Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 20:39

2019-05-11 11:26 - 2017-05-08 21:52 - 000034064 ____N (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2019-05-11 11:25 - 2019-05-31 19:53 - 000003094 _____ C:\WINDOWS\System32\Tasks\AMDLinkUpdate
2019-05-11 11:25 - 2019-05-30 23:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-05-11 11:25 - 2019-05-30 23:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-11 11:25 - 2019-05-11 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2019-05-11 11:25 - 2019-05-11 11:25 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2019-05-11 11:25 - 2019-05-11 11:25 - 000007623 _____ C:\WINDOWS\diagerr.xml
2019-05-11 11:25 - 2019-05-11 11:25 - 000003226 _____ C:\WINDOWS\System32\Tasks\ModifyLinkUpdate
2019-05-11 11:25 - 2019-05-11 11:25 - 000003146 _____ C:\WINDOWS\System32\Tasks\StartCN
2019-05-11 11:25 - 2019-05-11 11:25 - 000003060 _____ C:\WINDOWS\System32\Tasks\StartDVR
2019-05-11 11:25 - 2019-05-11 11:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2019-05-11 11:25 - 2019-05-11 11:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-11 11:24 - 2019-05-11 11:24 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-05-11 11:24 - 2019-05-11 11:24 - 000000000 ____D C:\ProgramData\USOShared
2019-05-11 11:24 - 2019-03-12 08:29 - 002865152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-05-11 11:23 - 2019-05-30 23:31 - 001885048 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-11 11:23 - 2019-05-30 19:10 - 000000000 ____D C:\Users\Zaky
2019-05-11 11:23 - 2019-05-17 10:26 - 000002358 _____ C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Šablony
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Soubory cookie
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Poslední
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Okolní tiskárny
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Okolní síť
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Nabídka Start
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Dokumenty
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Documents\Obrázky
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Documents\Hudba
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Documents\Filmy
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\Data aplikací
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-05-11 11:23 - 2019-05-11 11:23 - 000000000 _SHDL C:\Users\Zaky\AppData\Local\Data aplikací
2019-05-11 11:22 - 2019-05-11 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-05-11 11:22 - 2019-05-11 11:22 - 000000000 ____D C:\Program Files (x86)\AMD
2019-05-11 11:21 - 2019-05-31 08:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-11 11:21 - 2019-05-17 18:27 - 000258088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-11 11:13 - 2018-09-15 09:28 - 000000001 ___SH C:\BOOTNXT
2019-05-11 11:01 - 2019-05-18 09:36 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-11 10:54 - 2019-05-11 11:01 - 000000000 ____D C:\ESD
2019-05-11 10:53 - 2019-05-11 10:53 - 000000000 ___HD C:\$Windows.~WS
2019-05-10 14:17 - 2019-05-27 15:36 - 000000088 _____ C:\Users\Zaky\Desktop\songy.txt
2019-05-01 10:40 - 2019-05-11 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2019-05-01 10:39 - 2019-05-01 10:39 - 000000000 ____D C:\Users\Zaky\AppData\LocalLow\AMD
2019-05-01 10:28 - 2019-05-01 10:37 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2019-05-01 10:28 - 2019-05-01 10:28 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\ATI
2019-05-01 10:28 - 2019-05-01 10:28 - 000000000 ____D C:\Users\Zaky\AppData\Local\ATI
2019-05-01 10:28 - 2019-05-01 10:28 - 000000000 ____D C:\ProgramData\ATI

