OTL logfile created on: 4.10.2018 22:50:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hačís\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,18 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 69,75% Memory free
6,36 Gb Paging File | 5,12 Gb Available in Paging File | 80,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 482,19 Gb Total Space | 203,91 Gb Free Space | 42,29% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 258,24 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive F: | 156,25 Gb Total Space | 25,48 Gb Free Space | 16,31% Space Free | Partition Type: NTFS
Drive G: | 1,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: HAČÍS-PC | User Name: Hačís | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Hačís\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll ()
========== Services (SafeList) ========== SRV:
64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:
64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe ()
SRV:
64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZAMSvc) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
========== Driver Services (SafeList) ========== DRV:
64bit: - (ZAM) -- C:\Windows\SysNative\drivers\zam64.sys (Zemana Ltd.)
DRV:
64bit: - (ZAM_Guard) -- C:\Windows\SysNative\drivers\zamguard64.sys (Zemana Ltd.)
DRV:
64bit: - (nfstat) -- C:\Windows\SysNative\drivers\nfstat.sys (Riverbed Technology, Inc.)
DRV:
64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:
64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:
64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:
64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:
64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:
64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices Inc.)
DRV:
64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys ()
DRV:
64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys ()
DRV:
64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:
64bit: - (wdm_usb) -- C:\Windows\SysNative\drivers\usb2ser.sys (MBB)
DRV:
64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:
64bit: - (DroidCamVideo) -- C:\Windows\SysNative\drivers\droidcamvideo.sys (Dev47Apps)
DRV:
64bit: - (DroidCam) -- C:\Windows\SysNative\drivers\droidcam.sys (Dev47Apps)
DRV:
64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:
64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:
64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:
64bit: - (anvsnddrv) -- C:\Windows\SysNative\drivers\anvsnddrv.sys (AnvSoft Inc.)
DRV:
64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:
64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:
64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:
64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:
64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:
64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:
64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:
64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:
64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HWiNFO32) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (REALiX(tm))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11UpgradePageShownTime = C0 FA 6D B8 B7 59 D4 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 D8 B3 35 04 57 D4 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2017.11.19 20:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hačís\AppData\Roaming\Mozilla\Extensions
[2017.11.19 20:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hačís\AppData\Roaming\Mozilla\SystemExtensionsDev
[2018.09.29 20:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hačís\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974\extensions
[2018.04.20 19:55:24 | 000,006,212 | ---- | M] () (No name found) -- C:\Users\Hačís\AppData\Roaming\Mozilla\Firefox\Profiles\liomqgv9.default-1524246403824\features\{96c82469-da76-43dc-bd94-f0241424b33f}\tls13-rollout-bug1442042@mozilla.org.xpi
[2018.09.29 20:59:41 | 000,015,090 | ---- | M] () (No name found) -- C:\Users\Hačís\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974\features\{cd8171c7-3005-4fd6-876c-9445ce7c46cc}\fxmonitor@mozilla.org.xpi
[2018.09.29 20:59:41 | 000,006,835 | ---- | M] () (No name found) -- C:\Users\Hačís\AppData\Roaming\Mozilla\Firefox\Profiles\rk8u8k6q.default-1538247061974\features\{cd8171c7-3005-4fd6-876c-9445ce7c46cc}\telemetry-coverage-bug1487578@mozilla.org.xpi
========== Chrome ========== CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Hačís\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6918.723.0.0_0\
O1 HOSTS File: ([2018.10.02 23:02:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O2:
64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Hačís\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:
64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8:
64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:
64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:
64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
O9:
64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:
64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E7F98CD-F1E6-436B-854F-273C4B574F9F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB0A3BFC-3FE9-4523-83AC-91C68D0BC2E7}: DhcpNameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:
64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:
64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2018.05.17 08:46:26 | 000,000,064 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2018.10.04 22:48:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hačís\Desktop\OTL.exe
[2018.10.04 08:42:58 | 000,000,000 | ---D | C] -- C:\FRST
[2018.10.04 08:41:45 | 002,414,080 | ---- | C] (Farbar) -- C:\Users\Hačís\Desktop\FRST64.exe
[2018.10.04 08:31:56 | 000,000,000 | ---D | C] -- C:\Users\Hačís\Desktop\backups
[2018.10.03 22:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2018.10.03 22:20:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hačís\Desktop\HijackThis.exe
[2018.10.03 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\Google
[2018.10.03 08:40:07 | 000,000,000 | ---D | C] -- C:\Users\Hačís\Documents\AVS4YOU
[2018.10.02 23:04:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2018.10.02 21:49:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2018.10.02 21:49:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2018.10.02 21:31:33 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\zam64.sys
[2018.10.02 21:31:32 | 000,203,680 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\zamguard64.sys
