Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 20:39

2019-05-11 11:26 - 2017-05-08 21:52 - 000034064 ____N (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2019-05-11 11:25 - 2019-05-31 19:53 - 000003094 _____ C:\WINDOWS\System32\Tasks\AMDLinkUpdate
2019-05-11 11:25 - 2019-05-30 23:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-05-11 11:25 - 2019-05-30 23:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-11 11:25 - 2019-05-11 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2019-05-11 11:25 - 2019-05-11 11:25 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2019-05-11 11:25 - 2019-05-11 11:25 - 000007623 _____ C:\WINDOWS\diagerr.xml
2019-05-11 11:25 - 2019-05-11 11:25 - 000003226 _____ C:\WINDOWS\System32\Tasks\ModifyLinkUpdate
2019-05-11 11:25 - 2019-05-11 11:25 - 000003146 _____ C:\WINDOWS\System32\Tasks\StartCN
2019-05-11 11:25 - 2019-05-11 11:25 - 000003060 _____ C:\WINDOWS\System32\Tasks\StartDVR
2019-05-11 11:25 - 2019-05-11 11:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2019-05-11 11:25 - 2019-05-11 11:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-11 11:24 - 2019-05-11 11:24 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-05-11 11:24 - 2019-05-11 11:24 - 000000000 ____D C:\ProgramData\USOShared
2019-05-11 11:24 - 2019-03-12 08:29 - 002865152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-05-11 11:23 - 2019-05-30 23:31 - 001885048 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-11 11:23 - 2019-05-30 19:10 - 000000000 ____D C:\Users\Zaky
2019-05-11 11:23 - 2019-05-17 10:26 - 000002358 _____ C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Šablony
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Soubory cookie
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Poslední
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Okolní tiskárny
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Okolní síť
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Nabídka Start
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Dokumenty
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Documents\Obrázky
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Documents\Hudba
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Documents\Filmy
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Data aplikací
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\AppData\Local\Data aplikací
2019-05-11 11:22 - 2019-05-11 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-05-11 11:22 - 2019-05-11 11:22 - 000000000 ____D C:\Program Files (x86)\AMD
2019-05-11 11:21 - 2019-05-31 08:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-11 11:21 - 2019-05-17 18:27 - 000258088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-11 11:13 - 2018-09-15 09:28 - 000000001 ___SH C:\BOOTNXT
2019-05-11 11:01 - 2019-05-18 09:36 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-11 10:54 - 2019-05-11 11:01 - 000000000 ____D C:\ESD
2019-05-11 10:53 - 2019-05-11 10:53 - 000000000 ___HD C:\$Windows.~WS
2019-05-10 14:17 - 2019-05-27 15:36 - 000000088 _____ C:\Users\Zaky\Desktop\songy.txt
2019-05-01 10:40 - 2019-05-11 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2019-05-01 10:39 - 2019-05-01 10:39 - 000000000 ____D C:\Users\Zaky\AppData\LocalLow\AMD
2019-05-01 10:28 - 2019-05-01 10:37 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2019-05-01 10:28 - 2019-05-01 10:28 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\ATI
2019-05-01 10:28 - 2019-05-01 10:28 - 000000000 ____D C:\Users\Zaky\AppData\Local\ATI
2019-05-01 10:28 - 2019-05-01 10:28 - 000000000 ____D C:\ProgramData\ATI