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-31 20:18 - 2019-04-18 12:35 - 000326692 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2019-05-31 20:07 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-31 19:53 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-30 23:39 - 2018-09-15 09:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-05-30 23:31 - 2018-09-15 19:32 - 000779814 _____ C:\WINDOWS\system32\perfh005.dat
2019-05-30 23:31 - 2018-09-15 19:32 - 000177702 _____ C:\WINDOWS\system32\perfc005.dat
2019-05-30 23:31 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-30 23:26 - 2019-04-19 19:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-05-30 23:26 - 2019-03-21 19:42 - 000338720 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2019-05-30 23:26 - 2018-09-15 08:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-05-30 21:48 - 2019-03-20 19:27 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-30 21:12 - 2010-11-21 05:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-05-30 19:37 - 2019-03-27 14:27 - 000003988 _____ C:\Users\Zaky\Desktop\oktavka.txt
2019-05-30 19:25 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-30 19:25 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-30 19:15 - 2019-04-19 19:53 - 000000000 ____D C:\Users\Zaky\AppData\Local\AMD
2019-05-30 19:03 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-29 09:49 - 2019-04-17 14:50 - 000000183 _____ C:\Users\Zaky\Desktop\ukoly.txt
2019-05-17 13:03 - 2018-09-15 09:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-17 13:03 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-17 11:29 - 2018-12-21 15:45 - 000408530 __RSH C:\bootmgr
2019-05-15 11:27 - 2018-12-24 13:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-15 11:26 - 2018-12-24 13:01 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 19:33 - 2018-12-21 20:00 - 000030528 _____ C:\WINDOWS\GVTDrv64.sys
2019-05-12 19:27 - 2018-12-21 21:53 - 000025640 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\etdrv.sys
2019-05-12 19:26 - 2018-12-21 19:59 - 000025640 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2019-05-12 18:21 - 2018-12-21 19:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-12 11:49 - 2019-03-05 09:18 - 000001348 _____ C:\Users\Zaky\Desktop\ruka off.txt
2019-05-11 21:14 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\servicing
2019-05-11 13:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-05-11 13:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-05-11 12:21 - 2019-03-21 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-05-11 12:21 - 2019-03-20 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-11 12:21 - 2019-03-06 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-11 12:21 - 2018-12-24 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-11 12:21 - 2018-12-22 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2019-05-11 12:21 - 2018-12-21 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2019-05-11 12:21 - 2018-12-21 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2019-05-11 12:21 - 2018-12-21 19:50 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-05-11 12:21 - 2018-12-21 19:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2019-05-11 12:21 - 2018-12-21 19:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-05-11 12:21 - 2018-12-21 19:46 - 000000000 ____D C:\Program Files (x86)\Intel
2019-05-11 12:21 - 2018-09-15 09:36 - 000000000 ____D C:\WINDOWS\Setup
2019-05-11 12:21 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-05-11 12:21 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-11 12:21 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-11 12:21 - 2018-09-15 09:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-05-11 12:21 - 2009-07-14 05:20 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-05-11 12:19 - 2019-04-19 19:07 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-05-11 12:19 - 2018-12-23 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-05-11 12:19 - 2018-12-21 19:50 - 000000000 ____D C:\Program Files\Realtek
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\IME
2019-05-11 12:19 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\schemas
2019-05-11 12:19 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Microsoft Games
2019-05-11 12:19 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\DVD Maker
2019-05-11 12:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-11 12:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-05-11 12:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-11 12:18 - 2018-09-15 08:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-05-11 12:15 - 2019-03-12 08:30 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-05-11 12:15 - 2018-09-15 09:41 - 000605696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2019-05-11 12:15 - 2018-09-15 09:41 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2019-05-11 12:15 - 2018-09-15 09:41 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2019-05-11 12:15 - 2018-09-15 09:40 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2019-05-11 12:15 - 2018-09-15 09:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2019-05-11 12:15 - 2018-09-15 09:40 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 001401856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2019-05-11 12:15 - 2018-09-15 09:38 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2019-05-11 12:15 - 2018-09-15 09:38 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2019-05-11 12:15 - 2018-09-15 09:38 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2019-05-11 12:15 - 2018-09-15 09:38 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2019-05-11 12:15 - 2018-09-15 09:38 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2019-05-11 12:15 - 2018-09-15 09:38 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2019-05-11 12:15 - 2018-09-15 09:37 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-05-11 12:15 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-05-11 11:43 - 2018-09-15 19:33 - 000000000 ____D C:\WINDOWS\OCR
2019-05-11 11:30 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-05-11 11:27 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-11 11:27 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\spool
2019-05-11 11:25 - 2018-09-15 09:33 - 000000000 __RHD C:\Users\Public\Libraries
2019-05-11 11:25 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\windows nt
2019-05-11 11:25 - 2018-09-15 08:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-11 11:24 - 2018-12-24 22:28 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-11 11:24 - 2018-12-22 12:33 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2019-05-11 11:24 - 2018-12-22 11:36 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-05-11 11:24 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-05-11 11:23 - 2018-12-21 19:46 - 001796386 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-05-11 11:22 - 2019-04-19 19:43 - 000000000 ____D C:\AMD
2019-05-11 11:22 - 2019-04-18 21:42 - 000000000 ____D C:\Program Files\AMD
2019-05-11 11:22 - 2018-12-21 19:50 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-05-11 11:22 - 2018-09-15 09:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-05-11 11:22 - 2018-09-15 09:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-05-11 11:13 - 2018-12-21 15:45 - 000008192 __RSH C:\BOOTSECT.BAK
2019-05-11 11:13 - 2009-07-14 06:45 - 000022064 _____ C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-11 11:13 - 2009-07-14 06:45 - 000022064 _____ C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-06 20:49 - 2018-12-21 22:37 - 000000000 ___RD C:\Users\Zaky\Hry
2019-05-06 20:43 - 2019-04-29 17:54 - 000000000 ____D C:\Users\Zaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-05-05 07:14 - 2019-03-20 18:55 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-02 19:12 - 2019-03-21 19:42 - 000002122 _____ C:\Users\Public\Desktop\COMODO Internet Security Premium.lnk
2019-05-01 10:44 - 2019-04-18 21:44 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-05-01 10:43 - 2019-04-19 20:08 - 000000000 ____D C:\ProgramData\Adobe
2019-05-01 10:41 - 2018-12-21 19:47 - 000058888 _____ C:\Users\Zaky\AppData\Local\GDIPFONTCACHEV1.DAT
2019-05-01 10:38 - 2019-04-19 19:49 - 000000000 ____D C:\Program Files (x86)\VulkanRT

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================



Reklama
zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 20:39

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05.2019
Ran by Zaky (31-05-2019 20:32:50)
Running from C:\Users\Zaky\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-05-11 09:26:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-54008278-3310906152-1594598205-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-54008278-3310906152-1594598205-503 - Limited - Disabled)
Guest (S-1-5-21-54008278-3310906152-1594598205-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-54008278-3310906152-1594598205-504 - Limited - Disabled)
Zaky (S-1-5-21-54008278-3310906152-1594598205-1000 - Administrator - Enabled) => C:\Users\Zaky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {255FE707-DEDA-33CA-1986-80AAD408CE05}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {A60587C6-B28F-3D1C-0869-12ED515CC3C3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.4.3 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\{5CD8F386-6796-4500-9FD8-CF92C9276B62}) (Version: 12.0.0.6818 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 12.0.0.6818 - COMODO Security Solutions Inc.)
CPUID HWMonitor 1.38 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.38 - CPUID, Inc.)
Easy Tune 6 B12.0912.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B12.0912.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype verze 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\Wargaming.net Game Center) (Version: 19.1.1.4317 - Wargaming.net)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
Zemana AntiMalware verze 3.1.210 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.210 - Zemana)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-04-16] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-04-24 21:17 - 2017-04-24 21:17 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-24 21:17 - 2017-04-24 21:17 - 000005120 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamcsy.dll
2018-12-21 19:50 - 2012-05-20 18:24 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-05-31 20:09 - 000000813 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-54008278-3310906152-1594598205-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-54008278-3310906152-1594598205-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{E9514FDF-0B37-4D65-98A9-E7DD63625A89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{2D99D0C5-8141-4C15-A167-6EA81B82AA68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DB38700D-6494-4B35-96C9-E861DB63FB6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1732671-8359-4A63-9A56-205518D5657A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D7D3F0BB-D88B-429A-BD3E-30944FF48223}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{9EBA3B2A-C4D7-410C-AD8C-C7E01B9A56AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3477B47-D09F-472B-98F7-439621C09015}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12EF1D54-385E-4646-A64C-2B6E859B5ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{7BEBF065-56A0-4B4D-B583-DD0189DFF624}C:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{F2851229-C2E9-443D-9220-5299F93FDF3C}C:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{2EF41124-45AD-49B9-85FC-AD2B6A82430D}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{3DEBEEC7-EF9C-47B8-B96A-6BE8E10B51FF}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)

