Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by Mary (administrator) on DESKTOP-L5HLK2S (28-01-2017 20:45:46)
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Platform: Windows 10 Pro Version 1511 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\Mary\AppData\Roaming\Seznam.cz\szninstall.exe
() C:\Users\Mary\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Mary\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Mary\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Mary\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-18\...\Run: [] => 0
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 10.0.0.1
Tcpip\..\Interfaces\{d89ad79b-ac8a-4d2d-ade4-2190ebbc1012}: [DhcpNameServer] 192.168.1.254 10.0.0.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {09C11F59-3BB3-44B3-8A2D-EF04B12551D0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {332EBB77-D095-492D-A751-76864766221E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {852ABCF8-C998-4558-84AE-ED0DD14BB8AE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {8E7D4012-8882-443A-B862-F701E41616D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {BBEA26DF-1E98-4120-8137-994661481E2E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {ED36CBE5-A51D-42C7-8195-4660EF4A52DB} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {FDA79A20-0B9D-406B-93CD-D93D6932D3BF} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Prezentace Google) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-28]
CHR Extension: (Disk Google) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28]
CHR Extension: (Tabulky Google) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-28] (Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-28 20:45 - 2017-01-28 20:46 - 00011251 _____ C:\Users\Mary\Desktop\FRST.txt
2017-01-28 20:45 - 2017-01-28 20:45 - 02420736 _____ (Farbar) C:\Users\Mary\Desktop\FRST64.exe
2017-01-28 20:45 - 2017-01-28 20:45 - 00000000 ____D C:\FRST
2017-01-28 20:44 - 2017-01-28 20:44 - 00000000 ____D C:\Users\Mary\AppData\Local\ActiveSync
2017-01-28 20:42 - 2017-01-28 20:42 - 00000000 ____D C:\Users\Mary\AppData\Local\VirtualStore
2017-01-28 20:40 - 2017-01-28 20:31 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-28 20:32 - 2017-01-28 20:32 - 00000000 ____D C:\Users\Mary\AppData\Local\CrashDumps
2017-01-28 20:31 - 2017-01-28 20:39 - 00000000 ____D C:\zoek_backup
2017-01-28 20:31 - 2017-01-28 20:31 - 01309184 _____ C:\Users\Mary\Desktop\zoek.exe
2017-01-28 19:55 - 2017-01-28 19:55 - 00004158 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B848F8C5-32DC-4B54-9BDA-812A6DD6120E}
2017-01-28 19:11 - 2017-01-28 20:14 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-28 19:10 - 2017-01-28 19:33 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-28 19:08 - 2017-01-28 19:10 - 25949256 _____ C:\Users\Mary\Desktop\RogueKillerX64.exe
2017-01-28 19:08 - 2017-01-28 19:08 - 00000545 _____ C:\Users\Mary\Desktop\JRT.txt
2017-01-28 19:04 - 2017-01-28 19:04 - 01663040 _____ (Malwarebytes) C:\Users\Mary\Desktop\JRT.exe
2017-01-28 19:04 - 2017-01-28 19:04 - 00004240 _____ C:\Users\Mary\Desktop\malwarebytes 2.txt
2017-01-28 19:01 - 2017-01-28 19:01 - 00002044 _____ C:\Users\Mary\Desktop\AdwCleaner[C0].txt
2017-01-28 18:52 - 2017-01-28 09:57 - 00000000 ____D C:\Windows\Panther
2017-01-28 18:51 - 2017-01-28 10:40 - 00000000 ____D C:\Users\Public\Desktop\Aktivator!!!
2017-01-28 18:40 - 2017-01-28 18:40 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Macromedia
2017-01-28 18:39 - 2017-01-28 19:55 - 00000000 ____D C:\KMPlayer
2017-01-28 18:39 - 2017-01-28 18:39 - 00000643 _____ C:\Users\Mary\Desktop\KMPlayer.lnk
2017-01-28 18:39 - 2017-01-28 18:39 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2017-01-28 18:38 - 2017-01-28 18:39 - 36850584 _____ (PandoraTV) C:\Users\Mary\Downloads\KMPlayer_4.0.4.6.exe
2017-01-28 16:04 - 2017-01-28 16:04 - 01767437 _____ C:\Users\Mary\Downloads\BP-_Pocatky_kolonizace_americkeho_kontinentu_a__odraz_tohoto_procesu_v_literature_-Kubna_2015.pdf
2017-01-28 15:55 - 2017-01-28 15:55 - 00011029 _____ C:\Users\Mary\Desktop\malwarebytes.txt
2017-01-28 15:51 - 2017-01-28 20:42 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-28 15:51 - 2017-01-28 15:52 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-28 15:51 - 2017-01-28 15:51 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-28 15:51 - 2017-01-28 15:51 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-28 15:51 - 2017-01-28 15:51 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-28 15:51 - 2017-01-28 15:51 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-28 15:51 - 2017-01-28 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-28 15:51 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-28 15:50 - 2017-01-28 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-28 15:50 - 2017-01-28 15:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-28 15:45 - 2017-01-28 15:46 - 55566792 _____ (Malwarebytes ) C:\Users\Mary\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-28 15:43 - 2017-01-28 18:56 - 00000000 ____D C:\AdwCleaner
2017-01-28 15:43 - 2017-01-28 15:44 - 04015056 _____ C:\Users\Mary\Desktop\adwcleaner_6.043.exe
2017-01-28 15:36 - 2017-01-28 15:37 - 00448512 _____ (OldTimer Tools) C:\Users\Mary\Downloads\TFC.exe
2017-01-28 15:33 - 2017-01-28 15:35 - 00050688 _____ (Atribune.org) C:\Users\Mary\Downloads\ATF-Cleaner.exe
2017-01-28 13:38 - 2017-01-28 13:38 - 00002559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002553 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-28 13:38 - 2017-01-28 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2017-01-28 13:36 - 2016-10-28 02:22 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-01-28 13:29 - 2017-01-28 17:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-28 13:29 - 2017-01-28 13:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-28 13:23 - 2017-01-28 17:25 - 00000000 ____D C:\Users\Mary\Desktop\Odevzdat
2017-01-28 12:02 - 2017-01-28 12:02 - 00000000 ____D C:\ProgramData\Sophos
2017-01-28 11:54 - 2017-01-28 11:54 - 00007926 _____ C:\Windows\system32\.crusader
2017-01-28 11:47 - 2017-01-28 11:47 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-28 11:47 - 2017-01-28 11:47 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-28 11:47 - 2017-01-28 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-28 11:47 - 2017-01-28 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-28 11:47 - 2017-01-28 11:47 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-28 11:47 - 2017-01-28 11:47 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-28 11:45 - 2017-01-28 11:54 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-28 11:40 - 2017-01-28 20:39 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-01-28 11:40 - 2017-01-28 20:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-01-28 11:40 - 2017-01-28 11:40 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-01-28 11:39 - 2017-01-28 20:14 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Seznam.cz
2017-01-28 11:38 - 2017-01-28 15:55 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2017-01-28 11:31 - 2017-01-28 11:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mary\Downloads\HijackThis.exe
2017-01-28 10:40 - 2015-10-29 19:43 - 06473216 _____ (Microsoft Corporation) C:\Windows\system32\prm0005.dll
2017-01-28 10:39 - 2017-01-28 10:39 - 00001051 _____ C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-01-28 10:32 - 2017-01-28 10:32 - 00000000 ____D C:\Users\Mary\AppData\Roaming\ATI
2017-01-28 10:32 - 2017-01-28 10:32 - 00000000 ____D C:\Users\Mary\AppData\Local\ATI
2017-01-28 10:32 - 2017-01-28 10:32 - 00000000 ____D C:\ProgramData\ATI
2017-01-28 10:27 - 2017-01-28 10:27 - 00750014 _____ C:\Windows\system32\perfh005.dat
2017-01-28 10:27 - 2017-01-28 10:27 - 00150658 _____ C:\Windows\system32\perfc005.dat
2017-01-28 10:27 - 2017-01-28 10:25 - 00296654 _____ C:\Windows\system32\perfi005.dat
2017-01-28 10:27 - 2017-01-28 10:25 - 00038682 _____ C:\Windows\system32\perfd005.dat
2017-01-28 10:26 - 2017-01-28 10:26 - 00000000 ____D C:\Windows\SysWOW64\cs
2017-01-28 10:26 - 2017-01-28 10:26 - 00000000 ____D C:\Windows\system32\cs
2017-01-28 10:21 - 2017-01-28 10:21 - 00000000 ____D C:\Program Files\WinRAR
2017-01-28 10:16 - 2017-01-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-01-28 10:16 - 2017-01-28 10:16 - 00000000 ____D C:\Program Files\ATI Technologies
2017-01-28 10:16 - 2017-01-28 10:16 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2017-01-28 10:15 - 2017-01-28 20:15 - 00956226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-28 10:15 - 2017-01-28 10:15 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-28 10:15 - 2017-01-28 10:15 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-28 10:15 - 2017-01-28 10:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-01-28 10:15 - 2017-01-28 10:15 - 00000000 ____D C:\Program Files\AMD
2017-01-28 10:15 - 2017-01-28 10:15 - 00000000 ____D C:\AMD
2017-01-28 10:15 - 2017-01-28 10:15 - 00000000 _____ C:\Windows\ativpsrm.bin
2017-01-28 10:14 - 2017-01-28 11:04 - 00000000 ____D C:\Users\Mary\AppData\Local\Google
2017-01-28 10:14 - 2017-01-28 10:20 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-28 10:14 - 2017-01-28 10:20 - 00003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-28 10:14 - 2017-01-28 10:15 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-28 10:13 - 2017-01-28 10:13 - 00003288 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-28 10:13 - 2017-01-28 10:13 - 00000000 ____D C:\Users\Mary\AppData\Local\Comms
2017-01-28 10:12 - 2017-01-28 10:13 - 00000000 ____D C:\Users\Mary\AppData\Local\MicrosoftEdge
2017-01-28 10:12 - 2017-01-28 10:12 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Skype
2017-01-28 10:11 - 2017-01-28 10:13 - 00002364 _____ C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-28 10:11 - 2017-01-28 10:12 - 00000000 ___RD C:\Users\Mary\OneDrive
2017-01-28 10:10 - 2017-01-28 10:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-01-28 10:07 - 2017-01-28 17:56 - 00000000 ____D C:\Users\Mary
2017-01-28 10:07 - 2017-01-28 11:26 - 00000000 ____D C:\Users\Mary\AppData\Local\Packages
2017-01-28 10:07 - 2017-01-28 10:07 - 00000020 ___SH C:\Users\Mary\ntuser.ini
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 _SHDL C:\Users\Mary\My Documents
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 _SHDL C:\Users\Mary\Documents\My Videos
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 _SHDL C:\Users\Mary\Documents\My Pictures
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 _SHDL C:\Users\Mary\Documents\My Music
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Adobe
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 ____D C:\Users\Mary\AppData\Local\TileDataLayer
2017-01-28 10:07 - 2017-01-28 10:07 - 00000000 ____D C:\Users\Mary\AppData\Local\Publishers
2017-01-28 10:05 - 2017-01-28 10:05 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2017-01-28 10:03 - 2017-01-28 10:03 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-01-28 10:02 - 2017-01-28 10:02 - 00000000 ____D C:\ProgramData\USOShared
2017-01-28 10:02 - 2016-12-20 10:09 - 00025952 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-01-28 10:00 - 2017-01-28 10:00 - 00000000 ____D C:\Windows\CSC
2017-01-28 09:59 - 2016-07-12 23:22 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-01-28 09:58 - 2017-01-28 20:41 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default\My Documents
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-01-28 09:58 - 2017-01-28 09:58 - 00000000 _SHDL C:\Documents and Settings
2017-01-28 09:55 - 2017-01-28 09:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-01-28 09:54 - 2017-01-28 13:54 - 00340712 _____ C:\Windows\system32\FNTCACHE.DAT
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-28 20:41 - 2015-10-30 07:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-01-28 20:39 - 2015-10-30 08:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-28 20:15 - 2016-06-07 21:39 - 00793184 _____ C:\Windows\system32\perfh019.dat
2017-01-28 20:15 - 2016-06-07 21:39 - 00156958 _____ C:\Windows\system32\perfc019.dat
2017-01-28 20:15 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2017-01-28 20:10 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2017-01-28 18:52 - 2015-10-30 08:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-01-28 15:49 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-01-28 13:49 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-28 13:29 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-28 12:57 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-28 11:54 - 2015-10-30 08:26 - 00000000 ____D C:\Windows\Setup
2017-01-28 11:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2017-01-28 10:40 - 2015-10-30 10:03 - 00000000 ____D C:\Windows\OCR