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-31 20:18 - 2019-04-18 12:35 - 000326692 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2019-05-31 20:07 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-31 19:53 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-30 23:39 - 2018-09-15 09:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-05-30 23:31 - 2018-09-15 19:32 - 000779814 _____ C:\WINDOWS\system32\perfh005.dat
2019-05-30 23:31 - 2018-09-15 19:32 - 000177702 _____ C:\WINDOWS\system32\perfc005.dat
2019-05-30 23:31 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-30 23:26 - 2019-04-19 19:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-05-30 23:26 - 2019-03-21 19:42 - 000338720 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2019-05-30 23:26 - 2018-09-15 08:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-05-30 21:48 - 2019-03-20 19:27 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-30 21:12 - 2010-11-21 05:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-05-30 19:37 - 2019-03-27 14:27 - 000003988 _____ C:\Users\Zaky\Desktop\oktavka.txt
2019-05-30 19:25 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-30 19:25 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-30 19:15 - 2019-04-19 19:53 - 000000000 ____D C:\Users\Zaky\AppData\Local\AMD
2019-05-30 19:03 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-29 09:49 - 2019-04-17 14:50 - 000000183 _____ C:\Users\Zaky\Desktop\ukoly.txt
2019-05-17 13:03 - 2018-09-15 09:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-17 13:03 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-17 11:29 - 2018-12-21 15:45 - 000408530 __RSH C:\bootmgr
2019-05-15 11:27 - 2018-12-24 13:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-15 11:26 - 2018-12-24 13:01 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 19:33 - 2018-12-21 20:00 - 000030528 _____ C:\WINDOWS\GVTDrv64.sys
2019-05-12 19:27 - 2018-12-21 21:53 - 000025640 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\etdrv.sys
2019-05-12 19:26 - 2018-12-21 19:59 - 000025640 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2019-05-12 18:21 - 2018-12-21 19:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-12 11:49 - 2019-03-05 09:18 - 000001348 _____ C:\Users\Zaky\Desktop\ruka off.txt
2019-05-11 21:14 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\servicing
2019-05-11 13:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-05-11 13:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-05-11 12:21 - 2019-03-21 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-05-11 12:21 - 2019-03-20 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-11 12:21 - 2019-03-06 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-11 12:21 - 2018-12-24 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-11 12:21 - 2018-12-22 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2019-05-11 12:21 - 2018-12-21 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2019-05-11 12:21 - 2018-12-21 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2019-05-11 12:21 - 2018-12-21 19:50 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-05-11 12:21 - 2018-12-21 19:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2019-05-11 12:21 - 2018-12-21 19:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-05-11 12:21 - 2018-12-21 19:46 - 000000000 ____D C:\Program Files (x86)\Intel
2019-05-11 12:21 - 2018-09-15 09:36 - 000000000 ____D C:\WINDOWS\Setup
2019-05-11 12:21 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-05-11 12:21 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-11 12:21 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-11 12:21 - 2018-09-15 09:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-05-11 12:21 - 2009-07-14 05:20 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-05-11 12:19 - 2019-04-19 19:07 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-05-11 12:19 - 2018-12-23 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-05-11 12:19 - 2018-12-21 19:50 - 000000000 ____D C:\Program Files\Realtek
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\IME
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\schemas
2019-05-11 12:19 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Microsoft Games
2019-05-11 12:19 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\DVD Maker
2019-05-11 12:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-11 12:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-05-11 12:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-11 12:18 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-05-11 12:15 - 2019-03-12 08:30 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-05-11 12:15 - 2018-09-15 09:41 - 000605696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2019-05-11 12:15 - 2018-09-15 09:40 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2019-05-11 12:15 - 2018-09-15 09:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 001401856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2019-05-11 12:15 - 2018-09-15 09:38 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2019-05-11 12:15 - 2018-09-15 09:38 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2019-05-11 12:15 - 2018-09-15 09:38 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2019-05-11 12:15 - 2018-09-15 09:38 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2019-05-11 12:15 - 2018-09-15 09:37 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-05-11 11:43 - 2018-09-15 19:33 - 000000000 ____D C:\WINDOWS\OCR
2019-05-11 11:30 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-05-11 11:27 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-11 11:27 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\spool
2019-05-11 11:25 - 2018-09-15 09:33 - 000000000 __RHD C:\Users\Public\Libraries
2019-05-11 11:25 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\windows nt
2019-05-11 11:25 - 2018-09-15 08:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-11 11:24 - 2018-12-24 22:28 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-11 11:24 - 2018-12-22 12:33 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2019-05-11 11:24 - 2018-12-22 11:36 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-05-11 11:24 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-05-11 11:23 - 2018-12-21 19:46 - 001796386 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-05-11 11:22 - 2019-04-19 19:43 - 000000000 ____D C:\AMD
2019-05-11 11:22 - 2019-04-18 21:42 - 000000000 ____D C:\Program Files\AMD
2019-05-11 11:22 - 2018-12-21 19:50 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-05-11 11:22 - 2018-09-15 09:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-05-11 11:22 - 2018-09-15 09:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-05-11 11:13 - 2018-12-21 15:45 - 000008192 __RSH C:\BOOTSECT.BAK
2019-05-11 11:13 - 2009-07-14 06:45 - 000022064 _____ C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-11 11:13 - 2009-07-14 06:45 - 000022064 _____ C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-06 20:49 - 2018-12-21 22:37 - 000000000 ___RD C:\Users\Zaky\Hry
2019-05-06 20:43 - 2019-04-29 17:54 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-05-05 07:14 - 2019-03-20 18:55 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-02 19:12 - 2019-03-21 19:42 - 000002122 _____ C:\Users\Public\Desktop\COMODO Internet Security Premium.lnk
2019-05-01 10:44 - 2019-04-18 21:44 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-05-01 10:43 - 2019-04-19 20:08 - 000000000 ____D C:\ProgramData\Adobe
2019-05-01 10:41 - 2018-12-21 19:47 - 000058888 _____ C:\Users\Zaky\AppData\Local\GDIPFONTCACHEV1.DAT
2019-05-01 10:38 - 2019-04-19 19:49 - 000000000 ____D C:\Program Files (x86)\VulkanRT

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Reklama
zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 20:39

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05.2019
Ran by Zaky (31-05-2019 20:32:50)
Running from C:\Users\Zaky\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-05-11 09:26:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-54008278-3310906152-1594598205-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-54008278-3310906152-1594598205-503 - Limited - Disabled)
Guest (S-1-5-21-54008278-3310906152-1594598205-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-54008278-3310906152-1594598205-504 - Limited - Disabled)
Zaky (S-1-5-21-54008278-3310906152-1594598205-1000 - Administrator - Enabled) => C:\Users\Zaky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {255FE707-DEDA-33CA-1986-80AAD408CE05}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {A60587C6-B28F-3D1C-0869-12ED515CC3C3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.4.3 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\{5CD8F386-6796-4500-9FD8-CF92C9276B62}) (Version: 12.0.0.6818 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 12.0.0.6818 - COMODO Security Solutions Inc.)
CPUID HWMonitor 1.38 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.38 - CPUID, Inc.)
Easy Tune 6 B12.0912.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B12.0912.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype verze 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\Wargaming.net Game Center) (Version: 19.1.1.4317 - Wargaming.net)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
Zemana AntiMalware verze 3.1.210 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.210 - Zemana)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-04-24 21:17 - 2017-04-24 21:17 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-24 21:17 - 2017-04-24 21:17 - 000005120 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamcsy.dll
2018-12-21 19:50 - 2012-05-20 18:24 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-05-31 20:09 - 000000813 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-54008278-3310906152-1594598205-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{E9514FDF-0B37-4D65-98A9-E7DD63625A89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{2D99D0C5-8141-4C15-A167-6EA81B82AA68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DB38700D-6494-4B35-96C9-E861DB63FB6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1732671-8359-4A63-9A56-205518D5657A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D7D3F0BB-D88B-429A-BD3E-30944FF48223}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{9EBA3B2A-C4D7-410C-AD8C-C7E01B9A56AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3477B47-D09F-472B-98F7-439621C09015}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12EF1D54-385E-4646-A64C-2B6E859B5ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{7BEBF065-56A0-4B4D-B583-DD0189DFF624}C:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{F2851229-C2E9-443D-9220-5299F93FDF3C}C:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{2EF41124-45AD-49B9-85FC-AD2B6A82430D}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{3DEBEEC7-EF9C-47B8-B96A-6BE8E10B51FF}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)