==================== Restore Points =========================

15-05-2019 11:25:14 Windows Update
24-05-2019 08:57:00 Naplánovaný kontrolní bod
30-05-2019 08:02:34 Instalační služba modulů systému Windows
30-05-2019 21:12:42 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Description: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet – adaptér (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2019 11:10:40 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:09:35 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:09:30 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:08:53 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:07:02 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:06:51 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:06:34 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (05/30/2019 11:06:26 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:


System errors:
=============
Error: (05/31/2019 08:21:54 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 08:10:39 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 07:55:51 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 12:45:38 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 12:44:29 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 12:44:13 PM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 11:35:02 AM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/31/2019 10:04:05 AM) (Source: DCOM) (EventID: 10016) (User: Zaky-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli Zaky-PC\Zaky (SID: S-1-5-21-54008278-3310906152-1594598205-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================

Date: 2019-05-31 20:27:50.506
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 20:27:04.381
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 20:27:04.332
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 20:07:40.205
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 19:54:11.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 19:53:48.401
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 19:53:41.368
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-31 12:54:27.118
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F7 08/20/2012
Motherboard: Gigabyte Technology Co., Ltd. B75-D3V
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16328.12 MB
Available physical RAM: 12691.14 MB
Total Virtual: 32712.12 MB
Available Virtual: 27475.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.26 GB) (Free:268.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{0bdd12b8-0000-0000-0000-b05074000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0BDD12B8)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=510 MB) - (Type=27)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 31 kvě 2019 21:16

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
SearchScopes: HKU\S-1-5-21-54008278-3310906152-1594598205-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{E9514FDF-0B37-4D65-98A9-E7DD63625A89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{2D99D0C5-8141-4C15-A167-6EA81B82AA68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DB38700D-6494-4B35-96C9-E861DB63FB6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1732671-8359-4A63-9A56-205518D5657A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D7D3F0BB-D88B-429A-BD3E-30944FF48223}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Keylogger tam nemáš..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 21:44

UFF tak to se mi ulevilo, a nějaky jiny vir tam byl ? zatím moc díky za pomoc, jelikož mi pomáháte už podruhé, pošlu nějakou káču na podporu fora.PC mi nešel restartovat standartně v nabídce start, tak jsem ho restartoval tlačítkem na kejse, snad neva.Je možné že se mi smazalo několik GB dat na disku ? včera zabráno 196GB dnes 181 ale nevypadá, že by něco chybělo LOG:

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-05.2019
Ran by Zaky (31-05-2019 21:39:08) Run:1
Running from C:\Users\Zaky\Desktop
Loaded Profiles: Zaky (Available Profiles: Zaky)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
SearchScopes: HKU\S-1-5-21-54008278-3310906152-1594598205-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{E9514FDF-0B37-4D65-98A9-E7DD63625A89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{2D99D0C5-8141-4C15-A167-6EA81B82AA68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DB38700D-6494-4B35-96C9-E861DB63FB6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1732671-8359-4A63-9A56-205518D5657A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D7D3F0BB-D88B-429A-BD3E-30944FF48223}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\Software\Classes\CLSID\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => not found
HKU\S-1-5-21-54008278-3310906152-1594598205-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD5835C-F156-4484-BFD7-7E7FD4EA9596}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9514FDF-0B37-4D65-98A9-E7DD63625A89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D99D0C5-8141-4C15-A167-6EA81B82AA68}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB38700D-6494-4B35-96C9-E861DB63FB6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1732671-8359-4A63-9A56-205518D5657A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7D3F0BB-D88B-429A-BD3E-30944FF48223}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 288873829 B
Java, Flash, Steam htmlcache => 78819546 B
Windows/system/drivers => 30324 B
Edge => 0 B
Chrome => 439761340 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3582 B
LocalService => 0 B
NetworkService => 2884 B
NetworkService => 0 B
Zaky => 3057759 B

RecycleBin => 139398 B
EmptyTemp: => 780.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:39:33 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 31 kvě 2019 22:28

Těžko určit , myslíš , za celé čištění ?

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

heslo mohli zkoušet prostě na těch stránkách a v pc nic není..

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

díky za příspěvek!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 31 kvě 2019 22:39

Ano za celou dobu co to spolu tady čistíme. na ploše mi zbyl ještě Sophos a ATF cleaner, ty můžu manualně odstranit ? A byl v pc teda nějaky vir, nebo to bylo čisty? Můžu se bez obav přihlásit na internet. banking atd ?

# DelFix v1.013 - Logfile created 31/05/2019 at 22:33:42
# Updated 17/04/2016 by Xplode
# Username : Zaky - ZAKY-PC
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Zaky\Desktop\Addition.txt
Deleted : C:\Users\Zaky\Desktop\AdwCleaner.exe
Deleted : C:\Users\Zaky\Desktop\Fixlog.txt
Deleted : C:\Users\Zaky\Desktop\FRST.txt
Deleted : C:\Users\Zaky\Desktop\FRST64.exe
Deleted : C:\Users\Zaky\Desktop\JRT.exe
Deleted : C:\Users\Zaky\Desktop\JRT.txt
Deleted : C:\Users\Zaky\Desktop\HijackThis.exe
Deleted : C:\Users\Zaky\Desktop\hijackthis.log
Deleted : C:\Users\Zaky\Desktop\hjt.png
Deleted : C:\Users\Zaky\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Zaky\Desktop\TFC.exe
Deleted : C:\Users\Zaky\Downloads\AdwCleaner.exe
Deleted : C:\Users\Zaky\Downloads\FRST64.exe
Deleted : C:\Users\Zaky\Downloads\HijackThis.exe
Deleted : C:\Users\Zaky\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #2 [Windows Update | 05/15/2019 09:25:14]
Deleted : RP #3 [Naplánovaný kontrolní bod | 05/24/2019 06:57:00]
Deleted : RP #4 [Instalační služba modulů systému Windows | 05/30/2019 06:02:34]
Deleted : RP #5 [JRT Pre-Junkware Removal | 05/30/2019 19:12:42]

New restore point created !