[2018.10.02 21:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2018.10.02 21:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zemana AntiMalware
[2018.10.02 21:31:09 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Local\Zemana
[2018.10.02 21:21:57 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2018.10.02 21:21:57 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Local\Temp
[2018.10.02 20:58:07 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2018.10.02 20:31:53 | 006,625,600 | ---- | C] (Zemana Ltd. ) -- C:\Users\Hačís\Desktop\Zemana.AntiMalware.Setup.exe
[2018.10.02 19:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2018.10.02 18:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2018.10.02 18:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2018.10.01 22:46:42 | 001,790,024 | ---- | C] (Malwarebytes) -- C:\Users\Hačís\Desktop\JRT.exe
[2018.10.01 22:45:11 | 027,157,048 | ---- | C] (Adlice Software) -- C:\Users\Hačís\Desktop\RogueKiller_portable64.exe
[2018.09.30 18:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2018.09.30 17:45:24 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\hh3jieg1ucx
[2018.09.30 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\3ce2ya4p240
[2018.09.30 17:30:12 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\eygcxagbo4f
[2018.09.30 17:29:45 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\00b4hxfzx5c
[2018.09.30 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\lmrrdroejzg
[2018.09.30 14:16:36 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\r3qw1xbhgw3
[2018.09.30 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\130b0b4ocqy
[2018.09.30 13:56:58 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\omaefet3eym
[2018.09.30 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\gormp5x0evs
[2018.09.30 13:27:02 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\ovx0qblivpw
[2018.09.30 13:16:05 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\dga0u5kmu5w
[2018.09.30 13:11:34 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\aqmh13j20s2
[2018.09.30 13:06:55 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\x2imgkjw3lb
[2018.09.30 12:55:58 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\ygrox4kmpqc
[2018.09.30 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\yzqlbva1lix
[2018.09.30 12:26:15 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\3f4xgawjpai
[2018.09.30 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\zpzdktybg4e
[2018.09.30 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\4bhmymhmz3n
[2018.09.30 11:56:43 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\nv4qwnmitzm
[2018.09.30 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\1ueerqmk4fw
[2018.09.30 11:41:10 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\0sx4xb2wkgg
[2018.09.30 11:19:28 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\uqklxuq3bpp
[2018.09.30 11:19:21 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\wbneen3cakm
[2018.09.30 11:19:21 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\3eq5fibggzp
[2018.09.30 11:19:20 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\mpnvprj33jn
[2018.09.30 11:14:51 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\y2cdg30o154
[2018.09.30 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\xdbjew0ebnw
[2018.09.30 11:14:47 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\qfbolhfixhe
[2018.09.30 11:11:23 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\kqtn35nyksr
[2018.09.30 11:09:04 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\vlrxvmgpbfm
[2018.09.30 11:09:03 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\2hlvkweizah
[2018.09.30 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\ia1jho0rtou
[2018.09.30 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\g2jgy3jy0cs
[2018.09.30 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\daxshilvflw
[2018.09.30 11:07:04 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\iwyddph33j3
[2018.09.30 10:56:22 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\othmmklaufh
[2018.09.30 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\szq0myifpwv
[2018.09.30 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\slnv3c1pg4i
[2018.09.30 10:56:01 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\4up0t3gnrhx
[2018.09.30 10:55:40 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\xnikdioprop
[2018.09.30 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Local\mbam
[2018.09.30 10:16:30 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Local\mbamtray
[2018.09.30 10:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2018.09.30 10:15:52 | 000,152,688 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbae64.sys
[2018.09.30 10:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2018.09.30 10:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2018.09.29 21:03:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2018.09.29 21:00:55 | 007,567,568 | ---- | C] (Malwarebytes) -- C:\Users\Hačís\Desktop\AdwCleaner.exe
[2018.09.29 21:00:03 | 080,408,496 | ---- | C] (Malwarebytes ) -- C:\Users\Hačís\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7063.exe
[2018.09.29 20:59:51 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Hačís\Desktop\TFC.exe
[2018.09.29 20:59:32 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Hačís\Desktop\ATF-Cleaner.exe
[2018.09.29 17:40:55 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\pqjhlyaij4p
[2018.09.29 17:40:55 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\aiqxdp2j2ye
[2018.09.29 17:40:55 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\04dd3opwinq
[2018.09.29 17:40:54 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\g2hgrrek4tl
[2018.09.29 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\chdk4rn0p2g
[2018.09.29 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\ccxld2btr4f
[2018.09.29 17:34:09 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\1rmxxtuxnj4
[2018.09.29 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\la2vlm5mouk
[2018.09.29 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\qubn023ut11
[2018.09.29 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\k4e0qdqdsxf
[2018.09.29 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\egkvyuirmvt
[2018.09.29 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\byoccsr5awv
[2018.09.29 17:29:48 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\0gxeyae45l1