==================== Restore Points =========================

15-05-2019 11:25:14 Windows Update
24-05-2019 08:57:00 Naplánovaný kontrolní bod
30-05-2019 08:02:34 Instalační služba modulů systému Windows
30-05-2019 21:12:42 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Description: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet – adaptér (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2019 11:10:40 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:09:35 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:09:30 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:08:53 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:07:02 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:06:51 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:06:34 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:06:26 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:


System errors:
=============
Error: (05/31/2019 08:21:54 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 08:10:39 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 07:55:51 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 12:45:38 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 12:44:29 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 12:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 11:35:02 AM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 10:04:05 AM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================

Date: 2019-05-31 20:27:50.506
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 20:27:04.381
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 20:27:04.332
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 20:07:40.205
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 19:54:11.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 19:53:48.401
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 19:53:41.368
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 12:54:27.118
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F7 08/20/2012
Motherboard: Gigabyte Technology Co., Ltd. B75-D3V
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16328.12 MB
Available physical RAM: 12691.14 MB
Total Virtual: 32712.12 MB
Available Virtual: 27475.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.26 GB) (Free:268.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{0bdd12b8-0000-0000-0000-b05074000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0BDD12B8)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=510 MB) - (Type=27)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 31 kvě 2019 21:16

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
SearchScopes: HKU\S-1-5-21-54008278-3310906152-1594598205-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{E9514FDF-0B37-4D65-98A9-E7DD63625A89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{2D99D0C5-8141-4C15-A167-6EA81B82AA68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DB38700D-6494-4B35-96C9-E861DB63FB6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1732671-8359-4A63-9A56-205518D5657A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D7D3F0BB-D88B-429A-BD3E-30944FF48223}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Keylogger tam nemáš..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 21:44

UFF tak to se mi ulevilo, a nějaky jiny vir tam byl ? zatím moc díky za pomoc, jelikož mi pomáháte už podruhé, pošlu nějakou káču na podporu fora.PC mi nešel restartovat standartně v nabídce start, tak jsem ho restartoval tlačítkem na kejse, snad neva.Je možné že se mi smazalo několik GB dat na disku ? včera zabráno 196GB dnes 181 ale nevypadá, že by něco chybělo LOG:

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-05.2019
Ran by Zaky (31-05-2019 21:39:08) Run:1
Running from C:\Users\Zaky\Desktop
Loaded Profiles: Zaky (Available Profiles: Zaky)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
SearchScopes: HKU\S-1-5-21-54008278-3310906152-1594598205-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{E9514FDF-0B37-4D65-98A9-E7DD63625A89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{2D99D0C5-8141-4C15-A167-6EA81B82AA68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DB38700D-6494-4B35-96C9-E861DB63FB6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1732671-8359-4A63-9A56-205518D5657A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D7D3F0BB-D88B-429A-BD3E-30944FF48223}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\Software\Classes\CLSID\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => not found
HKU\S-1-5-21-54008278-3310906152-1594598205-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9514FDF-0B37-4D65-98A9-E7DD63625A89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D99D0C5-8141-4C15-A167-6EA81B82AA68}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB38700D-6494-4B35-96C9-E861DB63FB6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1732671-8359-4A63-9A56-205518D5657A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7D3F0BB-D88B-429A-BD3E-30944FF48223}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 288873829 B
Java, Flash, Steam htmlcache => 78819546 B
Windows/system/drivers => 30324 B
Edge => 0 B
Chrome => 439761340 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3582 B
LocalService => 0 B
NetworkService => 2884 B
NetworkService => 0 B
Zaky => 3057759 B

RecycleBin => 139398 B
EmptyTemp: => 780.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:39:33 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 31 kvě 2019 22:28

Těžko určit , myslíš , za celé čištění ?

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

heslo mohli zkoušet prostě na těch stránkách a v pc nic není..

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

díky za příspěvek!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 22:39

Ano za celou dobu co to spolu tady čistíme. na ploše mi zbyl ještě Sophos a ATF cleaner, ty můžu manualně odstranit ? A byl v pc teda nějaky vir, nebo to bylo čisty? Můžu se bez obav přihlásit na internet. banking atd ?

# DelFix v1.013 - Logfile created 31/05/2019 at 22:33:42
# Updated 17/04/2016 by Xplode
# Username : Zaky - ZAKY-PC
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Zaky\Desktop\Addition.txt
Deleted : C:\Users\Zaky\Desktop\AdwCleaner.exe
Deleted : C:\Users\Zaky\Desktop\Fixlog.txt
Deleted : C:\Users\Zaky\Desktop\FRST.txt
Deleted : C:\Users\Zaky\Desktop\FRST64.exe
Deleted : C:\Users\Zaky\Desktop\JRT.exe
Deleted : C:\Users\Zaky\Desktop\JRT.txt
Deleted : C:\Users\Zaky\Desktop\HijackThis.exe
Deleted : C:\Users\Zaky\Desktop\hijackthis.log
Deleted : C:\Users\Zaky\Desktop\hjt.png
Deleted : C:\Users\Zaky\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Zaky\Desktop\TFC.exe
Deleted : C:\Users\Zaky\Downloads\AdwCleaner.exe
Deleted : C:\Users\Zaky\Downloads\FRST64.exe
Deleted : C:\Users\Zaky\Downloads\HijackThis.exe
Deleted : C:\Users\Zaky\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #2 [Windows Update | 05/15/2019 09:25:14]
Deleted : RP #3 [Naplánovaný kontrolní bod | 05/24/2019 06:57:00]
Deleted : RP #4 [Instalační služba modulů systému Windows | 05/30/2019 06:02:34]
Deleted : RP #5 [JRT Pre-Junkware Removal | 05/30/2019 19:12:42]

New restore point created !