########## - EOF - ##########

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 11:55

https://imgur.com/a/q2p6RhD

https://imgur.com/a/krdISSI

já si nemůžu pomoct, prostě s tím pc něco je, at se přihlašuju na instagram, at se přihlašuju sem na web, vždy nějakej problém
ubylo dalších 6GB dat na disku-aktualně 175GB

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 01 čer 2019 19:00

Tak ještě tohle a pak resetujeme hosts:

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 19:34

OTL Extras logfile created on: 1.6.2019 19:21:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaky\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17763.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

15,95 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,05% Memory free
16,95 Gb Paging File | 13,06 Gb Available in Paging File | 77,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,26 Gb Total Space | 289,88 Gb Free Space | 62,31% Space Free | Partition Type: NTFS

Computer Name: ZAKY-PC | User Name: Zaky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]
"DisableAvCheck" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 7B CA F1 88 DB 07 D5 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]
"DisableAvCheck" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12EF1D54-385E-4646-A64C-2B6E859B5ED1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05541849-6547-4B81-9A75-F2DB23D5B045}" = dir=in | name=@{microsoft.windows.cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{0E9C7BA6-9702-413E-B3FA-E04CA398DB13}" = dir=out | name=@{microsoft.windows.cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{0F203AAD-4EA0-4CFA-9387-1AA07E4974E1}" = dir=in | name=skype |
"{10EC48B3-DC9E-4597-BECC-9EA8E93E09A3}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} |
"{123D6570-6DAA-42CF-95C6-90F7921123D4}" = dir=out | name=@{microsoft.windows.photos_2019.19031.17720.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{1994DCA4-17BD-4136-9BD6-BA7F2A23D646}" = dir=in | name=@{microsoft.zunevideo_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{1A1D482C-9D92-4DC9-9597-9C0905F1CFFD}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{1CCE7E47-A154-41E9-8465-D6C43391FFC0}" = dir=out | name=skype |
"{20487A2E-84D5-4291-B5EB-CD7F0A82649E}" = dir=out | name=@{microsoft.xboxidentityprovider_12.53.10001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{20A44181-1902-4A98-8470-50DD339ABB59}" = dir=out | name=@{microsoft.desktopappinstaller_1.0.31351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{28AFADC4-ABED-4EED-8A98-1BCA1C157467}" = dir=out | name=@{microsoft.zunevideo_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2FCBCF89-7F8E-46DB-9B1E-D8457B7221F1}" = dir=in | name=@{microsoft.oneconnect_5.1905.1232.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} |
"{34D8E871-D766-4B0B-B6C8-6A624150136A}" = dir=out | name=xbox tcui |
"{35873236-EBB5-47F8-8C14-9F0BF24DD922}" = dir=out | name=@{microsoft.windowsstore_11904.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{35C3FBA8-D221-47D8-9D38-E1AC41BA264B}" = dir=out | name=@{microsoft.windowscalculator_10.1904.31.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} |
"{38558C78-E653-486C-9A3E-303D6F91E5BD}" = dir=out | name=@{microsoft.gethelp_10.1706.20381.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} |
"{3E25F46B-FD1F-4094-B944-469453AE8969}" = dir=out | name=windows_ie_ac_001 |
"{3F45938E-05B7-4EE1-8086-F4F293EEF981}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.17763.1_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} |
"{3F4C606D-1978-4AC8-B069-7E8E5FC4CEC9}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{4381012C-6DA4-45D5-924C-173D3BCD87B9}" = dir=out | name=@{microsoft.mixedreality.portal_2000.19011.1132.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} |
"{43A3D73C-A69A-4C89-896F-33B122D7D7E5}" = dir=in | name=print 3d |
"{44B57CE4-AB3F-4E2B-9FEE-9E8196BD807A}" = dir=out | name=microsoft pay |
"{4A57EA7F-3FC3-4169-ABE9-AEBF5EAB1D45}" = dir=out | name=office |
"{4B90BCCD-280C-4A2D-90F2-D686058A2720}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{530D930E-8AFD-455A-8D3B-662030E55EF8}" = dir=out | name=@{microsoft.lockapp_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{56795793-D95B-4B7B-8F29-2D7EFB8BC2BA}" = dir=out | name=@{microsoft.accountscontrol_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{653C2A71-3A30-43B7-A5FD-E41291790CEB}" = dir=out | name=@{microsoft.getstarted_7.3.20251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{694CD24A-085D-460D-8038-5F33777C6E5C}" = dir=in | name=@{microsoft.desktopappinstaller_1.0.31351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{724B7AED-598D-455A-85DD-D5BF4A82DA8D}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{7D054B4D-30C5-4272-82FB-5874B16A1AAD}" = dir=out | name=@{microsoft.storepurchaseapp_11811.1001.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} |
"{7EAF42E0-DE6E-4C88-AE56-8F67B4B463C8}" = dir=out | name=@{microsoft.windowsmaps_5.1902.843.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{807D27CC-E90B-4BC8-A966-CBBE3AF4E5E5}" = dir=out | name=@{microsoft.bingweather_4.28.10351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{812E4F9F-1741-49DB-A981-2C1BA4DF6169}" = dir=in | name=xbox |
"{82ADB65B-315E-403A-8658-6D584324D583}" = dir=out | name=@{microsoft.windowscamera_2019.425.30.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} |
"{8B382AED-8E29-4446-B4DC-40AF0935D901}" = dir=in | name=@{microsoft.yourphone_1.19051.545.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} |
"{8E19CFC2-369A-4AA4-8E3A-00C2C7A84E60}" = dir=out | name=@{microsoft.xboxgamingoverlay_3.29.22003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxgamingoverlay/resources/gamebar} |
"{8E938006-7810-4F80-9C54-676AA6B2C85F}" = dir=out | name=xbox |
"{94D93C1D-71C0-49E1-A442-F336FDF7A2B7}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{95F9A138-F886-4667-9FA9-82BCDA66E191}" = dir=out | name=@{microsoft.people_10.1902.633.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{96256869-DFF1-44B3-9613-B2D083388E90}" = dir=in | name=@{microsoft.win32webviewhost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} |
"{9999D391-FEB0-401B-A7FB-CE8DE1407742}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{9C891251-2108-463C-92F5-199869227B26}" = dir=in | name=@{microsoft.windows.photos_2019.19031.17720.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{9D7E210D-D7D8-453E-B5B2-1815E997CDBB}" = dir=in | name=@{microsoft.zunemusic_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{9EBA3B2A-C4D7-410C-AD8C-C7E01B9A56AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft\skype for desktop\skype.exe |
"{A31FB973-603E-4FC5-BECA-045E6CA0091E}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{A84BDD22-6D45-4514-A805-765FD8A4A009}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} |
"{A91434B5-652F-4CB6-B4A2-52815A1E713D}" = dir=in | name=microsoft sticky notes |
"{B0E216B2-B482-4875-BE9D-F8C0D854EA9E}" = dir=out | name=@{microsoft.messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{B1C000AE-CBE4-4A03-AB07-825008FDB4E3}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} |
"{B5656110-D353-45CD-8FC0-B3CEA6DFB336}" = dir=out | name=@{microsoft.oneconnect_5.1905.1232.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} |