[2018.09.29 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\xibjq0rh1na
[2018.09.29 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\vw51xgv3143
[2018.09.29 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\ch4vifxsxp0
[2018.09.29 17:26:39 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\rfey3c0k32z
[2018.09.29 17:26:39 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\etjzn1nrftw
[2018.09.29 17:23:23 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\0syghxusskg
[2018.09.29 17:23:22 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\vlh3hsob5q0
[2018.09.29 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\tfnjc2nuxqe
[2018.09.29 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\tiod5uanl5r
[2018.09.29 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\14a5ops3r2f
[2018.09.29 17:12:14 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\lijia2u2as3
[2018.09.29 17:11:15 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\wuyfuwi44yu
[2018.09.29 17:11:15 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\osrhd1xyczz
[2018.09.29 17:04:54 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\smstnl4t1xt
[2018.09.29 17:04:50 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\okoapnjjegc
[2018.09.29 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\np5iak5homj
[2018.09.29 16:57:17 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\rar3a24r3eo
[2018.09.29 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\lprqgv2eica
[2018.09.29 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\gnnzspdulls
[2018.09.29 16:50:47 | 000,000,000 | ---D | C] -- C:\Users\Hačís\Documents\MAGIX_MusicEditor
[2018.09.29 16:50:44 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Local\Xara
[2018.09.29 16:50:41 | 000,000,000 | ---D | C] -- C:\Users\Hačís\Documents\MAGIX downloads
[2018.09.29 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\MAGIX
[2018.09.29 16:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2018.09.29 16:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2018.09.29 16:46:22 | 000,000,000 | R--D | C] -- C:\Users\Hačís\Documents\MAGIX
[2018.09.29 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2018.09.29 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2018.09.29 16:41:49 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\ldflgbpnfdu
[2018.09.29 16:41:48 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\zywez53rmgy
[2018.09.29 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\22mxecvpjl5
[2018.09.29 16:40:26 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\f1a11uuevi4
[2018.09.29 16:40:20 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\4eqkwtq5byl
[2018.09.29 16:40:12 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\aqdu3wnpf4z
[2018.09.29 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\wow3hira2wg
[2018.09.29 16:39:41 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\wj2bqs25opr
[2018.09.29 16:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full
[2018.09.29 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2018.09.29 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2018.09.29 16:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2018.09.29 16:24:56 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\AVS4YOU
[2018.09.29 16:23:45 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2018.09.29 16:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2018.09.29 16:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2018.09.29 16:22:17 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2018.09.29 16:22:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2018.09.29 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2018.09.29 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2018.09.29 16:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2018.09.29 16:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2018.09.29 09:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ecru
[2018.09.29 09:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRO100
[2018.09.29 09:35:12 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\Ecru
[2018.09.20 09:16:20 | 000,134,760 | ---- | C] (Riverbed Technology, Inc.) -- C:\Windows\SysNative\drivers\nfstat.sys
[2018.09.19 10:09:06 | 000,000,000 | ---D | C] -- C:\Users\Hačís\Documents\Vlastní šablony Office
[2018.09.14 15:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SP Driver
[2018.09.14 15:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\MediaTek
[2018.09.14 15:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2018.09.14 15:32:04 | 000,000,000 | ---D | C] -- C:\Users\Hačís\AppData\Roaming\AdbDriverInstaller
[2018.09.13 19:54:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Steam
[2018.09.13 14:22:09 | 002,860,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2018.09.13 14:22:08 | 001,602,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2018.09.13 14:22:08 | 000,783,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2018.09.13 14:22:08 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2018.09.13 14:22:08 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2018.09.13 14:22:08 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2018.09.13 14:22:08 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2018.09.13 14:22:08 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2018.09.13 14:22:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2018.09.13 14:22:08 | 000,140,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2018.09.13 14:20:29 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2018.09.13 14:20:29 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2018.09.13 14:20:29 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2018.09.13 14:20:29 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2018.09.13 14:20:29 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2018.09.13 14:20:29 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2018.09.13 14:20:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2018.09.13 14:20:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2018.09.13 14:20:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2018.09.13 14:20:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2018.09.13 14:20:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2018.09.13 14:20:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2018.09.13 14:20:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2018.09.13 14:20:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll