla.
Re: Preventivka
preventivne pouzi fixlist:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
Kód: Vybrat vše
Start
EmptyTemp:
Reboot:
End
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txtFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Marek (11-07-2017 16:25:53) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek & DefaultAppPool (Available Profiles: Marek & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
EmptyTemp:
Reboot:
End
*****************
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27086690 B
Java, Flash, Steam htmlcache => 273152109 B
Windows/system/drivers => 17452063 B
Edge => 0 B
Chrome => 0 B
Firefox => 383508794 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100061 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
Marek => 848364248 B
UpdatusUser => 0 B
DefaultAppPool => 0 B
RecycleBin => 465440 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:26:04 ====
Ran by Marek (11-07-2017 16:25:53) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek & DefaultAppPool (Available Profiles: Marek & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
EmptyTemp:
Reboot:
End
*****************
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27086690 B
Java, Flash, Steam htmlcache => 273152109 B
Windows/system/drivers => 17452063 B
Edge => 0 B
Chrome => 0 B
Firefox => 383508794 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100061 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
Marek => 848364248 B
UpdatusUser => 0 B
DefaultAppPool => 0 B
RecycleBin => 465440 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:26:04 ====
Re: Preventivka
Malo by to byt ciste, posledny krok bol na vycistenie temp adresarov, ak by tam cosi driemalo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Preventivka
Díky moc, chtěl jsem drobně finančně podpořit forum, ale napsalo mi to že, "Účet příjemce nebo odesílatele není plně aktivní.".. Hm možna po tom bezpečnostním incidentu u mbank......, mám blokle platby... No zitra to s bankou dořeším
Marek
Marek
Re: Preventivka
rad som pomohol
vyhni sa pouzivaniu crackov/keygenov
vyhni sa pouzivaniu crackov/keygenov
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?