"{B6BD7E24-2A48-4D2F-9E36-721FFFA4BC82}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B8516766-FEE2-44C0-B58B-6B1F2D727377}" = dir=out | name=@{microsoft.ppiprojection_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{B8880B90-9417-4AD5-A5E5-2E981D820FD3}" = dir=in | name=@{microsoft.xboxgamingoverlay_3.29.22003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxgamingoverlay/resources/gamebar} |
"{B941E5B0-8279-476A-B0AB-9163A84027B0}" = dir=in | name=@{microsoft.messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{B9529EBB-509C-4372-A92F-78B79842BB74}" = dir=out | name=onenote |
"{BD8F9A64-B967-4E4F-AD5F-8D76C296FAF9}" = dir=out | name=@{microsoft.mspaint_5.1904.8017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} |
"{C0F8AD3E-FE2B-4180-938B-30682C986E4E}" = dir=out | name=@{microsoft.win32webviewhost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} |
"{C405A942-3A82-41FA-AD03-0E2CF65489DB}" = dir=out | name=microsoft sticky notes |
"{C70EFC31-6943-4FAC-A4FD-D67C5F5EA002}" = dir=out | name=xbox game bar plugin |
"{CA3694FD-E507-4C03-BB70-A041B8306BCC}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{D04B6E8B-B214-4BF3-AD1B-C2FCBF95FE41}" = dir=out | name=@{microsoft.microsoftedge_44.17763.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{D3477B47-D09F-472B-98F7-439621C09015}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft\skype for desktop\skype.exe |
"{DA2B8FBC-DEB9-4C4B-9CAE-C2E7869565D8}" = dir=out | name=@{microsoft.yourphone_1.19051.545.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} |
"{E4851126-076E-4E2A-B5BA-153D6CF94981}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{E8256073-C8D4-4ECF-8FB6-A23C15D1DED3}" = dir=in | name=@{microsoft.microsoftedge_44.17763.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{E9765669-B010-4A61-8CC4-B8993C7842AC}" = dir=in | name=@{microsoft.windowsstore_11904.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{ED562B63-19E2-4544-947B-BCE21A4180D4}" = dir=out | name=@{microsoft.microsoft3dviewer_6.1903.4012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} |
"{EE0E7B5E-D6DF-4F87-BCF2-5BD7DAA35040}" = dir=out | name=shell input application |
"{F027077D-E1B4-4995-BDFE-96CA771DC437}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{F1F8D1BA-3BE4-43DF-87E9-0D9364B7BBCA}" = dir=out | name=@{microsoft.zunemusic_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F464388B-9798-4BED-A248-5D75EA9BEF4C}" = dir=in | name=@{microsoft.ppiprojection_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{F947108C-40DB-4F4B-9E60-21E77F1B2F71}" = dir=out | name=print 3d |
"{FC679307-FCD5-48A1-B2A4-9416664F6B87}" = dir=in | name=onenote |
"TCP Query User{3DEBEEC7-EF9C-47B8-B96A-6BE8E10B51FF}C:\programdata\wargaming.net\gamecenter\wgc.exe" = protocol=6 | dir=in | app=c:\programdata\wargaming.net\gamecenter\wgc.exe |
"TCP Query User{F2851229-C2E9-443D-9220-5299F93FDF3C}C:\games\world_of_tanks_eu\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_eu\worldoftanks.exe |
"UDP Query User{2EF41124-45AD-49B9-85FC-AD2B6A82430D}C:\programdata\wargaming.net\gamecenter\wgc.exe" = protocol=17 | dir=in | app=c:\programdata\wargaming.net\gamecenter\wgc.exe |
"UDP Query User{7BEBF065-56A0-4B4D-B583-DD0189DFF624}C:\games\world_of_tanks_eu\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_eu\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EBF679-E886-38AD-8E70-28658449F7F9}" = Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429
"{05B6A133-2E68-1700-950A-1B8D85B8ACB8}" = AMD Settings
"{07BFBD5C-2F63-6828-1B61-B41A44113F3B}" = Catalyst Control Center Next Localization KO
"{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" = Microsoft .NET Framework 4.7.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DBACFDB-5E43-7882-36BD-53526D34BD22}" = Catalyst Control Center Next Localization HU
"{20D46801-147B-30AD-7C5A-AC4560A79096}" = Catalyst Control Center Next Localization FI
"{22C39711-2747-D264-319A-1550BEEAAEC6}" = Catalyst Control Center Next Localization FR
"{24DF617A-CD23-6E6A-126B-23630D2781CE}" = Catalyst Control Center Next Localization TH
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.7.1.2839
"{36EDC500-E4C0-371C-9865-08450415C1E9}" = Catalyst Control Center Next Localization CS
"{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}" = Catalyst Control Center Next Localization DA
"{4D1D5407-9B69-6422-629C-8518A26004A4}" = Catalyst Control Center Next Localization RU
"{5CD8F386-6796-4500-9FD8-CF92C9276B62}" = COMODO Internet Security Premium
"{6AE8C5A1-51CE-8ED5-7E46-46F9CEBD0FEE}" = AMD DVR64
"{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}" = Catalyst Control Center Next Localization TR
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}" = Catalyst Control Center Next Localization ES
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A8379BAB-59A9-C0A3-8BCC-4852EA403692}" = Catalyst Control Center Next Localization SV
"{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}" = Catalyst Control Center Next Localization IT
"{B12F584A-DE7A-3EE3-8EC4-8A64DBC0F2A7}" = Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429
"{B26D75B8-FAB7-6F8B-767F-BAF975383D91}" = Catalyst Control Center Next Localization CHT
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BEFEA793-BD63-8705-BA0A-8B3183F8A115}" = AMD Problem Report Wizard
"{D74218A3-C503-57EF-AC9F-2220082E7ADE}" = Catalyst Control Center Next Localization DE
"{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}" = Catalyst Control Center Next Localization EL
"{DDF5C04E-D306-836C-D97E-192BBCDE7D77}" = AMD DVR64
"{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}" = Catalyst Control Center Next Localization NO
"{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}" = Catalyst Control Center Next Localization NL
"{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}" = Catalyst Control Center Next Localization BR
"{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}" = Catalyst Control Center Next Localization CHS
"{ED75A775-03A7-F214-868D-497748707968}" = Catalyst Control Center Next Localization JA
"{EE2AFCE4-0238-4DE0-A140-1647021627C1}" = Branding64
"{F4C44834-E4FA-3DA9-B999-A30EC54E95B0}" = Microsoft .NET Framework 4.7.2 (CSY)
"{FFBFBD1F-B160-A119-7C43-8584FA2E5665}" = Catalyst Control Center Next Localization PL
"AMD Catalyst Install Manager" = AMD Software
"COMODO Internet Security" = COMODO Internet Security Premium
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.38
"VulkanRT1.0.61.0" = Vulkan Run Time Libraries 1.0.61.0
"VulkanRT1.0.65.1" = Vulkan Run Time Libraries 1.0.65.1
"WUCCCApp" = AMD Settings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0912.1
"{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1" = Zemana AntiMalware verze 3.1.210
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{80586c77-db42-44bb-bfc8-7aebbb220c00}" = Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C05C6BCE-5E35-9885-11B6-4A743A142B7F}" = AMD Settings
"{c239cea1-d49e-4e16-8e87-8c055765f7ec}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
"{C6CDA568-CD91-3CA0-9EDE-DAD98A13D6E1}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25008
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{E6222D59-608C-3018-B86B-69BD241ACDE5}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25008
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Google Chrome" = Google Chrome
"HD Tune Pro_is1" = HD Tune Pro 5.70
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0912.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"Skype_is1" = Skype verze 8.42
"WinRAR archiver" = WinRAR 5.70 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"Wargaming.net Game Center" = Wargaming.net Game Center
"WOT.EU.PRODUCTION" = World of Tanks EU