2017-01-28 10:26 - 2016-06-07 21:39 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-01-28 10:26 - 2015-10-30 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\winrm
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\WCN
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\slmgr
2017-01-28 10:26 - 2015-10-30 10:02 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\F12
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\MiracastView
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\DevicesFlow
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\oobe
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\MUI
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\Com
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\IME
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\Help
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-28 10:26 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-28 10:26 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-01-28 10:26 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Sysprep
2017-01-28 10:26 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Dism
2017-01-28 10:26 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\servicing
2017-01-28 10:23 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-28 10:07 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PrintDialog
2017-01-28 10:03 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache
2017-01-28 10:02 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-28 10:02 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2017-01-28 10:01 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\spool
2017-01-28 10:00 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-28 09:54 - 2015-10-30 10:14 - 00000000 ____D C:\Windows\ServiceProfiles
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-28 09:54
==================== End of FRST.txt ============================
Vir v PC
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Mary\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Mary\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {09C11F59-3BB3-44B3-8A2D-EF04B12551D0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {332EBB77-D095-492D-A751-76864766221E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {852ABCF8-C998-4558-84AE-ED0DD14BB8AE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {8E7D4012-8882-443A-B862-F701E41616D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {BBEA26DF-1E98-4120-8137-994661481E2E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {ED36CBE5-A51D-42C7-8195-4660EF4A52DB} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {FDA79A20-0B9D-406B-93CD-D93D6932D3BF} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
C:\ProgramData\RogueKiller
C:\Program Files (x86)\KMSPico 10.0.6
C:\Windows\KMS-R@1n.exe
C:\Users\Mary\AppData\Local\Temp\{e34-37-3d-39454-883ab-0ec1-04192}\ra3UsZU+m-.exe
Task: {9EFBD5B3-B752-4503-8E52-9A78191A2AC2} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {E4A4BCBA-619B-4D49-8519-6523C8C439D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Task: {FD92C3B2-D045-4721-8421-DB70EF15BF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Hosts:
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Vir v PC
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Mary (28-01-2017 21:50:54) Run:1
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Mary\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Mary\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {09C11F59-3BB3-44B3-8A2D-EF04B12551D0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {332EBB77-D095-492D-A751-76864766221E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {852ABCF8-C998-4558-84AE-ED0DD14BB8AE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {8E7D4012-8882-443A-B862-F701E41616D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {BBEA26DF-1E98-4120-8137-994661481E2E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {ED36CBE5-A51D-42C7-8195-4660EF4A52DB} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {FDA79A20-0B9D-406B-93CD-D93D6932D3BF} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
C:\ProgramData\RogueKiller
C:\Program Files (x86)\KMSPico 10.0.6
C:\Windows\KMS-R@1n.exe
C:\Users\Mary\AppData\Local\Temp\{e34-37-3d-39454-883ab-0ec1-04192}\ra3UsZU+m-.exe
Task: {9EFBD5B3-B752-4503-8E52-9A78191A2AC2} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {E4A4BCBA-619B-4D49-8519-6523C8C439D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Task: {FD92C3B2-D045-4721-8421-DB70EF15BF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes TrayApp => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value removed successfully
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09C11F59-3BB3-44B3-8A2D-EF04B12551D0} => key removed successfully
HKCR\CLSID\{09C11F59-3BB3-44B3-8A2D-EF04B12551D0} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{332EBB77-D095-492D-A751-76864766221E} => key removed successfully
HKCR\CLSID\{332EBB77-D095-492D-A751-76864766221E} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{852ABCF8-C998-4558-84AE-ED0DD14BB8AE} => key removed successfully
HKCR\CLSID\{852ABCF8-C998-4558-84AE-ED0DD14BB8AE} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E7D4012-8882-443A-B862-F701E41616D8} => key removed successfully
HKCR\CLSID\{8E7D4012-8882-443A-B862-F701E41616D8} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} => key removed successfully
HKCR\CLSID\{9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} => key removed successfully
HKCR\CLSID\{9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBEA26DF-1E98-4120-8137-994661481E2E} => key removed successfully
HKCR\CLSID\{BBEA26DF-1E98-4120-8137-994661481E2E} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED36CBE5-A51D-42C7-8195-4660EF4A52DB} => key removed successfully
HKCR\CLSID\{ED36CBE5-A51D-42C7-8195-4660EF4A52DB} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDA79A20-0B9D-406B-93CD-D93D6932D3BF} => key removed successfully
HKCR\CLSID\{FDA79A20-0B9D-406B-93CD-D93D6932D3BF} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
C:\ProgramData\RogueKiller => moved successfully
C:\Program Files (x86)\KMSPico 10.0.6 => moved successfully
"C:\Windows\KMS-R@1n.exe" => not found.
"C:\Users\Mary\AppData\Local\Temp\{e34-37-3d-39454-883ab-0ec1-04192}\ra3UsZU+m-.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EFBD5B3-B752-4503-8E52-9A78191A2AC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EFBD5B3-B752-4503-8E52-9A78191A2AC2} => key removed successfully
C:\Windows\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4A4BCBA-619B-4D49-8519-6523C8C439D4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4A4BCBA-619B-4D49-8519-6523C8C439D4} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD92C3B2-D045-4721-8421-DB70EF15BF10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD92C3B2-D045-4721-8421-DB70EF15BF10} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 585848 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16854758 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 148326 B
Edge => 11225518 B
Chrome => 88508094 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 7040 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 27812 B
Mary => 5566249 B
RecycleBin => 0 B
EmptyTemp: => 117.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:50:59 ====
Ran by Mary (28-01-2017 21:50:54) Run:1
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Mary\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Mary\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {09C11F59-3BB3-44B3-8A2D-EF04B12551D0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {332EBB77-D095-492D-A751-76864766221E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {852ABCF8-C998-4558-84AE-ED0DD14BB8AE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {8E7D4012-8882-443A-B862-F701E41616D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {BBEA26DF-1E98-4120-8137-994661481E2E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {ED36CBE5-A51D-42C7-8195-4660EF4A52DB} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-1664230912-4152899523-1192634744-1001 -> {FDA79A20-0B9D-406B-93CD-D93D6932D3BF} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-28] (Google Inc.)
C:\ProgramData\RogueKiller
C:\Program Files (x86)\KMSPico 10.0.6
C:\Windows\KMS-R@1n.exe
C:\Users\Mary\AppData\Local\Temp\{e34-37-3d-39454-883ab-0ec1-04192}\ra3UsZU+m-.exe
Task: {9EFBD5B3-B752-4503-8E52-9A78191A2AC2} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {E4A4BCBA-619B-4D49-8519-6523C8C439D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Task: {FD92C3B2-D045-4721-8421-DB70EF15BF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes TrayApp => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value removed successfully
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09C11F59-3BB3-44B3-8A2D-EF04B12551D0} => key removed successfully
HKCR\CLSID\{09C11F59-3BB3-44B3-8A2D-EF04B12551D0} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{332EBB77-D095-492D-A751-76864766221E} => key removed successfully
HKCR\CLSID\{332EBB77-D095-492D-A751-76864766221E} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{852ABCF8-C998-4558-84AE-ED0DD14BB8AE} => key removed successfully
HKCR\CLSID\{852ABCF8-C998-4558-84AE-ED0DD14BB8AE} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E7D4012-8882-443A-B862-F701E41616D8} => key removed successfully
HKCR\CLSID\{8E7D4012-8882-443A-B862-F701E41616D8} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} => key removed successfully
HKCR\CLSID\{9BB2F0E7-6CE7-4D7F-A3C7-7AE75E1AA4DC} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} => key removed successfully
HKCR\CLSID\{9E31854A-B5D1-46A6-90BA-8D80ABA55B1C} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBEA26DF-1E98-4120-8137-994661481E2E} => key removed successfully
HKCR\CLSID\{BBEA26DF-1E98-4120-8137-994661481E2E} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED36CBE5-A51D-42C7-8195-4660EF4A52DB} => key removed successfully
HKCR\CLSID\{ED36CBE5-A51D-42C7-8195-4660EF4A52DB} => key not found.
HKU\S-1-5-21-1664230912-4152899523-1192634744-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDA79A20-0B9D-406B-93CD-D93D6932D3BF} => key removed successfully
HKCR\CLSID\{FDA79A20-0B9D-406B-93CD-D93D6932D3BF} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
C:\ProgramData\RogueKiller => moved successfully
C:\Program Files (x86)\KMSPico 10.0.6 => moved successfully
"C:\Windows\KMS-R@1n.exe" => not found.
"C:\Users\Mary\AppData\Local\Temp\{e34-37-3d-39454-883ab-0ec1-04192}\ra3UsZU+m-.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EFBD5B3-B752-4503-8E52-9A78191A2AC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EFBD5B3-B752-4503-8E52-9A78191A2AC2} => key removed successfully
C:\Windows\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4A4BCBA-619B-4D49-8519-6523C8C439D4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4A4BCBA-619B-4D49-8519-6523C8C439D4} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD92C3B2-D045-4721-8421-DB70EF15BF10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD92C3B2-D045-4721-8421-DB70EF15BF10} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 585848 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16854758 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 148326 B
Edge => 11225518 B
Chrome => 88508094 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 7040 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 27812 B
Mary => 5566249 B
RecycleBin => 0 B
EmptyTemp: => 117.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:50:59 ====
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC
Co problémy?
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Vir v PC
Bohužel stále přetrvávají. Po spuštění videa se počítač sekne a jde jen restartovat. Po restartu při načítání se mi opět zasekl na úvodní stránce a po druhém restartu už naběhl.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC
Zajímavé, z pohledu malwaru by to mělo být již čisté. Ověříme stav HDD a RAM:
Stáhni si Memtest:
Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Stáhni si Memtest:
Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Vir v PC
----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 10 Professional [10.0 Build 10586] (x64)
Date : 2017/01/29 11:30:13
-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
+ ATA Channel 1 (1)
- PIONEER DVD-RW DVR-215 ATA Device
- WDC WD10EZEX-75WN4A0 ATA Device
- Řadič prostorů úložišť [SCSI]
-- Disk List ---------------------------------------------------------------
(1) WDC WD10EZEX-75WN4A0 : 1000,2 GB [0/3/0, pd1] - wd
----------------------------------------------------------------------------
(1) WDC WD10EZEX-75WN4A0
----------------------------------------------------------------------------
Model : WDC WD10EZEX-75WN4A0
Firmware : 01.01A01
Serial Number : WD-WCC6Y5UCJHP1
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/300 | SATA/600
Power On Hours : 352 hod.