########## - EOF - ##########

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 11:55

https://imgur.com/a/q2p6RhD

https://imgur.com/a/krdISSI

já si nemůžu pomoct, prostě s tím pc něco je, at se přihlašuju na instagram, at se přihlašuju sem na web, vždy nějakej problém
ubylo dalších 6GB dat na disku-aktualně 175GB

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 01 čer 2019 19:00

Tak ještě tohle a pak resetujeme hosts:

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 19:34

OTL Extras logfile created on: 1.6.2019 19:21:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaky\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17763.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

15,95 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,05% Memory free
16,95 Gb Paging File | 13,06 Gb Available in Paging File | 77,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,26 Gb Total Space | 289,88 Gb Free Space | 62,31% Space Free | Partition Type: NTFS

Computer Name: ZAKY-PC | User Name: Zaky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]
"DisableAvCheck" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 7B CA F1 88 DB 07 D5 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]
"DisableAvCheck" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12EF1D54-385E-4646-A64C-2B6E859B5ED1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05541849-6547-4B81-9A75-F2DB23D5B045}" = dir=in | name=@{microsoft.windows.cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{0E9C7BA6-9702-413E-B3FA-E04CA398DB13}" = dir=out | name=@{microsoft.windows.cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{0F203AAD-4EA0-4CFA-9387-1AA07E4974E1}" = dir=in | name=skype |
"{10EC48B3-DC9E-4597-BECC-9EA8E93E09A3}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} |
"{123D6570-6DAA-42CF-95C6-90F7921123D4}" = dir=out | name=@{microsoft.windows.photos_2019.19031.17720.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{1994DCA4-17BD-4136-9BD6-BA7F2A23D646}" = dir=in | name=@{microsoft.zunevideo_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{1A1D482C-9D92-4DC9-9597-9C0905F1CFFD}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{1CCE7E47-A154-41E9-8465-D6C43391FFC0}" = dir=out | name=skype |
"{20487A2E-84D5-4291-B5EB-CD7F0A82649E}" = dir=out | name=@{microsoft.xboxidentityprovider_12.53.10001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{20A44181-1902-4A98-8470-50DD339ABB59}" = dir=out | name=@{microsoft.desktopappinstaller_1.0.31351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{28AFADC4-ABED-4EED-8A98-1BCA1C157467}" = dir=out | name=@{microsoft.zunevideo_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2FCBCF89-7F8E-46DB-9B1E-D8457B7221F1}" = dir=in | name=@{microsoft.oneconnect_5.1905.1232.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} |
"{34D8E871-D766-4B0B-B6C8-6A624150136A}" = dir=out | name=xbox tcui |
"{35873236-EBB5-47F8-8C14-9F0BF24DD922}" = dir=out | name=@{microsoft.windowsstore_11904.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{35C3FBA8-D221-47D8-9D38-E1AC41BA264B}" = dir=out | name=@{microsoft.windowscalculator_10.1904.31.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} |
"{38558C78-E653-486C-9A3E-303D6F91E5BD}" = dir=out | name=@{microsoft.gethelp_10.1706.20381.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} |
"{3E25F46B-FD1F-4094-B944-469453AE8969}" = dir=out | name=windows_ie_ac_001 |
"{3F45938E-05B7-4EE1-8086-F4F293EEF981}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.17763.1_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} |
"{3F4C606D-1978-4AC8-B069-7E8E5FC4CEC9}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{4381012C-6DA4-45D5-924C-173D3BCD87B9}" = dir=out | name=@{microsoft.mixedreality.portal_2000.19011.1132.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} |
"{43A3D73C-A69A-4C89-896F-33B122D7D7E5}" = dir=in | name=print 3d |
"{44B57CE4-AB3F-4E2B-9FEE-9E8196BD807A}" = dir=out | name=microsoft pay |
"{4A57EA7F-3FC3-4169-ABE9-AEBF5EAB1D45}" = dir=out | name=office |
"{4B90BCCD-280C-4A2D-90F2-D686058A2720}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{530D930E-8AFD-455A-8D3B-662030E55EF8}" = dir=out | name=@{microsoft.lockapp_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{56795793-D95B-4B7B-8F29-2D7EFB8BC2BA}" = dir=out | name=@{microsoft.accountscontrol_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{653C2A71-3A30-43B7-A5FD-E41291790CEB}" = dir=out | name=@{microsoft.getstarted_7.3.20251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{694CD24A-085D-460D-8038-5F33777C6E5C}" = dir=in | name=@{microsoft.desktopappinstaller_1.0.31351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{724B7AED-598D-455A-85DD-D5BF4A82DA8D}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{7D054B4D-30C5-4272-82FB-5874B16A1AAD}" = dir=out | name=@{microsoft.storepurchaseapp_11811.1001.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} |
"{7EAF42E0-DE6E-4C88-AE56-8F67B4B463C8}" = dir=out | name=@{microsoft.windowsmaps_5.1902.843.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{807D27CC-E90B-4BC8-A966-CBBE3AF4E5E5}" = dir=out | name=@{microsoft.bingweather_4.28.10351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{812E4F9F-1741-49DB-A981-2C1BA4DF6169}" = dir=in | name=xbox |
"{82ADB65B-315E-403A-8658-6D584324D583}" = dir=out | name=@{microsoft.windowscamera_2019.425.30.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} |
"{8B382AED-8E29-4446-B4DC-40AF0935D901}" = dir=in | name=@{microsoft.yourphone_1.19051.545.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} |
"{8E19CFC2-369A-4AA4-8E3A-00C2C7A84E60}" = dir=out | name=@{microsoft.xboxgamingoverlay_3.29.22003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxgamingoverlay/resources/gamebar} |
"{8E938006-7810-4F80-9C54-676AA6B2C85F}" = dir=out | name=xbox |
"{94D93C1D-71C0-49E1-A442-F336FDF7A2B7}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{95F9A138-F886-4667-9FA9-82BCDA66E191}" = dir=out | name=@{microsoft.people_10.1902.633.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{96256869-DFF1-44B3-9613-B2D083388E90}" = dir=in | name=@{microsoft.win32webviewhost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} |
"{9999D391-FEB0-401B-A7FB-CE8DE1407742}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{9C891251-2108-463C-92F5-199869227B26}" = dir=in | name=@{microsoft.windows.photos_2019.19031.17720.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{9D7E210D-D7D8-453E-B5B2-1815E997CDBB}" = dir=in | name=@{microsoft.zunemusic_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{9EBA3B2A-C4D7-410C-AD8C-C7E01B9A56AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft\skype for desktop\skype.exe |
"{A31FB973-603E-4FC5-BECA-045E6CA0091E}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{A84BDD22-6D45-4514-A805-765FD8A4A009}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} |
"{A91434B5-652F-4CB6-B4A2-52815A1E713D}" = dir=in | name=microsoft sticky notes |
"{B0E216B2-B482-4875-BE9D-F8C0D854EA9E}" = dir=out | name=@{microsoft.messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{B1C000AE-CBE4-4A03-AB07-825008FDB4E3}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} |
"{B5656110-D353-45CD-8FC0-B3CEA6DFB336}" = dir=out | name=@{microsoft.oneconnect_5.1905.1232.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} |