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.5.2019 17:08:53 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 30.5.2019 17:09:30 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 30.5.2019 17:09:35 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 30.5.2019 17:10:40 | Computer Name = Zaky-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 31.5.2019 15:39:09 | Computer Name = Zaky-PC | Source = VSS | ID = 8194
Description =

Error - 31.5.2019 15:39:21 | Computer Name = Zaky-PC | Source = VSS | ID = 8193
Description =

Error - 31.5.2019 15:39:21 | Computer Name = Zaky-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cavwp.exe, verze: 12.0.0.6818, časové razítko:
0x5cb5ac74 Název chybujícího modulu: smart.cav, verze: 0.0.0.0, časové razítko:
0x5b58bef3 Kód výjimky: 0xc0000005 Posun chyby: 0x00000000000018a7 ID chybujícího procesu:
0x24e8 Čas spuštění chybující aplikace: 0x01d517da70d4f52f Cesta k chybující aplikaci:
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe Cesta k chybujícímu modulu:
C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav ID zprávy: 545880c2-a68b-41b9-8ba4-34a64bf8f75a
Úplný
název chybujícího balíčku: ? ID aplikace související s chybujícím balíčkem: ?

Error - 1.6.2019 6:16:19 | Computer Name = Zaky-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cavwp.exe, verze: 12.0.0.6818, časové razítko:
0x5cb5ac74 Název chybujícího modulu: cavwp.exe, verze: 12.0.0.6818, časové razítko:
0x5cb5ac74 Kód výjimky: 0xc0000409 Posun chyby: 0x0000000000051e84 ID chybujícího
procesu: 0x1e2c Čas spuštění chybující aplikace: 0x01d51834919fe160 Cesta k chybující
aplikaci: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe Cesta k chybujícímu
modulu: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe ID zprávy: ac2216e1-b242-4f83-a2ff-16f1511e5f23
Úplný
název chybujícího balíčku: ? ID aplikace související s chybujícím balíčkem: ?