Power On Count : 145 krát
Host Reads : 2540 GB
Host Writes : 2180 GB
Temperature : 28 C (82 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----
Drive Letter : C:
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 188 168 _21 000000000637 Čas na roztočení ploten
04 100 100 __0 000000000092 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 100 100 __0 000000000160 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 000000000091 Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000002F Počet vypnutí disku
C1 200 200 __0 00000000044E Počet cyklů načítání/vymazání
C2 115 110 __0 00000000001C Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
F0 100 100 __0 000000000152 Čas nastavování hlaviček - v hodinách
F1 200 200 __0 00011087B040 Total Host Writes
F2 200 200 __0 00013D81159F Total Host Reads
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 4336 5935 5543 4A48 5031
020: 0000 0000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3130 455A 4558 2D37 3557 4E34 4130 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0006 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0D00
070: 0000 0000 0000 0000 0000 001F 970E 0004 004C 0040
080: 07FE 001F 746B 7D61 4123 7469 BC41 4123 207F 803B
090: 803B 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5001 4EE2
110: B87A F345 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 EFA5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BC A8 37 06 00 00 00 00 00 04 32 00 64 64 92
020: 00 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 64 64 60 01 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 64 64 91 00 00 00 00 00 00 C0 32
070: 00 C8 C8 2F 00 00 00 00 00 00 C1 32 00 C8 C8 4E
080: 04 00 00 00 00 00 C2 22 00 73 6E 1C 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 64 FD 00 00 00 00 00 00 00 F0 32
0D0: 00 64 64 52 01 00 00 00 00 00 F1 32 00 C8 C8 40
0E0: B0 87 10 01 00 00 F2 32 00 C8 C8 9F 15 81 3D 01
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 F4 29 01 7B
170: 03 00 01 00 02 70 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 F0 00
0D0: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
0E0: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 F4 29 01 7B
170: 03 00 01 00 02 70 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 10 Professional [10.0 Build 10586] (x64)
Date : 2017/01/29 11:30:13
-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
+ ATA Channel 1 (1)
- PIONEER DVD-RW DVR-215 ATA Device
- WDC WD10EZEX-75WN4A0 ATA Device
- Řadič prostorů úložišť [SCSI]
-- Disk List ---------------------------------------------------------------
(1) WDC WD10EZEX-75WN4A0 : 1000,2 GB [0/3/0, pd1] - wd
----------------------------------------------------------------------------
(1) WDC WD10EZEX-75WN4A0
----------------------------------------------------------------------------
Model : WDC WD10EZEX-75WN4A0
Firmware : 01.01A01
Serial Number : WD-WCC6Y5UCJHP1
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/300 | SATA/600
Power On Hours : 352 hod.
Power On Count : 145 krát
Host Reads : 2540 GB
Host Writes : 2180 GB
Temperature : 28 C (82 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----
Drive Letter : C:
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 188 168 _21 000000000637 Čas na roztočení ploten
04 100 100 __0 000000000092 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 100 100 __0 000000000160 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 000000000091 Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000002F Počet vypnutí disku
C1 200 200 __0 00000000044E Počet cyklů načítání/vymazání
C2 115 110 __0 00000000001C Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
F0 100 100 __0 000000000152 Čas nastavování hlaviček - v hodinách
F1 200 200 __0 00011087B040 Total Host Writes
F2 200 200 __0 00013D81159F Total Host Reads
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 4336 5935 5543 4A48 5031
020: 0000 0000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3130 455A 4558 2D37 3557 4E34 4130 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0006 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0D00
070: 0000 0000 0000 0000 0000 001F 970E 0004 004C 0040
080: 07FE 001F 746B 7D61 4123 7469 BC41 4123 207F 803B
090: 803B 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5001 4EE2
110: B87A F345 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 EFA5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BC A8 37 06 00 00 00 00 00 04 32 00 64 64 92
020: 00 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 64 64 60 01 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 64 64 91 00 00 00 00 00 00 C0 32
070: 00 C8 C8 2F 00 00 00 00 00 00 C1 32 00 C8 C8 4E
080: 04 00 00 00 00 00 C2 22 00 73 6E 1C 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 64 FD 00 00 00 00 00 00 00 F0 32
0D0: 00 64 64 52 01 00 00 00 00 00 F1 32 00 C8 C8 40
0E0: B0 87 10 01 00 00 F2 32 00 C8 C8 9F 15 81 3D 01
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 F4 29 01 7B
170: 03 00 01 00 02 70 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 F0 00
0D0: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
0E0: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 84 00 F4 29 01 7B
170: 03 00 01 00 02 70 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F
Re: Vir v PC
OTL logfile created on: 29.01.2017 11:33:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,97% Memory free
5,33 Gb Paging File | 4,04 Gb Available in Paging File | 75,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,02 Gb Total Space | 897,90 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive I: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: DESKTOP-L5HLK2S | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Mary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
PRC - C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\lfsvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWT6.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\Windows\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IoQos) -- C:\Windows\SysNative\drivers\ioqos.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (LSI Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV - (CompositeBus) -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_1\
O1 HOSTS File: ([2017.01.28 21:50:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [OneDrive] C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d89ad79b-ac8a-4d2d-ade4-2190ebbc1012}: DhcpNameServer = 192.168.1.254 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,97% Memory free
5,33 Gb Paging File | 4,04 Gb Available in Paging File | 75,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,02 Gb Total Space | 897,90 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive I: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: DESKTOP-L5HLK2S | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Mary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
PRC - C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_89ca1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_32238) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_31bed) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_309df) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30661) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30370) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30324) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2f147) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2e12f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2c886) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2c527) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2b2d6) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2a737) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2a276) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_29648) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_28dac) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_2719c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_27015) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_26fc1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_26b38) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_26629) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_23309) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1fb90) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1ee32) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1a66e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_1a10c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\lfsvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWT6.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\Windows\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IoQos) -- C:\Windows\SysNative\drivers\ioqos.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (LSI Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV - (CompositeBus) -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_1\
O1 HOSTS File: ([2017.01.28 21:50:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [OneDrive] C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d89ad79b-ac8a-4d2d-ade4-2190ebbc1012}: DhcpNameServer = 192.168.1.254 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
Re: Vir v PC
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.10.29 22:05:48 | 000,000,128 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2017.01.29 11:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2017.01.29 11:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2017.01.29 10:36:42 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2017.01.29 09:43:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2017.01.29 09:12:56 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\MemTest
[2017.01.28 22:33:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2017.01.28 20:45:44 | 000,000,000 | ---D | C] -- C:\FRST
[2017.01.28 20:45:04 | 002,420,736 | ---- | C] (Farbar) -- C:\Users\Mary\Desktop\FRST64.exe
[2017.01.28 20:44:17 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\ActiveSync
[2017.01.28 20:42:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017.01.28 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\VirtualStore
[2017.01.28 20:40:45 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2017.01.28 20:40:45 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Temp
[2017.01.28 20:32:27 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\CrashDumps
[2017.01.28 20:31:36 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2017.01.28 19:04:43 | 001,663,040 | ---- | C] (Malwarebytes) -- C:\Users\Mary\Desktop\JRT.exe
[2017.01.28 18:52:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2017.01.28 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Aktivator!!!
[2017.01.28 18:40:07 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Macromedia
[2017.01.28 18:39:42 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2017.01.28 18:39:27 | 000,000,000 | ---D | C] -- C:\KMPlayer
[2017.01.28 15:51:21 | 000,176,584 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017.01.28 15:51:13 | 000,110,536 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017.01.28 15:51:13 | 000,091,584 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017.01.28 15:51:09 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017.01.28 15:51:07 | 000,250,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.01.28 15:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017.01.28 15:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017.01.28 15:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.01.28 15:43:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017.01.28 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2017.01.28 13:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
[2017.01.28 13:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2017.01.28 13:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2017.01.28 13:23:50 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\Odevzdat
[2017.01.28 12:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2017.01.28 11:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2017.01.28 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2017.01.28 11:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2017.01.28 11:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2017.01.28 11:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2017.01.28 11:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seznam.cz
[2017.01.28 11:39:43 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Seznam.cz
[2017.01.28 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Programs
[2017.01.28 10:40:08 | 006,473,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prm0005.dll
[2017.01.28 10:32:58 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\ATI
[2017.01.28 10:32:58 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\ATI
[2017.01.28 10:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.01.28 10:26:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\cs-CZ
[2017.01.28 10:26:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cs
[2017.01.28 10:26:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2017.01.28 10:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cs
[2017.01.28 10:26:01 | 000,000,000 | ---D | C] -- C:\Windows\cs-CZ
[2017.01.28 10:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2017.01.28 10:19:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\cs-CZ\NdisImPlatform.sys.mui
[2017.01.28 10:19:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
[2017.01.28 10:19:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\cs-CZ\wfplwfs.sys.mui
[2017.01.28 10:19:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\volsnap.sys.mui
[2017.01.28 10:19:49 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\spaceport.sys.mui
[2017.01.28 10:19:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbport.sys.mui
[2017.01.28 10:19:49 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBHUB3.SYS.mui
[2017.01.28 10:19:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBXHCI.SYS.mui
[2017.01.28 10:19:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbhub.sys.mui
[2017.01.28 10:19:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vhdmp.sys.mui
[2017.01.28 10:19:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vdrvroot.sys.mui
[2017.01.28 10:19:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\tpm.sys.mui
[2017.01.28 10:19:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rdvgkmd.sys.mui
[2017.01.28 10:19:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\netvsc.sys.mui
[2017.01.28 10:19:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\sdbus.sys.mui
[2017.01.28 10:19:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\dumpsd.sys.mui
[2017.01.28 10:19:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vmstorfl.sys.mui
[2017.01.28 10:19:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\portcls.sys.mui
[2017.01.28 10:19:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\dmvsc.sys.mui
[2017.01.28 10:19:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthA2DP.sys.mui
[2017.01.28 10:19:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbehci.sys.mui
[2017.01.28 10:19:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\umbus.sys.mui
[2017.01.28 10:19:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\sdstor.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbvideo.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBSTOR.SYS.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBAUDIO.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\serscan.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rfxvmt.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rfcomm.sys.mui
[2017.01.28 10:19:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\volmgr.sys.mui
[2017.01.28 10:19:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wmbclass.sys.mui
[2017.01.28 10:19:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pci.sys.mui