"{B6BD7E24-2A48-4D2F-9E36-721FFFA4BC82}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B8516766-FEE2-44C0-B58B-6B1F2D727377}" = dir=out | name=@{microsoft.ppiprojection_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{B8880B90-9417-4AD5-A5E5-2E981D820FD3}" = dir=in | name=@{microsoft.xboxgamingoverlay_3.29.22003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxgamingoverlay/resources/gamebar} |
"{B941E5B0-8279-476A-B0AB-9163A84027B0}" = dir=in | name=@{microsoft.messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{B9529EBB-509C-4372-A92F-78B79842BB74}" = dir=out | name=onenote |
"{BD8F9A64-B967-4E4F-AD5F-8D76C296FAF9}" = dir=out | name=@{microsoft.mspaint_5.1904.8017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} |
"{C0F8AD3E-FE2B-4180-938B-30682C986E4E}" = dir=out | name=@{microsoft.win32webviewhost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} |
"{C405A942-3A82-41FA-AD03-0E2CF65489DB}" = dir=out | name=microsoft sticky notes |
"{C70EFC31-6943-4FAC-A4FD-D67C5F5EA002}" = dir=out | name=xbox game bar plugin |
"{CA3694FD-E507-4C03-BB70-A041B8306BCC}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{D04B6E8B-B214-4BF3-AD1B-C2FCBF95FE41}" = dir=out | name=@{microsoft.microsoftedge_44.17763.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{D3477B47-D09F-472B-98F7-439621C09015}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft\skype for desktop\skype.exe |
"{DA2B8FBC-DEB9-4C4B-9CAE-C2E7869565D8}" = dir=out | name=@{microsoft.yourphone_1.19051.545.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} |
"{E4851126-076E-4E2A-B5BA-153D6CF94981}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{E8256073-C8D4-4ECF-8FB6-A23C15D1DED3}" = dir=in | name=@{microsoft.microsoftedge_44.17763.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{E9765669-B010-4A61-8CC4-B8993C7842AC}" = dir=in | name=@{microsoft.windowsstore_11904.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{ED562B63-19E2-4544-947B-BCE21A4180D4}" = dir=out | name=@{microsoft.microsoft3dviewer_6.1903.4012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} |
"{EE0E7B5E-D6DF-4F87-BCF2-5BD7DAA35040}" = dir=out | name=shell input application |
"{F027077D-E1B4-4995-BDFE-96CA771DC437}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{F1F8D1BA-3BE4-43DF-87E9-0D9364B7BBCA}" = dir=out | name=@{microsoft.zunemusic_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F464388B-9798-4BED-A248-5D75EA9BEF4C}" = dir=in | name=@{microsoft.ppiprojection_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{F947108C-40DB-4F4B-9E60-21E77F1B2F71}" = dir=out | name=print 3d |
"{FC679307-FCD5-48A1-B2A4-9416664F6B87}" = dir=in | name=onenote |
"TCP Query User{3DEBEEC7-EF9C-47B8-B96A-6BE8E10B51FF}C:\programdata\wargaming.net\gamecenter\wgc.exe" = protocol=6 | dir=in | app=c:\programdata\wargaming.net\gamecenter\wgc.exe |
"TCP Query User{F2851229-C2E9-443D-9220-5299F93FDF3C}C:\games\world_of_tanks_eu\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_eu\worldoftanks.exe |
"UDP Query User{2EF41124-45AD-49B9-85FC-AD2B6A82430D}C:\programdata\wargaming.net\gamecenter\wgc.exe" = protocol=17 | dir=in | app=c:\programdata\wargaming.net\gamecenter\wgc.exe |
"UDP Query User{7BEBF065-56A0-4B4D-B583-DD0189DFF624}C:\games\world_of_tanks_eu\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_eu\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EBF679-E886-38AD-8E70-28658449F7F9}" = Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429
"{05B6A133-2E68-1700-950A-1B8D85B8ACB8}" = AMD Settings
"{07BFBD5C-2F63-6828-1B61-B41A44113F3B}" = Catalyst Control Center Next Localization KO
"{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" = Microsoft .NET Framework 4.7.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DBACFDB-5E43-7882-36BD-53526D34BD22}" = Catalyst Control Center Next Localization HU
"{20D46801-147B-30AD-7C5A-AC4560A79096}" = Catalyst Control Center Next Localization FI
"{22C39711-2747-D264-319A-1550BEEAAEC6}" = Catalyst Control Center Next Localization FR
"{24DF617A-CD23-6E6A-126B-23630D2781CE}" = Catalyst Control Center Next Localization TH
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.7.1.2839
"{36EDC500-E4C0-371C-9865-08450415C1E9}" = Catalyst Control Center Next Localization CS
"{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}" = Catalyst Control Center Next Localization DA
"{4D1D5407-9B69-6422-629C-8518A26004A4}" = Catalyst Control Center Next Localization RU
"{5CD8F386-6796-4500-9FD8-CF92C9276B62}" = COMODO Internet Security Premium
"{6AE8C5A1-51CE-8ED5-7E46-46F9CEBD0FEE}" = AMD DVR64
"{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}" = Catalyst Control Center Next Localization TR
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}" = Catalyst Control Center Next Localization ES
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A8379BAB-59A9-C0A3-8BCC-4852EA403692}" = Catalyst Control Center Next Localization SV
"{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}" = Catalyst Control Center Next Localization IT
"{B12F584A-DE7A-3EE3-8EC4-8A64DBC0F2A7}" = Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429
"{B26D75B8-FAB7-6F8B-767F-BAF975383D91}" = Catalyst Control Center Next Localization CHT
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BEFEA793-BD63-8705-BA0A-8B3183F8A115}" = AMD Problem Report Wizard
"{D74218A3-C503-57EF-AC9F-2220082E7ADE}" = Catalyst Control Center Next Localization DE
"{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}" = Catalyst Control Center Next Localization EL
"{DDF5C04E-D306-836C-D97E-192BBCDE7D77}" = AMD DVR64
"{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}" = Catalyst Control Center Next Localization NO
"{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}" = Catalyst Control Center Next Localization NL
"{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}" = Catalyst Control Center Next Localization BR
"{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}" = Catalyst Control Center Next Localization CHS
"{ED75A775-03A7-F214-868D-497748707968}" = Catalyst Control Center Next Localization JA
"{EE2AFCE4-0238-4DE0-A140-1647021627C1}" = Branding64
"{F4C44834-E4FA-3DA9-B999-A30EC54E95B0}" = Microsoft .NET Framework 4.7.2 (CSY)
"{FFBFBD1F-B160-A119-7C43-8584FA2E5665}" = Catalyst Control Center Next Localization PL
"AMD Catalyst Install Manager" = AMD Software
"COMODO Internet Security" = COMODO Internet Security Premium
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.38
"VulkanRT1.0.61.0" = Vulkan Run Time Libraries 1.0.61.0
"VulkanRT1.0.65.1" = Vulkan Run Time Libraries 1.0.65.1
"WUCCCApp" = AMD Settings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0912.1
"{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1" = Zemana AntiMalware verze 3.1.210
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{80586c77-db42-44bb-bfc8-7aebbb220c00}" = Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C05C6BCE-5E35-9885-11B6-4A743A142B7F}" = AMD Settings
"{c239cea1-d49e-4e16-8e87-8c055765f7ec}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
"{C6CDA568-CD91-3CA0-9EDE-DAD98A13D6E1}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25008
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{E6222D59-608C-3018-B86B-69BD241ACDE5}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25008
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Google Chrome" = Google Chrome
"HD Tune Pro_is1" = HD Tune Pro 5.70
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0912.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"Skype_is1" = Skype verze 8.42
"WinRAR archiver" = WinRAR 5.70 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"Wargaming.net Game Center" = Wargaming.net Game Center
"WOT.EU.PRODUCTION" = World of Tanks EU