Error - 1.6.2019 8:03:08 | Computer Name = Zaky-PC | Source = Application Hang | ID = 1002
Description = Program ShellExperienceHost.exe verze 10.0.17763.439 přestal spolupracovat
s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací
o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení
a údržba. ID procesu: 1b80 Čas spuštění: 01d517e8d2a0a3ec Čas ukončení: 4294967295 Cesta
k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID
hlášení: 90cc2d0a-0534-4d5a-8545-4639fd81fdca Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy

ID
aplikace relativní podle balíčku s chybou: App Typ zablokování: Cross-process

Error - 1.6.2019 12:35:11 | Computer Name = Zaky-PC | Source = Application Hang | ID = 1002
Description = Program FRST64.exe verze 1.6.2019.0 přestal spolupracovat s Windows
a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto
problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID
procesu: 14d4 Čas spuštění: 01d51897ef58132f Čas ukončení: 4 Cesta k aplikaci: C:\Users\Zaky\Desktop\FRST64.exe

ID
hlášení: 5a3a9e51-be96-4497-9a38-2f877afe74d6 Úplný název balíčku s chybou: ? ID
aplikace relativní podle balíčku s chybou: ? Typ zablokování: Unknown

[ Parameters Events ]
OTL encountered an error while reading this event log. It may be corrupt.
[ State Events ]
OTL encountered an error while reading this event log. It may be corrupt.
Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Služba sdílení portů Net.Tcp byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat
službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7034
Description = Služba Intel(R) Management and Security Application User Notification
Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Intel(R) Management and Security Application Local Management
Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude
spuštěna za 10000 milisekund: Restartovat službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Adaptér naslouchání Net.Msmq byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat
službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Řízení front zpráv byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error - 1.6.2019 12:35:55 | Computer Name = Zaky-PC | Source = Service Control Manager | ID = 7031
Description = Služba Instalační služba modulů systému Windows byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund:
Restartovat službu.

Error - 1.6.2019 12:37:29 | Computer Name = Zaky-PC | Source = DCOM | ID = 10016
Description =

Error - 1.6.2019 12:38:35 | Computer Name = Zaky-PC | Source = DCOM | ID = 10016
Description =

Error - 1.6.2019 12:38:35 | Computer Name = Zaky-PC | Source = DCOM | ID = 10016
Description =


< End of report >

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 19:37

Ten otl má 181 tisíc znaků, tak jsem to dal do raru, jestli nevadí.
Nemáte oprávnění prohlížet přiložené soubory.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod jaro3 » 01 čer 2019 21:22

Bohužel vadí , špatně se to luští z toho textáku..

rozděl to do více příspěvků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

zaky
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: srpen 12
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu Zaky- pravděpodobně zjištění hesla

Příspěvekod zaky » 01 čer 2019 21:27

OTL logfile created on: 1.6.2019 19:21:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaky\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17763.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

15,95 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,05% Memory free
16,95 Gb Paging File | 13,06 Gb Available in Paging File | 77,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,26 Gb Total Space | 289,88 Gb Free Space | 62,31% Space Free | Partition Type: NTFS

Computer Name: ZAKY-PC | User Name: Zaky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Zaky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Windows\SysWOW64\fontdrvhost.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (BcastDVRUserService) -- C:\Windows\SysNative\bcastdvruserservice.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SharedRealitySvc) -- C:\Windows\SysNative\SharedRealitySvc.dll (Microsoft Corporation)
SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (InstallService) -- C:\Windows\SysNative\InstallService.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (SgrmBroker) -- C:\Windows\SysNative\SgrmBroker.exe (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CmdAgentProt) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (cmdvirth) -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV:64bit: - (wlpasvc) -- C:\Windows\SysNative\lpasvc.dll (Microsoft Corporation)
SRV:64bit: - (DisplayEnhancementService) -- C:\Windows\SysNative\Microsoft.Graphics.Display.DisplayEnhancementService.dll (Microsoft Corporation)
SRV:64bit: - (DusmSvc) -- C:\Windows\SysNative\dusmsvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (BTAGService) -- C:\Windows\SysNative\BTAGService.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\psmsrv.dll (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc) -- C:\Windows\SysNative\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (TokenBroker) -- C:\Windows\SysNative\TokenBroker.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (SecurityHealthService) -- C:\Windows\SysNative\SecurityHealthService.exe (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (ssh-agent) -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe ()
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (spectrum) -- C:\Windows\SysNative\Spectrum.exe (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (diagsvc) -- C:\Windows\SysNative\DiagSvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (cbdhsvc) -- C:\Windows\SysNative\CBDHSvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (ConsentUxUserSvc) -- C:\Windows\SysNative\ConsentUxClient.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (perceptionsimulation) -- C:\Windows\SysNative\PerceptionSimulation\PerceptionSimulationService.exe (Microsoft Corporation)
SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc) -- C:\Windows\SysNative\PrintWorkflowService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (ConsentUxUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (cbdhsvc_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CaptureService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BcastDVRUserService_4b4a1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (CaptureService) -- C:\Windows\SysNative\CaptureService.dll (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc) -- C:\Windows\SysNative\DevicesFlowBroker.dll (Microsoft Corporation)
SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
SRV:64bit: - (BthAvctpSvc) -- C:\Windows\SysNative\BthAvctpSvc.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (WaaSMedicSvc) -- C:\Windows\SysNative\WaaSMedicSvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (SEMgrSvc) -- C:\Windows\SysNative\SEMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (PushToInstall) -- C:\Windows\SysNative\PushToInstall.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (GraphicsPerfSvc) -- C:\Windows\SysNative\GraphicsPerfSvc.dll (Microsoft Corporation)
SRV:64bit: - (WarpJITSvc) -- C:\Windows\SysNative\Windows.WARP.JITService.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (camsvc) -- C:\Windows\SysNative\CapabilityAccessManager.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (NaturalAuthentication) -- C:\Windows\SysNative\NaturalAuth.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (WManSvc) -- C:\Windows\SysNative\Windows.Management.Service.dll (Microsoft Corporation)
SRV:64bit: - (WFDSConMgrSvc) -- C:\Windows\SysNative\WFDSConMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (WpcMonSvc) -- C:\Windows\SysNative\WpcDesktopMonSvc.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService) -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll (Microsoft Corporation)
SRV:64bit: - (VacSvc) -- C:\Windows\SysNative\vac.dll (Microsoft Corporation)
SRV:64bit: - (LxpSvc) -- C:\Windows\SysNative\LanguageOverlayServer.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (XboxGipSvc) -- C:\Windows\SysNative\xboxgipsvc.dll (Microsoft Corporation)
SRV:64bit: - (IpxlatCfgSvc) -- C:\Windows\SysNative\ipxlatcfg.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (WdNisSvc) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (InstallService) -- C:\Windows\SysWOW64\InstallService.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (PrintWorkflowUserSvc) -- C:\Windows\SysWOW64\PrintWorkflowService.dll (Microsoft Corporation)
SRV - (DevicePickerUserSvc) -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV - (TokenBroker) -- C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (GoogleChromeElevationService) -- C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe (Google Inc.)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (tzautoupdate) -- C:\Windows\SysWOW64\tzautoupdate.dll (Microsoft Corporation)
SRV - (wisvc) -- C:\Windows\SysWOW64\FlightSettings.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\wd\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\wd\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (amsdk) -- C:\Windows\SysNative\drivers\amsdk.sys (Copyright 2018.)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
DRV:64bit: - (WinQuic) -- C:\Windows\SysNative\drivers\winquic.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (cmdboot) -- C:\Windows\SysNative\drivers\cmdboot.sys (COMODO)
DRV:64bit: - (dtliteusbbus) -- C:\Windows\SysNative\drivers\dtliteusbbus.sys (Disc Soft Ltd)
DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV:64bit: - (MbbCx) -- C:\Windows\SysNative\drivers\MbbCx.sys (Microsoft Corporation)
DRV:64bit: - (CldFlt) -- C:\Windows\SysNative\drivers\cldflt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (bindflt) -- C:\Windows\SysNative\drivers\bindflt.sys (Microsoft Corporation)
DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (SpatialGraphFilter) -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (PktMon) -- C:\Windows\SysNative\drivers\PktMon.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SgrmAgent) -- C:\Windows\SysNative\drivers\SgrmAgent.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (afunix) -- C:\Windows\SysNative\drivers\afunix.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
DRV:64bit: - (WdmCompanionFilter) -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsiCx0101) -- C:\Windows\SysNative\drivers\UcmUcsiCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (HwNClx0101) -- C:\Windows\SysNative\drivers\mshwnclx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (bam) -- C:\Windows\SysNative\drivers\bam.sys (Microsoft Corporation)
DRV:64bit: - (WinNat) -- C:\Windows\SysNative\drivers\winnat.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (IPT) -- C:\Windows\SysNative\drivers\ipt.sys (Microsoft Corporation)
DRV:64bit: - (Ramdisk) -- C:\Windows\SysNative\drivers\ramdisk.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (hidspi) -- C:\Windows\SysNative\drivers\hidspi.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (Microsoft_Bluetooth_AvrcpTransport) -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.AvrcpTransport.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (BthMini) -- C:\Windows\SysNative\drivers\BthMini.SYS (Microsoft Corporation)
DRV:64bit: - (hvcrash) -- C:\Windows\SysNative\drivers\hvcrash.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsiAcpiClient) -- C:\Windows\SysNative\drivers\UcmUcsiAcpiClient.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (iaStorAVC) -- C:\Windows\SysNative\drivers\iaStorAVC.sys (Intel Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (mausbhost) -- C:\Windows\SysNative\drivers\mausbhost.sys (Microsoft Corporation)
DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (SmartSAMD) -- C:\Windows\SysNative\drivers\SmartSAMD.sys (Microsemi Corportation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (nvdimm) -- C:\Windows\SysNative\drivers\nvdimm.sys (Microsoft Corporation)
DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (pmem) -- C:\Windows\SysNative\drivers\pmem.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
DRV:64bit: - (mausbip) -- C:\Windows\SysNative\drivers\mausbip.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (bttflt) -- C:\Windows\SysNative\drivers\bttflt.sys (Microsoft Corporation)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (ItSas35i) -- C:\Windows\SysNative\drivers\ItSas35i.sys (Avago Technologies)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (rhproxy) -- C:\Windows\SysNative\drivers\rhproxy.sys (Microsoft Corporation)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (megasas35i) -- C:\Windows\SysNative\drivers\megasas35i.sys (Avago Technologies)
DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SDFRd) -- C:\Windows\SysNative\drivers\SDFRd.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
DRV:64bit: - (swenum) -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys (Microsoft Corporation)
DRV:64bit: - (PNPMEM) -- C:\Windows\SysNative\drivers\pnpmem.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSS2i_I2C_CNL) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_CNL.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C_GLK) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_GLK.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_CNL) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_CNL.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_GLK) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_GLK.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
DRV:64bit: - (CAD) -- C:\Windows\SysNative\drivers\CAD.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nvvhci) -- C:\Windows\SysNative\drivers\nvvhci.sys (NVIDIA Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWT6.sys (Advanced Micro Devices)
DRV:64bit: - (KbFilter_Kb_FlexDef3x) -- C:\Windows\SysNative\drivers\KbFilter_FlexDef3x.sys (Siliten)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (afunix) -- C:\Windows\SysWOW64\drivers\afunix.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys (Microsoft Corporation)
DRV - (swenum) -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys (Advanced Micro Devices, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F E0 78 FC 56 99 D4 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 2D D1 0B 37 DA CD D4 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 5 hostů