[2017.01.28 10:19:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pcmcia.sys.mui
[2017.01.28 10:19:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rndismpx.sys.mui
[2017.01.28 10:19:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rndismp6.sys.mui
[2017.01.28 10:19:46 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\MTConfig.sys.mui
[2017.01.28 10:19:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\serial.sys.mui
[2017.01.28 10:19:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ataport.sys.mui
[2017.01.28 10:19:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\sermouse.sys.mui
[2017.01.28 10:19:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mouclass.sys.mui
[2017.01.28 10:19:45 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\parport.sys.mui
[2017.01.28 10:19:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mssmbios.sys.mui
[2017.01.28 10:19:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mouhid.sys.mui
[2017.01.28 10:19:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\msgpiowin32.sys.mui
[2017.01.28 10:19:44 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\tcpip.sys.mui
[2017.01.28 10:19:44 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\afd.sys.mui
[2017.01.28 10:19:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\tunnel.sys.mui
[2017.01.28 10:19:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\synth3dvsc.sys.mui
[2017.01.28 10:19:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\modem.sys.mui
[2017.01.28 10:19:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wdf01000.sys.mui
[2017.01.28 10:19:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ws2ifsl.sys.mui
[2017.01.28 10:19:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbrpm.sys.mui
[2017.01.28 10:19:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\srv2.sys.mui
[2017.01.28 10:19:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mrxsmb.sys.mui
[2017.01.28 10:19:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\fvevol.sys.mui
[2017.01.28 10:19:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\storqosflt.sys.mui
[2017.01.28 10:19:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\scfilter.sys.mui
[2017.01.28 10:19:39 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ntfs.sys.mui
[2017.01.28 10:19:39 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ndis.sys.mui
[2017.01.28 10:19:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\nwifi.sys.mui
[2017.01.28 10:19:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\refsv1.sys.mui
[2017.01.28 10:19:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rdbss.sys.mui
[2017.01.28 10:19:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wof.sys.mui
[2017.01.28 10:19:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ndisuio.sys.mui
[2017.01.28 10:19:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\agilevpn.sys.mui
[2017.01.28 10:19:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\qwavedrv.sys.mui
[2017.01.28 10:19:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\partmgr.sys.mui
[2017.01.28 10:19:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pdc.sys.mui
[2017.01.28 10:19:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pacer.sys.mui
[2017.01.28 10:19:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\NdisImPlatform.sys.mui
[2017.01.28 10:19:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mup.sys.mui
[2017.01.28 10:19:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mslldp.sys.mui
[2017.01.28 10:19:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ndiscap.sys.mui
[2017.01.28 10:19:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wfplwfs.sys.mui
[2017.01.28 10:19:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\NdisVirtualBus.sys.mui
[2017.01.28 10:19:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mshidumdf.sys.mui
[2017.01.28 10:19:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mountmgr.sys.mui
[2017.01.28 10:19:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\luafv.sys.mui
[2017.01.28 10:19:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\http.sys.mui
[2017.01.28 10:19:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\fltmgr.sys.mui
[2017.01.28 10:19:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\volmgrx.sys.mui
[2017.01.28 10:19:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vhf.sys.mui
[2017.01.28 10:19:34 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wudfpf.sys.mui
[2017.01.28 10:19:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthport.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\processr.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\intelppm.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\amdppm.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\amdk8.sys.mui
[2017.01.28 10:19:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthLEEnum.sys.mui
[2017.01.28 10:19:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\1394ohci.sys.mui
[2017.01.28 10:19:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\acpi.sys.mui
[2017.01.28 10:19:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\i8042prt.sys.mui
[2017.01.28 10:19:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\EhStorTcgDrv.sys.mui
[2017.01.28 10:19:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\battc.sys.mui
[2017.01.28 10:19:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\IPMIDrv.sys.mui
[2017.01.28 10:19:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hidclass.sys.mui
[2017.01.28 10:19:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\disk.sys.mui
[2017.01.28 10:19:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hidbth.sys.mui
[2017.01.28 10:19:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthpan.sys.mui
[2017.01.28 10:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wacompen.sys.mui
[2017.01.28 10:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\kbdclass.sys.mui
[2017.01.28 10:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hdaudbus.sys.mui
[2017.01.28 10:19:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\isapnp.sys.mui
[2017.01.28 10:19:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hidi2c.sys.mui
[2017.01.28 10:19:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthMini.SYS.mui
[2017.01.28 10:19:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\HdAudio.sys.mui
[2017.01.28 10:19:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BTHUSB.SYS.mui
[2017.01.28 10:19:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthhfenum.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ULIAGPKX.SYS.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\UAGP35.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pnpmem.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\NV_AGP.SYS.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\kbdhid.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\GAGP30KX.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\cdrom.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthhfHid.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthenum.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthAvrcpTg.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\AGP440.sys.mui
[2017.01.28 10:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2017.01.28 10:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2017.01.28 10:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2017.01.28 10:15:35 | 000,000,000 | ---D | C] -- C:\AMD
[2017.01.28 10:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2017.01.28 10:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2017.01.28 10:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017.01.28 10:14:20 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Google
[2017.01.28 10:13:47 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Comms
[2017.01.28 10:12:52 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\MicrosoftEdge
[2017.01.28 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Skype
[2017.01.28 10:11:51 | 000,000,000 | R--D | C] -- C:\Users\Mary\OneDrive
[2017.01.28 10:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2017.01.28 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Publishers
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\Searches
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\Contacts
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017.01.28 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Adobe
[2017.01.28 10:07:14 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Packages
[2017.01.28 10:07:13 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\TileDataLayer
[2017.01.28 10:07:11 | 000,000,000 | -H-D | C] -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017.01.28 10:07:00 | 000,000,000 | --SD | C] -- C:\Users\Mary\AppData\Roaming\Microsoft
[2017.01.28 10:07:00 | 000,000,000 | R-SD | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Videos
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Saved Games
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Pictures
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Music
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Links
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Favorites
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Downloads
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Documents
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Desktop
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\Temporary Internet Files
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Templates
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Start Menu
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\SendTo
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Recent
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\PrintHood
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\NetHood
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Videos
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Pictures
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Music
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\My Documents
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Local Settings
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\History
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Cookies
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Application Data
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\Application Data
[2017.01.28 10:07:00 | 000,000,000 | -H-D | C] -- C:\Users\Mary\AppData
[2017.01.28 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Microsoft
[2017.01.28 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017.01.28 10:03:35 | 000,000,000 | --SD | C] -- C:\Windows\UpdateAssistantV2
[2017.01.28 10:02:59 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OOBEUpdater.exe
[2017.01.28 10:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared
[2017.01.28 10:00:04 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2017.01.28 09:59:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2017.01.28 09:59:58 | 002,718,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll
[2017.01.28 09:59:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2017.01.28 09:58:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2017.01.28 09:56:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017.01.28 09:54:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2017.01.28 09:54:49 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\Microsoft
[2017.01.28 09:54:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2017.01.29 11:31:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2017.01.29 11:29:54 | 000,001,273 | ---- | M] () -- C:\Users\Mary\Desktop\CrystalDiskInfo.lnk
[2017.01.29 09:59:34 | 000,956,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.01.29 09:59:34 | 000,832,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.01.29 09:59:34 | 000,793,184 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2017.01.29 09:59:34 | 000,232,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.01.29 09:59:34 | 000,156,958 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2017.01.29 09:54:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.01.29 09:53:09 | 000,250,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.01.29 09:52:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017.01.29 09:52:31 | 1700,093,952 | -HS- | M] () -- C:\hiberfil.sys
[2017.01.29 09:43:52 | 306,108,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017.01.29 07:16:21 | 000,032,768 | ---- | M] () -- C:\Users\Mary\Documents\memtest.exe
[2017.01.29 07:16:19 | 000,012,947 | ---- | M] () -- C:\Users\Mary\Documents\manual.html
[2017.01.28 22:33:07 | 000,015,600 | ---- | M] () -- C:\Users\Mary\Desktop\MemTest.zip
[2017.01.28 22:25:50 | 000,077,408 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.01.28 21:50:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2017.01.28 20:45:33 | 002,420,736 | ---- | M] (Farbar) -- C:\Users\Mary\Desktop\FRST64.exe
[2017.01.28 20:31:36 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2017.01.28 20:31:22 | 001,309,184 | ---- | M] () -- C:\Users\Mary\Desktop\zoek.exe
[2017.01.28 20:14:46 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017.01.28 19:10:55 | 025,949,256 | ---- | M] () -- C:\Users\Mary\Desktop\RogueKillerX64.exe
[2017.01.28 19:04:54 | 001,663,040 | ---- | M] (Malwarebytes) -- C:\Users\Mary\Desktop\JRT.exe
[2017.01.28 18:39:42 | 000,000,643 | ---- | M] () -- C:\Users\Mary\Desktop\KMPlayer.lnk
[2017.01.28 15:52:28 | 000,091,584 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017.01.28 15:51:21 | 000,176,584 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017.01.28 15:51:13 | 000,110,536 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017.01.28 15:51:09 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017.01.28 15:51:04 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.28 15:44:19 | 004,015,056 | ---- | M] () -- C:\Users\Mary\Desktop\adwcleaner_6.043.exe
[2017.01.28 13:54:04 | 000,340,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.01.28 11:54:17 | 000,007,926 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2017.01.28 11:47:38 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.01.28 11:47:14 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2017.01.28 10:32:22 | 000,002,360 | ---- | M] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017.01.28 10:27:11 | 000,750,014 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2017.01.28 10:27:11 | 000,150,658 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2017.01.28 10:25:52 | 000,296,654 | ---- | M] () -- C:\Windows\SysNative\perfi005.dat
[2017.01.28 10:25:52 | 000,038,682 | ---- | M] () -- C:\Windows\SysNative\perfd005.dat
[2017.01.28 10:15:35 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017.01.28 10:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2017.01.28 09:57:23 | 000,037,613 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017.01.28 09:57:23 | 000,037,613 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017.01.28 09:55:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
========== Files Created - No Company Name ==========
[2017.01.29 11:29:54 | 000,001,273 | ---- | C] () -- C:\Users\Mary\Desktop\CrystalDiskInfo.lnk
[2017.01.29 09:43:52 | 306,108,266 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2017.01.28 22:33:03 | 000,015,600 | ---- | C] () -- C:\Users\Mary\Desktop\MemTest.zip
[2017.01.28 20:40:45 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2017.01.28 20:31:17 | 001,309,184 | ---- | C] () -- C:\Users\Mary\Desktop\zoek.exe
[2017.01.28 19:11:16 | 000,028,272 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017.01.28 19:08:59 | 025,949,256 | ---- | C] () -- C:\Users\Mary\Desktop\RogueKillerX64.exe
[2017.01.28 18:39:42 | 000,000,643 | ---- | C] () -- C:\Users\Mary\Desktop\KMPlayer.lnk
[2017.01.28 17:27:16 | 000,859,785 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20160205-WA0002.jpg
[2017.01.28 17:27:16 | 000,062,684 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20160205-WA0001.jpg
[2017.01.28 17:27:16 | 000,055,740 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20160205-WA0000.jpg
[2017.01.28 17:27:01 | 000,164,527 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20151225-WA0000.jpg
[2017.01.28 15:51:04 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.28 15:51:01 | 000,077,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.01.28 15:43:53 | 004,015,056 | ---- | C] () -- C:\Users\Mary\Desktop\adwcleaner_6.043.exe
[2017.01.28 13:38:17 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[2017.01.28 13:38:17 | 000,002,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[2017.01.28 13:38:17 | 000,002,518 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
[2017.01.28 13:38:17 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[2017.01.28 13:38:16 | 000,002,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[2017.01.28 13:38:16 | 000,002,558 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
[2017.01.28 13:38:16 | 000,002,451 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
[2017.01.28 13:38:15 | 000,002,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[2017.01.28 13:38:15 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[2017.01.28 11:54:17 | 000,007,926 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2017.01.28 11:47:38 | 000,002,775 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.01.28 11:47:14 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2017.01.28 10:39:55 | 000,001,051 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
[2017.01.28 10:27:05 | 000,750,014 | ---- | C] () -- C:\Windows\SysNative\perfh005.dat
[2017.01.28 10:27:05 | 000,296,654 | ---- | C] () -- C:\Windows\SysNative\perfi005.dat
[2017.01.28 10:27:05 | 000,150,658 | ---- | C] () -- C:\Windows\SysNative\perfc005.dat
[2017.01.28 10:27:05 | 000,038,682 | ---- | C] () -- C:\Windows\SysNative\perfd005.dat
[2017.01.28 10:15:35 | 000,002,360 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017.01.28 10:15:35 | 000,002,348 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017.01.28 10:15:35 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017.01.28 10:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2017.01.28 10:15:04 | 000,956,226 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.01.28 10:11:51 | 000,002,364 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2017.01.28 10:07:00 | 000,000,352 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017.01.28 10:07:00 | 000,000,334 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017.01.28 09:58:16 | 1700,093,952 | -HS- | C] () -- C:\hiberfil.sys
[2017.01.28 09:57:23 | 000,037,613 | ---- | C] () -- C:\Windows\SysWow64\license.rtf
[2017.01.28 09:57:23 | 000,037,613 | ---- | C] () -- C:\Windows\SysNative\license.rtf
[2017.01.28 09:55:17 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2017.01.28 09:55:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2017.01.28 09:54:40 | 000,340,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.01.28 09:54:36 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2017.01.09 12:09:06 | 000,012,947 | ---- | C] () -- C:\Users\Mary\Documents\manual.html
[2017.01.09 10:52:20 | 000,032,768 | ---- | C] () -- C:\Users\Mary\Documents\memtest.exe
[2016.07.12 23:22:21 | 001,862,008 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll
[2016.07.12 23:22:18 | 000,162,816 | ---- | C] () -- C:\Windows\SysWow64\MTF.dll
[2015.12.16 20:07:40 | 000,152,560 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2015.12.16 20:07:40 | 000,111,088 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2015.12.16 20:07:38 | 001,004,032 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2015.12.16 20:07:36 | 000,807,424 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2015.12.16 20:07:34 | 000,198,640 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2015.12.16 20:07:34 | 000,132,080 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2015.11.04 21:24:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2015.11.04 21:24:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2015.10.30 08:24:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2015.10.30 08:24:43 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2015.10.30 08:18:39 | 000,164,224 | ---- | C] () -- C:\Windows\SysWow64\weretw.dll
[2015.10.30 08:18:36 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2015.10.30 08:18:36 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015.10.30 08:18:34 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\GamePanelExternalHook.dll
[2015.10.30 08:18:31 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\Windows.Perception.Stub.dll
[2015.10.30 08:18:31 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\dtdump.exe
[2015.10.30 08:18:29 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2015.10.30 08:18:29 | 000,293,376 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll
[2015.10.30 08:18:26 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\efsext.dll
[2015.10.30 08:18:25 | 000,002,269 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2015.10.30 08:18:23 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
[2015.10.30 08:17:40 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== ZeroAccess Check ==========
[2017.01.28 11:39:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016.07.12 23:22:21 | 006,605,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016.07.12 23:22:21 | 005,240,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.10.30 08:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015.10.30 08:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015.10.30 08:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2017.01.28 20:47:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Seznam.cz
========== Purity Check ==========
< End of report >
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.10.29 22:05:48 | 000,000,128 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2017.01.29 11:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2017.01.29 11:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2017.01.29 10:36:42 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2017.01.29 09:43:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2017.01.29 09:12:56 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\MemTest
[2017.01.28 22:33:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2017.01.28 20:45:44 | 000,000,000 | ---D | C] -- C:\FRST
[2017.01.28 20:45:04 | 002,420,736 | ---- | C] (Farbar) -- C:\Users\Mary\Desktop\FRST64.exe
[2017.01.28 20:44:17 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\ActiveSync
[2017.01.28 20:42:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017.01.28 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\VirtualStore
[2017.01.28 20:40:45 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2017.01.28 20:40:45 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Temp
[2017.01.28 20:32:27 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\CrashDumps
[2017.01.28 20:31:36 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2017.01.28 19:04:43 | 001,663,040 | ---- | C] (Malwarebytes) -- C:\Users\Mary\Desktop\JRT.exe
[2017.01.28 18:52:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2017.01.28 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Aktivator!!!
[2017.01.28 18:40:07 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Macromedia
[2017.01.28 18:39:42 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2017.01.28 18:39:27 | 000,000,000 | ---D | C] -- C:\KMPlayer
[2017.01.28 15:51:21 | 000,176,584 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017.01.28 15:51:13 | 000,110,536 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017.01.28 15:51:13 | 000,091,584 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017.01.28 15:51:09 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017.01.28 15:51:07 | 000,250,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.01.28 15:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017.01.28 15:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017.01.28 15:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.01.28 15:43:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017.01.28 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2017.01.28 13:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
[2017.01.28 13:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2017.01.28 13:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2017.01.28 13:23:50 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\Odevzdat
[2017.01.28 12:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2017.01.28 11:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2017.01.28 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2017.01.28 11:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2017.01.28 11:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2017.01.28 11:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2017.01.28 11:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seznam.cz
[2017.01.28 11:39:43 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Seznam.cz
[2017.01.28 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Programs
[2017.01.28 10:40:08 | 006,473,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prm0005.dll
[2017.01.28 10:32:58 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\ATI
[2017.01.28 10:32:58 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\ATI
[2017.01.28 10:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.01.28 10:26:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\cs-CZ
[2017.01.28 10:26:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cs
[2017.01.28 10:26:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2017.01.28 10:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cs
[2017.01.28 10:26:01 | 000,000,000 | ---D | C] -- C:\Windows\cs-CZ
[2017.01.28 10:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2017.01.28 10:19:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\cs-CZ\NdisImPlatform.sys.mui
[2017.01.28 10:19:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
[2017.01.28 10:19:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\cs-CZ\wfplwfs.sys.mui
[2017.01.28 10:19:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\volsnap.sys.mui
[2017.01.28 10:19:49 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\spaceport.sys.mui
[2017.01.28 10:19:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbport.sys.mui
[2017.01.28 10:19:49 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBHUB3.SYS.mui
[2017.01.28 10:19:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBXHCI.SYS.mui
[2017.01.28 10:19:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbhub.sys.mui
[2017.01.28 10:19:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vhdmp.sys.mui
[2017.01.28 10:19:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vdrvroot.sys.mui
[2017.01.28 10:19:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\tpm.sys.mui
[2017.01.28 10:19:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rdvgkmd.sys.mui
[2017.01.28 10:19:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\netvsc.sys.mui
[2017.01.28 10:19:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\sdbus.sys.mui
[2017.01.28 10:19:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\dumpsd.sys.mui
[2017.01.28 10:19:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vmstorfl.sys.mui
[2017.01.28 10:19:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\portcls.sys.mui
[2017.01.28 10:19:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\dmvsc.sys.mui
[2017.01.28 10:19:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthA2DP.sys.mui
[2017.01.28 10:19:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbehci.sys.mui
[2017.01.28 10:19:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\umbus.sys.mui
[2017.01.28 10:19:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\sdstor.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbvideo.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBSTOR.SYS.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\USBAUDIO.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\serscan.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rfxvmt.sys.mui
[2017.01.28 10:19:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rfcomm.sys.mui
[2017.01.28 10:19:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\volmgr.sys.mui
[2017.01.28 10:19:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wmbclass.sys.mui
[2017.01.28 10:19:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pci.sys.mui
[2017.01.28 10:19:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pcmcia.sys.mui
[2017.01.28 10:19:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rndismpx.sys.mui
[2017.01.28 10:19:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rndismp6.sys.mui
[2017.01.28 10:19:46 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\MTConfig.sys.mui
[2017.01.28 10:19:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\serial.sys.mui
[2017.01.28 10:19:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ataport.sys.mui
[2017.01.28 10:19:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\sermouse.sys.mui
[2017.01.28 10:19:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mouclass.sys.mui
[2017.01.28 10:19:45 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\parport.sys.mui
[2017.01.28 10:19:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mssmbios.sys.mui
[2017.01.28 10:19:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mouhid.sys.mui
[2017.01.28 10:19:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\msgpiowin32.sys.mui
[2017.01.28 10:19:44 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\tcpip.sys.mui
[2017.01.28 10:19:44 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\afd.sys.mui
[2017.01.28 10:19:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\tunnel.sys.mui
[2017.01.28 10:19:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\synth3dvsc.sys.mui
[2017.01.28 10:19:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\modem.sys.mui
[2017.01.28 10:19:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wdf01000.sys.mui
[2017.01.28 10:19:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ws2ifsl.sys.mui
[2017.01.28 10:19:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\usbrpm.sys.mui
[2017.01.28 10:19:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\srv2.sys.mui
[2017.01.28 10:19:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mrxsmb.sys.mui
[2017.01.28 10:19:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\fvevol.sys.mui
[2017.01.28 10:19:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\storqosflt.sys.mui
[2017.01.28 10:19:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\scfilter.sys.mui
[2017.01.28 10:19:39 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ntfs.sys.mui
[2017.01.28 10:19:39 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ndis.sys.mui
[2017.01.28 10:19:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\nwifi.sys.mui
[2017.01.28 10:19:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\refsv1.sys.mui
[2017.01.28 10:19:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\rdbss.sys.mui
[2017.01.28 10:19:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wof.sys.mui
[2017.01.28 10:19:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ndisuio.sys.mui
[2017.01.28 10:19:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\agilevpn.sys.mui
[2017.01.28 10:19:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\qwavedrv.sys.mui
[2017.01.28 10:19:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\partmgr.sys.mui
[2017.01.28 10:19:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pdc.sys.mui
[2017.01.28 10:19:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pacer.sys.mui
[2017.01.28 10:19:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\NdisImPlatform.sys.mui
[2017.01.28 10:19:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mup.sys.mui
[2017.01.28 10:19:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mslldp.sys.mui
[2017.01.28 10:19:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ndiscap.sys.mui
[2017.01.28 10:19:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wfplwfs.sys.mui
[2017.01.28 10:19:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\NdisVirtualBus.sys.mui
[2017.01.28 10:19:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mshidumdf.sys.mui
[2017.01.28 10:19:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\mountmgr.sys.mui
[2017.01.28 10:19:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\luafv.sys.mui
[2017.01.28 10:19:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\http.sys.mui
[2017.01.28 10:19:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\fltmgr.sys.mui
[2017.01.28 10:19:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\volmgrx.sys.mui
[2017.01.28 10:19:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vhf.sys.mui
[2017.01.28 10:19:34 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wudfpf.sys.mui
[2017.01.28 10:19:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthport.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\processr.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\intelppm.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\amdppm.sys.mui
[2017.01.28 10:19:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\amdk8.sys.mui
[2017.01.28 10:19:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthLEEnum.sys.mui
[2017.01.28 10:19:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\1394ohci.sys.mui
[2017.01.28 10:19:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\acpi.sys.mui
[2017.01.28 10:19:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\i8042prt.sys.mui
[2017.01.28 10:19:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\EhStorTcgDrv.sys.mui
[2017.01.28 10:19:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\battc.sys.mui
[2017.01.28 10:19:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\IPMIDrv.sys.mui
[2017.01.28 10:19:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hidclass.sys.mui
[2017.01.28 10:19:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\disk.sys.mui
[2017.01.28 10:19:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hidbth.sys.mui
[2017.01.28 10:19:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthpan.sys.mui
[2017.01.28 10:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\wacompen.sys.mui
[2017.01.28 10:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\kbdclass.sys.mui
[2017.01.28 10:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hdaudbus.sys.mui
[2017.01.28 10:19:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\isapnp.sys.mui
[2017.01.28 10:19:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\hidi2c.sys.mui
[2017.01.28 10:19:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthMini.SYS.mui
[2017.01.28 10:19:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\HdAudio.sys.mui
[2017.01.28 10:19:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BTHUSB.SYS.mui
[2017.01.28 10:19:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthhfenum.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\ULIAGPKX.SYS.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\UAGP35.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\pnpmem.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\NV_AGP.SYS.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\kbdhid.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\GAGP30KX.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\cdrom.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthhfHid.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\bthenum.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\BthAvrcpTg.sys.mui
[2017.01.28 10:19:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\AGP440.sys.mui
[2017.01.28 10:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2017.01.28 10:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2017.01.28 10:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2017.01.28 10:15:35 | 000,000,000 | ---D | C] -- C:\AMD
[2017.01.28 10:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2017.01.28 10:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2017.01.28 10:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017.01.28 10:14:20 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Google
[2017.01.28 10:13:47 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Comms
[2017.01.28 10:12:52 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\MicrosoftEdge
[2017.01.28 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Skype
[2017.01.28 10:11:51 | 000,000,000 | R--D | C] -- C:\Users\Mary\OneDrive
[2017.01.28 10:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2017.01.28 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Publishers
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\Searches
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\Contacts
[2017.01.28 10:07:19 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017.01.28 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Adobe
[2017.01.28 10:07:14 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Packages
[2017.01.28 10:07:13 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\TileDataLayer
[2017.01.28 10:07:11 | 000,000,000 | -H-D | C] -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017.01.28 10:07:00 | 000,000,000 | --SD | C] -- C:\Users\Mary\AppData\Roaming\Microsoft
[2017.01.28 10:07:00 | 000,000,000 | R-SD | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Videos
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Saved Games
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Pictures
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Music
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Links
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Favorites
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Downloads
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Documents
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\Desktop
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017.01.28 10:07:00 | 000,000,000 | R--D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\Temporary Internet Files
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Templates
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Start Menu
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\SendTo
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Recent
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\PrintHood
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\NetHood
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Videos
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Pictures
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Documents\My Music
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\My Documents
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Local Settings
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\History
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Cookies
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\Application Data
[2017.01.28 10:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Mary\AppData\Local\Application Data
[2017.01.28 10:07:00 | 000,000,000 | -H-D | C] -- C:\Users\Mary\AppData
[2017.01.28 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Microsoft
[2017.01.28 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017.01.28 10:03:35 | 000,000,000 | --SD | C] -- C:\Windows\UpdateAssistantV2
[2017.01.28 10:02:59 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OOBEUpdater.exe
[2017.01.28 10:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared
[2017.01.28 10:00:04 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2017.01.28 09:59:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2017.01.28 09:59:58 | 002,718,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll
[2017.01.28 09:59:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2017.01.28 09:58:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2017.01.28 09:58:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2017.01.28 09:56:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017.01.28 09:54:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2017.01.28 09:54:49 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\Microsoft
[2017.01.28 09:54:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2017.01.29 11:31:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2017.01.29 11:29:54 | 000,001,273 | ---- | M] () -- C:\Users\Mary\Desktop\CrystalDiskInfo.lnk
[2017.01.29 09:59:34 | 000,956,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.01.29 09:59:34 | 000,832,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.01.29 09:59:34 | 000,793,184 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2017.01.29 09:59:34 | 000,232,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.01.29 09:59:34 | 000,156,958 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2017.01.29 09:54:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.01.29 09:53:09 | 000,250,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.01.29 09:52:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017.01.29 09:52:31 | 1700,093,952 | -HS- | M] () -- C:\hiberfil.sys
[2017.01.29 09:43:52 | 306,108,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017.01.29 07:16:21 | 000,032,768 | ---- | M] () -- C:\Users\Mary\Documents\memtest.exe
[2017.01.29 07:16:19 | 000,012,947 | ---- | M] () -- C:\Users\Mary\Documents\manual.html
[2017.01.28 22:33:07 | 000,015,600 | ---- | M] () -- C:\Users\Mary\Desktop\MemTest.zip
[2017.01.28 22:25:50 | 000,077,408 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.01.28 21:50:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2017.01.28 20:45:33 | 002,420,736 | ---- | M] (Farbar) -- C:\Users\Mary\Desktop\FRST64.exe
[2017.01.28 20:31:36 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2017.01.28 20:31:22 | 001,309,184 | ---- | M] () -- C:\Users\Mary\Desktop\zoek.exe
[2017.01.28 20:14:46 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017.01.28 19:10:55 | 025,949,256 | ---- | M] () -- C:\Users\Mary\Desktop\RogueKillerX64.exe
[2017.01.28 19:04:54 | 001,663,040 | ---- | M] (Malwarebytes) -- C:\Users\Mary\Desktop\JRT.exe
[2017.01.28 18:39:42 | 000,000,643 | ---- | M] () -- C:\Users\Mary\Desktop\KMPlayer.lnk
[2017.01.28 15:52:28 | 000,091,584 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017.01.28 15:51:21 | 000,176,584 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017.01.28 15:51:13 | 000,110,536 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017.01.28 15:51:09 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017.01.28 15:51:04 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.28 15:44:19 | 004,015,056 | ---- | M] () -- C:\Users\Mary\Desktop\adwcleaner_6.043.exe
[2017.01.28 13:54:04 | 000,340,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.01.28 11:54:17 | 000,007,926 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2017.01.28 11:47:38 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.01.28 11:47:14 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2017.01.28 10:32:22 | 000,002,360 | ---- | M] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017.01.28 10:27:11 | 000,750,014 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2017.01.28 10:27:11 | 000,150,658 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2017.01.28 10:25:52 | 000,296,654 | ---- | M] () -- C:\Windows\SysNative\perfi005.dat
[2017.01.28 10:25:52 | 000,038,682 | ---- | M] () -- C:\Windows\SysNative\perfd005.dat
[2017.01.28 10:15:35 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017.01.28 10:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2017.01.28 09:57:23 | 000,037,613 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017.01.28 09:57:23 | 000,037,613 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017.01.28 09:55:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
========== Files Created - No Company Name ==========
[2017.01.29 11:29:54 | 000,001,273 | ---- | C] () -- C:\Users\Mary\Desktop\CrystalDiskInfo.lnk
[2017.01.29 09:43:52 | 306,108,266 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2017.01.28 22:33:03 | 000,015,600 | ---- | C] () -- C:\Users\Mary\Desktop\MemTest.zip
[2017.01.28 20:40:45 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2017.01.28 20:31:17 | 001,309,184 | ---- | C] () -- C:\Users\Mary\Desktop\zoek.exe
[2017.01.28 19:11:16 | 000,028,272 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017.01.28 19:08:59 | 025,949,256 | ---- | C] () -- C:\Users\Mary\Desktop\RogueKillerX64.exe
[2017.01.28 18:39:42 | 000,000,643 | ---- | C] () -- C:\Users\Mary\Desktop\KMPlayer.lnk
[2017.01.28 17:27:16 | 000,859,785 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20160205-WA0002.jpg
[2017.01.28 17:27:16 | 000,062,684 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20160205-WA0001.jpg
[2017.01.28 17:27:16 | 000,055,740 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20160205-WA0000.jpg
[2017.01.28 17:27:01 | 000,164,527 | ---- | C] () -- C:\Users\Mary\Desktop\IMG-20151225-WA0000.jpg
[2017.01.28 15:51:04 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.01.28 15:51:01 | 000,077,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.01.28 15:43:53 | 004,015,056 | ---- | C] () -- C:\Users\Mary\Desktop\adwcleaner_6.043.exe
[2017.01.28 13:38:17 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[2017.01.28 13:38:17 | 000,002,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[2017.01.28 13:38:17 | 000,002,518 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
[2017.01.28 13:38:17 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[2017.01.28 13:38:16 | 000,002,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[2017.01.28 13:38:16 | 000,002,558 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
[2017.01.28 13:38:16 | 000,002,451 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
[2017.01.28 13:38:15 | 000,002,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[2017.01.28 13:38:15 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[2017.01.28 11:54:17 | 000,007,926 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2017.01.28 11:47:38 | 000,002,775 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
[2017.01.28 11:47:14 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2017.01.28 10:39:55 | 000,001,051 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
[2017.01.28 10:27:05 | 000,750,014 | ---- | C] () -- C:\Windows\SysNative\perfh005.dat
[2017.01.28 10:27:05 | 000,296,654 | ---- | C] () -- C:\Windows\SysNative\perfi005.dat
[2017.01.28 10:27:05 | 000,150,658 | ---- | C] () -- C:\Windows\SysNative\perfc005.dat
[2017.01.28 10:27:05 | 000,038,682 | ---- | C] () -- C:\Windows\SysNative\perfd005.dat
[2017.01.28 10:15:35 | 000,002,360 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017.01.28 10:15:35 | 000,002,348 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017.01.28 10:15:35 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017.01.28 10:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2017.01.28 10:15:04 | 000,956,226 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.01.28 10:11:51 | 000,002,364 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2017.01.28 10:07:00 | 000,000,352 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017.01.28 10:07:00 | 000,000,334 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017.01.28 09:58:16 | 1700,093,952 | -HS- | C] () -- C:\hiberfil.sys
[2017.01.28 09:57:23 | 000,037,613 | ---- | C] () -- C:\Windows\SysWow64\license.rtf
[2017.01.28 09:57:23 | 000,037,613 | ---- | C] () -- C:\Windows\SysNative\license.rtf
[2017.01.28 09:55:17 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2017.01.28 09:55:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2017.01.28 09:54:40 | 000,340,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.01.28 09:54:36 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2017.01.09 12:09:06 | 000,012,947 | ---- | C] () -- C:\Users\Mary\Documents\manual.html
[2017.01.09 10:52:20 | 000,032,768 | ---- | C] () -- C:\Users\Mary\Documents\memtest.exe
[2016.07.12 23:22:21 | 001,862,008 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll
[2016.07.12 23:22:18 | 000,162,816 | ---- | C] () -- C:\Windows\SysWow64\MTF.dll
[2015.12.16 20:07:40 | 000,152,560 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2015.12.16 20:07:40 | 000,111,088 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2015.12.16 20:07:38 | 001,004,032 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2015.12.16 20:07:36 | 000,807,424 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2015.12.16 20:07:34 | 000,198,640 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2015.12.16 20:07:34 | 000,132,080 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2015.11.04 21:24:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2015.11.04 21:24:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2015.10.30 08:24:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2015.10.30 08:24:43 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2015.10.30 08:18:39 | 000,164,224 | ---- | C] () -- C:\Windows\SysWow64\weretw.dll
[2015.10.30 08:18:36 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2015.10.30 08:18:36 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015.10.30 08:18:34 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\GamePanelExternalHook.dll
[2015.10.30 08:18:31 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\Windows.Perception.Stub.dll
[2015.10.30 08:18:31 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\dtdump.exe
[2015.10.30 08:18:29 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2015.10.30 08:18:29 | 000,293,376 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll
[2015.10.30 08:18:26 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\efsext.dll
[2015.10.30 08:18:25 | 000,002,269 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2015.10.30 08:18:23 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
[2015.10.30 08:17:40 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== ZeroAccess Check ==========
[2017.01.28 11:39:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016.07.12 23:22:21 | 006,605,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016.07.12 23:22:21 | 005,240,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.10.30 08:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015.10.30 08:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015.10.30 08:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2017.01.28 20:47:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Seznam.cz
========== Purity Check ==========
< End of report >
Re: Vir v PC
OTL Extras logfile created on: 29.01.2017 11:33:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,97% Memory free
5,33 Gb Paging File | 4,04 Gb Available in Paging File | 75,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,02 Gb Total Space | 897,90 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive I: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: DESKTOP-L5HLK2S | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 39 5C 6F 2B 45 79 D2 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D48C0EF-B5D0-46B0-8D16-F7E3C0FE2396}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1A3BDF53-D16E-4EE3-952F-D5E48E12D44A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012ECDAE-717F-4ABC-A172-B76729E689E4}" = dir=out | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{01A9A5B4-B70C-4249-87C9-35CFFA94D47B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\ucmapi.exe |
"{04A942CF-1846-4D76-B300-4EF5ED7681D9}" = dir=out | name=sway |
"{071558B1-B003-4DD8-933F-2C9FB63D768E}" = dir=in | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{07E89F14-E1FD-4BFE-9216-953586A83545}" = dir=in | name=sway |
"{1D5E85AF-55DE-433A-A905-35D7D44934FF}" = dir=out | name=microsoft solitaire collection |
"{1D8D58DA-5110-49FF-9B34-EB101ED52D58}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{1EEC8812-9B6E-4849-B0C2-0BF6B1E8F097}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\ucmapi.exe |
"{2010EB4B-7971-4A90-9301-C20E80017079}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7812.42251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{23EB5C9E-B094-40AB-8D4D-B43A29D29CBE}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{2411EF73-A018-49BE-9896-07FBE4C7CAEE}" = dir=out | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{26D9E9DA-9AA7-49C3-B3B2-603F3F61F0AC}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{2E9F127E-3252-44B1-AC72-CF23705B8022}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{31CD42BC-DB49-45E7-A36B-CA518FF04A01}" = dir=out | name=@{microsoft.getstarted_4.4.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{3B08C988-8F48-4886-A197-8A283A45056F}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3341.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{3DF4590D-DA41-4B29-9EF6-5264572D54C4}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{41813477-5EEC-4FB5-932B-627F09474E1A}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{486C75DD-5D90-4CCE-9B92-97CE4FCB54B4}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{4C0DA990-6FCF-440F-A0C4-7769879BFACA}" = dir=in | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{50F475BD-1F48-48ED-869D-4609360C74D8}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{55C4A26A-625C-43F8-9F8B-96F18457815C}" = dir=out | name=twitter |
"{55EFF95B-99C9-4837-8F2D-0D69E952529F}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{56008B1E-2B45-41E9-BD74-84B3FEA80BA7}" = dir=out | name=candy crush soda saga |
"{5851163E-C3B6-4DCF-A6F1-A9C63E413379}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{59F346D2-F3F4-4299-9CB8-483770B0F9CB}" = dir=out | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{5A379A8C-9FBD-47C8-8410-7C4048F5894C}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{5EE862DD-69CB-4C17-AB14-60245AA48B30}" = dir=out | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{66A52CFE-26D3-49A3-8C1F-B821EB514823}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{66B2544E-98CB-4670-BB47-EBBBBF0C6A02}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{6E9B603F-DE47-48DA-85D1-3588116C32B5}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{6EAF8BA4-BC85-4161-94FD-D01D9B2B709C}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{707AAD15-8441-4251-912E-A0EC2F56E540}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{70BD0A26-D4FC-4673-9AD7-8EB050A01FE9}" = dir=in | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{7A9F54DB-2705-4985-94E1-447F50D74679}" = dir=out | name=onenote |
"{8A34EA08-9237-45B8-AA0B-45E2854C8AC9}" = dir=out | name=@{microsoft.zunemusic_10.16102.10341.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{90394DB6-AB66-489A-95A8-448404CA95C2}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{91E345C8-083F-4B27-B656-91D64EBBF081}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\lync.exe |
"{945BEF35-CD11-498A-9AB8-0822ABE6C1A3}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{99A1C01F-7336-464B-B584-F84C694C4EE2}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{9BC3BDC7-3556-4CF4-B5E2-8D6FBA76D6A4}" = dir=out | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{9D85EB06-9276-4A54-836E-71E7EC443AF3}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{A95CCC55-6931-4022-AEBF-D73D02156EE6}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{AA10E478-4839-4276-ACCF-F111234C1140}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{AA88B02F-4431-4282-8DA2-46975E51CF77}" = dir=in | name=xbox |
"{AEC8E336-00D9-4B48-99B7-18851BD56699}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7812.42251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{AED30FC3-9A07-4CB6-A397-7FE33DCA6A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\lync.exe |
"{AF974D94-F304-43E7-A561-6E009E7F253F}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{B1BC9FAD-132A-4E32-BAB8-BA32E388EBDB}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{B6207F0F-5F3D-4819-B36C-82FD67935268}" = dir=in | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{BC7A8188-CE03-42D2-964E-25D76253430D}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{BDB80F96-69ED-4B47-9F1F-9C21220EC0E7}" = dir=in | name=@{microsoft.zunemusic_10.16102.10341.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{C30BB6C4-1AF9-481B-9F7F-53966DA43A08}" = dir=out | name=xbox |
"{CAF69F70-3E43-485E-885D-FCE23EFFD57B}" = dir=in | name=onenote |
"{CC0A9E4C-9FF1-4504-A947-79CFD03186A5}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{D3D0FB36-C896-434A-9708-C2BB22EA2109}" = dir=out | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{D6F707F4-D951-4988-ABFA-3659B49BA8CB}" = dir=in | name=microsoft solitaire collection |
"{DC904400-EA0B-4FE0-A06A-BAADBF5C9F75}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{DF9B6091-FD95-44BD-8B16-AD7208A63139}" = dir=in | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{E04AD130-A507-46D8-9221-43B2DA215B00}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{E5FE2A39-A610-4149-8A19-634BB732543A}" = dir=out | name=@{microsoft.people_10.1.3410.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{ECDF0906-1251-4198-8F30-7DEEECD79C13}" = dir=in | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{EDC557B8-F36C-490D-9724-8947548CD043}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{F8BCFA7C-7B20-423B-93D0-8DDA1961D57E}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{F8CE1C8E-54F1-4F04-9EF6-E209B267C887}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{F97A7317-00D0-42BB-9E80-0FC6D0E1A7B5}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.0.6.1469
"{36FAF585-3D08-3D84-8330-4D048F4B6CE6}" = AMD Fuel
"{90160000-008F-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-00DD-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component 64-bit Registration
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{D9C2E250-17A1-0D68-CB41-83232EC31C2C}" = ccc-utility64
"HitmanPro37" = HitmanPro 3.7
"O365ProPlusRetail - cs-cz" = Microsoft Office 365 ProPlus - cs-cz
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1E93452B-BA3E-7375-958C-EBC5E8672A5E}" = CCC Help Danish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2B642F70-BA82-5E78-41CE-BDFFD5C37530}" = CCC Help Swedish
"{2EA40F3D-0D93-A391-F383-6F1C708B80BF}" = CCC Help Turkish
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3310DD5A-3695-3390-6F38-2B93D862FE02}" = CCC Help German
"{3C7B5C75-FD82-BC1F-F148-89A3189EF385}" = AMD Catalyst Control Center
"{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}" = CCC Help Greek
"{5644668B-04A5-68F6-0AA9-03255877C58F}" = Catalyst Control Center Localization All
"{5DA870C0-BC5C-BE96-5045-BD429959C0D3}" = CCC Help Korean
"{5F3182EE-2532-3B96-2BBB-03B87F574E76}" = CCC Help Portuguese
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}" = CCC Help Japanese
"{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}" = CCC Help Chinese Standard
"{71971AE8-C8F3-3C62-FB89-AC41A96761AB}" = CCC Help Italian
"{7D94356D-48E0-DE1A-423C-67A363C13771}" = CCC Help English
"{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}" = CCC Help Thai
"{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}" = CCC Help Czech
"{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}" = CCC Help Spanish
"{87006B27-A5A6-9EF1-BA04-CD7284462419}" = CCC Help Norwegian
"{90160000-008C-0000-0000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-0405-0000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{947E1256-258E-60A2-7331-44D09E61CF99}" = CCC Help Russian
"{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}" = CCC Help Hungarian
"{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}" = CCC Help French
"{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}" = CCC Help Chinese Traditional
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}" = CCC Help Polish
"{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}" = CCC Help Dutch
"{D7D20EB4-BD89-05C0-05C6-33E5B762989E}" = Catalyst Control Center InstallProxy
"{F6860530-9733-0BB2-9C09-F25101076E78}" = CCC Help Finnish
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"CrystalDiskInfo_is1" = CrystalDiskInfo 7.0.5
"Google Chrome" = Google Chrome
"The KMPlayer" = KMPlayer (remove only)
"WUCCCApp" = AMD Catalyst Control Center
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"SeznamInstall" = Seznam Software
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2017 17:25:22 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 28.01.2017 17:25:22 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is 7899. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.
Error - 29.01.2017 2:18:25 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 29.01.2017 2:18:25 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is 7899. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.
Error - 29.01.2017 2:22:30 | Computer Name = DESKTOP-L5HLK2S | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro c:\program files (x86)\microsoft
office\root\office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo
zásady c:\program files (x86)\microsoft office\root\office16\UccApi.DLL na řádku
1. Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz
je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definice
je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 29.01.2017 2:33:00 | Computer Name = DESKTOP-L5HLK2S | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft
Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo
zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku
1. Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz
je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definice
je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 29.01.2017 4:47:41 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo
aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu
Microsoft-Windows-TWinUI/Operational.
Error - 29.01.2017 4:59:34 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 29.01.2017 4:59:34 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is 7899. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.
Error - 29.01.2017 6:30:36 | Computer Name = DESKTOP-L5HLK2S | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft
Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo
zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku
1. Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz
je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definice
je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.
[ System Events ]
Error - 29.01.2017 4:33:58 | Computer Name = DESKTOP-L5HLK2S | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Sync Host_28dac bylo dosaženo časového
limitu (30000 ms).
Error - 29.01.2017 4:35:27 | Computer Name = DESKTOP-L5HLK2S | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:31:15, ?29.?01.?2017) bylo neočekávané.
Error - 29.01.2017 4:43:57 | Computer Name = DESKTOP-L5HLK2S | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:39:28, ?29.?01.?2017) bylo neočekávané.
Error - 29.01.2017 4:43:59 | Computer Name = DESKTOP-L5HLK2S | Source = BugCheck | ID = 1001
Description =
Error - 29.01.2017 4:46:28 | Computer Name = DESKTOP-L5HLK2S | Source = DCOM | ID = 10010
Description =
Error - 29.01.2017 4:46:46 | Computer Name = DESKTOP-L5HLK2S | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Sync Host_32238 bylo dosaženo časového
limitu (30000 ms).
Error - 29.01.2017 4:47:41 | Computer Name = DESKTOP-L5HLK2S | Source = DCOM | ID = 10010
Description =
Error - 29.01.2017 4:47:58 | Computer Name = DESKTOP-L5HLK2S | Source = DCOM | ID = 10010
Description =
Error - 29.01.2017 4:52:35 | Computer Name = DESKTOP-L5HLK2S | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:51:03, ?29.?01.?2017) bylo neočekávané.