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.5.2019 17:08:53 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 30.5.2019 17:09:30 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 30.5.2019 17:09:35 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 30.5.2019 17:10:40 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 31.5.2019 15:39:09 | Computer Name = Zaky-PC | Source = VSS | ID = 8194
Description =

Error - 31.5.2019 15:39:21 | Computer Name = Zaky-PC | Source = VSS | ID = 8193
Description =

Error - 31.5.2019 15:39:21 | Computer Name = Zaky-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cavwp.exe, verze: 12.0.0.6818, časové razítko:
0x5cb5ac74 Název chybujícího modulu: smart.cav, verze: 0.0.0.0, časové razítko:
0x5b58bef3 Kód výjimky: 0xc0000005 Posun chyby: 0x00000000000018a7 ID chybujícího procesu:
0x24e8 Čas spuštění chybující aplikace: 0x01d517da70d4f52f Cesta k chybující aplikaci:
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe Cesta k chybujícímu modulu:
C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav ID zprávy: 545880c2-a68b-41b9-8ba4-34a64bf8f75a
Úplný
název chybujícího balíčku: ? ID aplikace související s chybujícím balíčkem: ?

Error - 1.6.2019 6:16:19 | Computer Name = Zaky-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cavwp.exe, verze: 12.0.0.6818, časové razítko:
0x5cb5ac74 Název chybujícího modulu: cavwp.exe, verze: 12.0.0.6818, časové razítko:
0x5cb5ac74 Kód výjimky: 0xc0000409 Posun chyby: 0x0000000000051e84 ID chybujícího
procesu: 0x1e2c Čas spuštění chybující aplikace: 0x01d51834919fe160 Cesta k chybující
aplikaci: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe Cesta k chybujícímu
modulu: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe ID zprávy: ac2216e1-b242-4f83-a2ff-16f1511e5f23
Úplný
název chybujícího balíčku: ? ID aplikace související s chybujícím balíčkem: ?

Error - 1.6.2019 8:03:08 | Computer Name = Zaky-PC | Source = Application Hang | ID = 1002
Description = Program ShellExperienceHost.exe verze 10.0.17763.439 přestal spolupracovat
s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací
o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení
a údržba. ID procesu: 1b80 Čas spuštění: 01d517e8d2a0a3ec Čas ukončení: 4294967295 Cesta
k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID
hlášení: 90cc2d0a-0534-4d5a-8545-4639fd81fdca Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy

ID
aplikace relativní podle balíčku s chybou: App Typ zablokování: Cross-process

Error - 1.6.2019 12:35:11 | Computer Name = Zaky-PC | Source = Application Hang | ID = 1002
Description = Program FRST64.exe verze 1.6.2019.0 přestal spolupracovat s Windows
a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto
problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID
procesu: 14d4 Čas spuštění: 01d51897ef58132f Čas ukončení: 4 Cesta k aplikaci: C:\Users\Zaky\Desktop\FRST64.exe

ID
hlášení: 5a3a9e51-be96-4497-9a38-2f877afe74d6 Úplný název balíčku s chybou: ? ID
aplikace relativní podle balíčku s chybou: ? Typ zablokování: Unknown

[ Parameters Events ]
OTL encountered an error while reading this event log. It may be corrupt.
[ State Events ]
OTL encountered an error while reading this event log. It may be corrupt.
Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Služba sdílení portů Net.Tcp byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat
službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7034
Description = Služba Intel(R) Management and Security Application User Notification
Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Intel(R) Management and Security Application Local Management
Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude
spuštěna za 10000 milisekund: Restartovat službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Adaptér naslouchání Net.Msmq byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat
službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Řízení front zpráv byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Instalační služba modulů systému Windows byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund:
Restartovat službu.

Error - 1.6.2019 12:37:29 | Computer Name = Zaky-PC | Source = DCOM | ID = 10016
Description =

Error - 1.6.2019 12:38:35 | Computer Name = Zaky-PC | Source = DCOM | ID = 10016
Description =

Error - 1.6.2019 12:38:35 | Computer Name = Zaky-PC | Source = DCOM | ID = 10016
Description =


< End of report >

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 19:37

Ten otl má 181 tisíc znaků, tak jsem to dal do raru, jestli nevadí.
Přílohy
zakyotl.rar
(21.57 KiB) Staženo 31 x

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 01 čer 2019 21:22

Bohužel vadí , špatně se to luští z toho textáku..

rozděl to do více příspěvků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 2
Level 2
Příspěvky: 156
Registrován: srpen 12
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 21:27

OTL logfile created on: 1.6.2019 19:21:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaky\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17763.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

15,95 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,05% Memory free
16,95 Gb Paging File | 13,06 Gb Available in Paging File | 77,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,26 Gb Total Space | 289,88 Gb Free Space | 62,31% Space Free | Partition Type: NTFS

Computer Name: ZAKY-PC | User Name: Zaky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Zaky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Windows\SysWOW64\fontdrvhost.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (BcastDVRUserService) -- C:\Windows\SysNative\bcastdvruserservice.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SharedRealitySvc) -- C:\Windows\SysNative\SharedRealitySvc.dll (Microsoft Corporation)
SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (InstallService) -- C:\Windows\SysNative\InstallService.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (SgrmBroker) -- C:\Windows\SysNative\SgrmBroker.exe (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CmdAgentProt) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (cmdvirth) -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV:64bit: - (wlpasvc) -- C:\Windows\SysNative\lpasvc.dll (Microsoft Corporation)
SRV:64bit: - (DisplayEnhancementService) -- C:\Windows\SysNative\Microsoft.Graphics.Display.DisplayEnhancementService.dll (Microsoft Corporation)
SRV:64bit: - (DusmSvc) -- C:\Windows\SysNative\dusmsvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (BTAGService) -- C:\Windows\SysNative\BTAGService.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\psmsrv.dll (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc) -- C:\Windows\SysNative\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (TokenBroker) -- C:\Windows\SysNative\TokenBroker.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (SecurityHealthService) -- C:\Windows\SysNative\SecurityHealthService.exe (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (ssh-agent) -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe ()
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (spectrum) -- C:\Windows\SysNative\Spectrum.exe (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (diagsvc) -- C:\Windows\SysNative\DiagSvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (cbdhsvc) -- C:\Windows\SysNative\CBDHSvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (ConsentUxUserSvc) -- C:\Windows\SysNative\ConsentUxClient.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (perceptionsimulation) -- C:\Windows\SysNative\PerceptionSimulation\PerceptionSimulationService.exe (Microsoft Corporation)
SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc) -- C:\Windows\SysNative\PrintWorkflowService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (ConsentUxUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (cbdhsvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CaptureService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BcastDVRUserService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (CaptureService) -- C:\Windows\SysNative\CaptureService.dll (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc) -- C:\Windows\SysNative\DevicesFlowBroker.dll (Microsoft Corporation)
SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
SRV:64bit: - (BthAvctpSvc) -- C:\Windows\SysNative\BthAvctpSvc.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (WaaSMedicSvc) -- C:\Windows\SysNative\WaaSMedicSvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (SEMgrSvc) -- C:\Windows\SysNative\SEMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (PushToInstall) -- C:\Windows\SysNative\PushToInstall.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (GraphicsPerfSvc) -- C:\Windows\SysNative\GraphicsPerfSvc.dll (Microsoft Corporation)
SRV:64bit: - (WarpJITSvc) -- C:\Windows\SysNative\Windows.WARP.JITService.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (camsvc) -- C:\Windows\SysNative\CapabilityAccessManager.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (NaturalAuthentication) -- C:\Windows\SysNative\NaturalAuth.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (WManSvc) -- C:\Windows\SysNative\Windows.Management.Service.dll (Microsoft Corporation)
SRV:64bit: - (WFDSConMgrSvc) -- C:\Windows\SysNative\WFDSConMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (WpcMonSvc) -- C:\Windows\SysNative\WpcDesktopMonSvc.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService) -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll (Microsoft Corporation)
SRV:64bit: - (VacSvc) -- C:\Windows\SysNative\vac.dll (Microsoft Corporation)
SRV:64bit: - (LxpSvc) -- C:\Windows\SysNative\LanguageOverlayServer.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (XboxGipSvc) -- C:\Windows\SysNative\xboxgipsvc.dll (Microsoft Corporation)
SRV:64bit: - (IpxlatCfgSvc) -- C:\Windows\SysNative\ipxlatcfg.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (WdNisSvc) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (InstallService) -- C:\Windows\SysWOW64\InstallService.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (PrintWorkflowUserSvc) -- C:\Windows\SysWOW64\PrintWorkflowService.dll (Microsoft Corporation)
SRV - (DevicePickerUserSvc) -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV - (TokenBroker) -- C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (GoogleChromeElevationService) -- C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe (Google Inc.)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (tzautoupdate) -- C:\Windows\SysWOW64\tzautoupdate.dll (Microsoft Corporation)
SRV - (wisvc) -- C:\Windows\SysWOW64\FlightSettings.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\wd\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\wd\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (amsdk) -- C:\Windows\SysNative\drivers\amsdk.sys (Copyright 2018.)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
DRV:64bit: - (WinQuic) -- C:\Windows\SysNative\drivers\winquic.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (cmdboot) -- C:\Windows\SysNative\drivers\cmdboot.sys (COMODO)
DRV:64bit: - (dtliteusbbus) -- C:\Windows\SysNative\drivers\dtliteusbbus.sys (Disc Soft Ltd)
DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV:64bit: - (MbbCx) -- C:\Windows\SysNative\drivers\MbbCx.sys (Microsoft Corporation)
DRV:64bit: - (CldFlt) -- C:\Windows\SysNative\drivers\cldflt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (bindflt) -- C:\Windows\SysNative\drivers\bindflt.sys (Microsoft Corporation)
DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (SpatialGraphFilter) -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (PktMon) -- C:\Windows\SysNative\drivers\PktMon.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SgrmAgent) -- C:\Windows\SysNative\drivers\SgrmAgent.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (afunix) -- C:\Windows\SysNative\drivers\afunix.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
DRV:64bit: - (WdmCompanionFilter) -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsiCx0101) -- C:\Windows\SysNative\drivers\UcmUcsiCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (HwNClx0101) -- C:\Windows\SysNative\drivers\mshwnclx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (bam) -- C:\Windows\SysNative\drivers\bam.sys (Microsoft Corporation)
DRV:64bit: - (WinNat) -- C:\Windows\SysNative\drivers\winnat.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (IPT) -- C:\Windows\SysNative\drivers\ipt.sys (Microsoft Corporation)
DRV:64bit: - (Ramdisk) -- C:\Windows\SysNative\drivers\ramdisk.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (hidspi) -- C:\Windows\SysNative\drivers\hidspi.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (Microsoft_Bluetooth_AvrcpTransport) -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.AvrcpTransport.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (BthMini) -- C:\Windows\SysNative\drivers\BthMini.SYS (Microsoft Corporation)
DRV:64bit: - (hvcrash) -- C:\Windows\SysNative\drivers\hvcrash.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsiAcpiClient) -- C:\Windows\SysNative\drivers\UcmUcsiAcpiClient.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (iaStorAVC) -- C:\Windows\SysNative\drivers\iaStorAVC.sys (Intel Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (mausbhost) -- C:\Windows\SysNative\drivers\mausbhost.sys (Microsoft Corporation)
DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (SmartSAMD) -- C:\Windows\SysNative\drivers\SmartSAMD.sys (Microsemi Corportation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (nvdimm) -- C:\Windows\SysNative\drivers\nvdimm.sys (Microsoft Corporation)
DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (pmem) -- C:\Windows\SysNative\drivers\pmem.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
DRV:64bit: - (mausbip) -- C:\Windows\SysNative\drivers\mausbip.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (bttflt) -- C:\Windows\SysNative\drivers\bttflt.sys (Microsoft Corporation)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (ItSas35i) -- C:\Windows\SysNative\drivers\ItSas35i.sys (Avago Technologies)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (rhproxy) -- C:\Windows\SysNative\drivers\rhproxy.sys (Microsoft Corporation)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (megasas35i) -- C:\Windows\SysNative\drivers\megasas35i.sys (Avago Technologies)
DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SDFRd) -- C:\Windows\SysNative\drivers\SDFRd.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
DRV:64bit: - (swenum) -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys (Microsoft Corporation)
DRV:64bit: - (PNPMEM) -- C:\Windows\SysNative\drivers\pnpmem.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSS2i_I2C_CNL) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_CNL.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C_GLK) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_GLK.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_CNL) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_CNL.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_GLK) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_GLK.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
DRV:64bit: - (CAD) -- C:\Windows\SysNative\drivers\CAD.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nvvhci) -- C:\Windows\SysNative\drivers\nvvhci.sys (NVIDIA Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWT6.sys (Advanced Micro Devices)
DRV:64bit: - (KbFilter_Kb_FlexDef3x) -- C:\Windows\SysNative\drivers\KbFilter_FlexDef3x.sys (Siliten)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (afunix) -- C:\Windows\SysWOW64\drivers\afunix.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys (Microsoft Corporation)
DRV - (swenum) -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys (Advanced Micro Devices, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F E0 78 FC 56 99 D4 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 2D D1 0B 37 DA CD D4 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 14 hostů