Error - 29.01.2017 5:37:58 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x8024200d): Feature update to Windows 10, version 1607.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,97% Memory free
5,33 Gb Paging File | 4,04 Gb Available in Paging File | 75,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,02 Gb Total Space | 897,90 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive I: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: DESKTOP-L5HLK2S | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 39 5C 6F 2B 45 79 D2 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D48C0EF-B5D0-46B0-8D16-F7E3C0FE2396}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1A3BDF53-D16E-4EE3-952F-D5E48E12D44A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012ECDAE-717F-4ABC-A172-B76729E689E4}" = dir=out | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{01A9A5B4-B70C-4249-87C9-35CFFA94D47B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\ucmapi.exe |
"{04A942CF-1846-4D76-B300-4EF5ED7681D9}" = dir=out | name=sway |
"{071558B1-B003-4DD8-933F-2C9FB63D768E}" = dir=in | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{07E89F14-E1FD-4BFE-9216-953586A83545}" = dir=in | name=sway |
"{1D5E85AF-55DE-433A-A905-35D7D44934FF}" = dir=out | name=microsoft solitaire collection |
"{1D8D58DA-5110-49FF-9B34-EB101ED52D58}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{1EEC8812-9B6E-4849-B0C2-0BF6B1E8F097}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\ucmapi.exe |
"{2010EB4B-7971-4A90-9301-C20E80017079}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7812.42251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{23EB5C9E-B094-40AB-8D4D-B43A29D29CBE}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{2411EF73-A018-49BE-9896-07FBE4C7CAEE}" = dir=out | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{26D9E9DA-9AA7-49C3-B3B2-603F3F61F0AC}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{2E9F127E-3252-44B1-AC72-CF23705B8022}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{31CD42BC-DB49-45E7-A36B-CA518FF04A01}" = dir=out | name=@{microsoft.getstarted_4.4.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{3B08C988-8F48-4886-A197-8A283A45056F}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3341.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{3DF4590D-DA41-4B29-9EF6-5264572D54C4}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{41813477-5EEC-4FB5-932B-627F09474E1A}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{486C75DD-5D90-4CCE-9B92-97CE4FCB54B4}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{4C0DA990-6FCF-440F-A0C4-7769879BFACA}" = dir=in | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{50F475BD-1F48-48ED-869D-4609360C74D8}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{55C4A26A-625C-43F8-9F8B-96F18457815C}" = dir=out | name=twitter |
"{55EFF95B-99C9-4837-8F2D-0D69E952529F}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{56008B1E-2B45-41E9-BD74-84B3FEA80BA7}" = dir=out | name=candy crush soda saga |
"{5851163E-C3B6-4DCF-A6F1-A9C63E413379}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{59F346D2-F3F4-4299-9CB8-483770B0F9CB}" = dir=out | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{5A379A8C-9FBD-47C8-8410-7C4048F5894C}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{5EE862DD-69CB-4C17-AB14-60245AA48B30}" = dir=out | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{66A52CFE-26D3-49A3-8C1F-B821EB514823}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{66B2544E-98CB-4670-BB47-EBBBBF0C6A02}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{6E9B603F-DE47-48DA-85D1-3588116C32B5}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{6EAF8BA4-BC85-4161-94FD-D01D9B2B709C}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{707AAD15-8441-4251-912E-A0EC2F56E540}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{70BD0A26-D4FC-4673-9AD7-8EB050A01FE9}" = dir=in | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{7A9F54DB-2705-4985-94E1-447F50D74679}" = dir=out | name=onenote |
"{8A34EA08-9237-45B8-AA0B-45E2854C8AC9}" = dir=out | name=@{microsoft.zunemusic_10.16102.10341.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{90394DB6-AB66-489A-95A8-448404CA95C2}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{91E345C8-083F-4B27-B656-91D64EBBF081}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\lync.exe |
"{945BEF35-CD11-498A-9AB8-0822ABE6C1A3}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{99A1C01F-7336-464B-B584-F84C694C4EE2}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{9BC3BDC7-3556-4CF4-B5E2-8D6FBA76D6A4}" = dir=out | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{9D85EB06-9276-4A54-836E-71E7EC443AF3}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{A95CCC55-6931-4022-AEBF-D73D02156EE6}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{AA10E478-4839-4276-ACCF-F111234C1140}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{AA88B02F-4431-4282-8DA2-46975E51CF77}" = dir=in | name=xbox |
"{AEC8E336-00D9-4B48-99B7-18851BD56699}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7812.42251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{AED30FC3-9A07-4CB6-A397-7FE33DCA6A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\lync.exe |
"{AF974D94-F304-43E7-A561-6E009E7F253F}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{B1BC9FAD-132A-4E32-BAB8-BA32E388EBDB}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{B6207F0F-5F3D-4819-B36C-82FD67935268}" = dir=in | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{BC7A8188-CE03-42D2-964E-25D76253430D}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{BDB80F96-69ED-4B47-9F1F-9C21220EC0E7}" = dir=in | name=@{microsoft.zunemusic_10.16102.10341.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{C30BB6C4-1AF9-481B-9F7F-53966DA43A08}" = dir=out | name=xbox |
"{CAF69F70-3E43-485E-885D-FCE23EFFD57B}" = dir=in | name=onenote |
"{CC0A9E4C-9FF1-4504-A947-79CFD03186A5}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{D3D0FB36-C896-434A-9708-C2BB22EA2109}" = dir=out | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{D6F707F4-D951-4988-ABFA-3659B49BA8CB}" = dir=in | name=microsoft solitaire collection |
"{DC904400-EA0B-4FE0-A06A-BAADBF5C9F75}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{DF9B6091-FD95-44BD-8B16-AD7208A63139}" = dir=in | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{E04AD130-A507-46D8-9221-43B2DA215B00}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{E5FE2A39-A610-4149-8A19-634BB732543A}" = dir=out | name=@{microsoft.people_10.1.3410.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{ECDF0906-1251-4198-8F30-7DEEECD79C13}" = dir=in | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{EDC557B8-F36C-490D-9724-8947548CD043}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{F8BCFA7C-7B20-423B-93D0-8DDA1961D57E}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{F8CE1C8E-54F1-4F04-9EF6-E209B267C887}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{F97A7317-00D0-42BB-9E80-0FC6D0E1A7B5}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.0.6.1469
"{36FAF585-3D08-3D84-8330-4D048F4B6CE6}" = AMD Fuel
"{90160000-008F-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-00DD-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component 64-bit Registration
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{D9C2E250-17A1-0D68-CB41-83232EC31C2C}" = ccc-utility64
"HitmanPro37" = HitmanPro 3.7
"O365ProPlusRetail - cs-cz" = Microsoft Office 365 ProPlus - cs-cz
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1E93452B-BA3E-7375-958C-EBC5E8672A5E}" = CCC Help Danish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2B642F70-BA82-5E78-41CE-BDFFD5C37530}" = CCC Help Swedish
"{2EA40F3D-0D93-A391-F383-6F1C708B80BF}" = CCC Help Turkish
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3310DD5A-3695-3390-6F38-2B93D862FE02}" = CCC Help German
"{3C7B5C75-FD82-BC1F-F148-89A3189EF385}" = AMD Catalyst Control Center
"{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}" = CCC Help Greek
"{5644668B-04A5-68F6-0AA9-03255877C58F}" = Catalyst Control Center Localization All
"{5DA870C0-BC5C-BE96-5045-BD429959C0D3}" = CCC Help Korean
"{5F3182EE-2532-3B96-2BBB-03B87F574E76}" = CCC Help Portuguese
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}" = CCC Help Japanese
"{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}" = CCC Help Chinese Standard
"{71971AE8-C8F3-3C62-FB89-AC41A96761AB}" = CCC Help Italian
"{7D94356D-48E0-DE1A-423C-67A363C13771}" = CCC Help English
"{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}" = CCC Help Thai
"{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}" = CCC Help Czech
"{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}" = CCC Help Spanish
"{87006B27-A5A6-9EF1-BA04-CD7284462419}" = CCC Help Norwegian
"{90160000-008C-0000-0000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-0405-0000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{947E1256-258E-60A2-7331-44D09E61CF99}" = CCC Help Russian
"{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}" = CCC Help Hungarian
"{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}" = CCC Help French
"{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}" = CCC Help Chinese Traditional
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}" = CCC Help Polish
"{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}" = CCC Help Dutch
"{D7D20EB4-BD89-05C0-05C6-33E5B762989E}" = Catalyst Control Center InstallProxy
"{F6860530-9733-0BB2-9C09-F25101076E78}" = CCC Help Finnish
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"CrystalDiskInfo_is1" = CrystalDiskInfo 7.0.5
"Google Chrome" = Google Chrome
"The KMPlayer" = KMPlayer (remove only)
"WUCCCApp" = AMD Catalyst Control Center
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"SeznamInstall" = Seznam Software
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2017 17:25:22 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 28.01.2017 17:25:22 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is 7899. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.
Error - 29.01.2017 2:18:25 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 29.01.2017 2:18:25 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is 7899. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.
Error - 29.01.2017 2:22:30 | Computer Name = DESKTOP-L5HLK2S | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro c:\program files (x86)\microsoft
office\root\office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo
zásady c:\program files (x86)\microsoft office\root\office16\UccApi.DLL na řádku
1. Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz
je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definice
je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 29.01.2017 2:33:00 | Computer Name = DESKTOP-L5HLK2S | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft
Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo
zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku
1. Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz
je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definice
je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 29.01.2017 4:47:41 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo
aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu
Microsoft-Windows-TWinUI/Operational.
Error - 29.01.2017 4:59:34 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 29.01.2017 4:59:34 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is 7899. The first DWORD in the
Data section contains the index value to the malformed string while the second
and third DWORDs in the Data section contain the last valid index values.
Error - 29.01.2017 6:30:36 | Computer Name = DESKTOP-L5HLK2S | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft
Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo
zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku
1. Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz
je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definice
je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.
[ System Events ]
Error - 29.01.2017 4:33:58 | Computer Name = DESKTOP-L5HLK2S | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Sync Host_28dac bylo dosaženo časového
limitu (30000 ms).
Error - 29.01.2017 4:35:27 | Computer Name = DESKTOP-L5HLK2S | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:31:15, ?29.?01.?2017) bylo neočekávané.
Error - 29.01.2017 4:43:57 | Computer Name = DESKTOP-L5HLK2S | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:39:28, ?29.?01.?2017) bylo neočekávané.
Error - 29.01.2017 4:43:59 | Computer Name = DESKTOP-L5HLK2S | Source = BugCheck | ID = 1001
Description =
Error - 29.01.2017 4:46:28 | Computer Name = DESKTOP-L5HLK2S | Source = DCOM | ID = 10010
Description =
Error - 29.01.2017 4:46:46 | Computer Name = DESKTOP-L5HLK2S | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Sync Host_32238 bylo dosaženo časového
limitu (30000 ms).
Error - 29.01.2017 4:47:41 | Computer Name = DESKTOP-L5HLK2S | Source = DCOM | ID = 10010
Description =
Error - 29.01.2017 4:47:58 | Computer Name = DESKTOP-L5HLK2S | Source = DCOM | ID = 10010
Description =
Error - 29.01.2017 4:52:35 | Computer Name = DESKTOP-L5HLK2S | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:51:03, ?29.?01.?2017) bylo neočekávané.
Error - 29.01.2017 5:37:58 | Computer Name = DESKTOP-L5HLK2S | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x8024200d): Feature update to Windows 10, version 1607.
< End of report >
Re: Vir v PC
Při tom dvouhodinovém testu v programu Memtest se mi počítač sekl a než se mi ho podařilo spustit tak byl několikrát restartován. Po druhém spuštění testu už to bylo v pohodě a program mi nenalezl žádný error.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC
000000000637 Čas na roztočení ploten
Udělej prosím CDI znova a log sem vlož.
Co je v této složce? C:\Users\Public\Desktop\Aktivator!!!
Poklepej na ikonu OTL na ploše. Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Udělej prosím CDI znova a log sem vlož.
Co je v této složce? C:\Users\Public\Desktop\Aktivator!!!
Poklepej na ikonu OTL na ploše. Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_1\
CHR - Extension: No name found = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_1\
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
:commands
[Purity]
[Emptytemp]
[Emptyjava]
[Emptyflash]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 122 hostů