Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

snaživý svchost.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
valkys27
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 14 úno 2017 18:32

snaživý svchost.exe

#1 Příspěvek od valkys27 »

Dobrý den,

mám podezření, že bych nemusel mít PC úplně čistý. Firewall Esetu (který jsem nainstaloval teprve před nedávnem) pravidelně zachycuje velké množství žádostí programu svchost.exe.

Nejprve jsem to nechal projet pomocí Malwarebytes, kdy jsem kromě obvyklé kontroly zaškrtl i kontrolu rootkitů a vybral složku C:/Window/System32, log je zde:

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 14.02.2017
Čas skenování: 16:06
Protokol: mbmlog.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2017.02.14.05
Databáze rootkitů: v2017.02.11.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: tomas

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 466235
Uplynulý čas: 18 min, 17 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, 4816, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1]

Moduly: 1
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],

Klíče registru: 3
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9676A6CD-6712-4070-BECB-096F161A0DAB}, Smazat při restartu, [7c6141615553db5b6fe0b6c4bf4158a8],
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimDrivers Startup, Smazat při restartu, [a934534f8f19b680c84b88f4cb35b44c],
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, Do karantény, [f8e581211d8bc96dc7096e0e8a76d42c],

Hodnoty registru: 1
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9676A6CD-6712-4070-BECB-096F161A0DAB}|Path, \SlimDrivers Startup, Smazat při restartu, [7c6141615553db5b6fe0b6c4bf4158a8]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 5
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],

Soubory: 26
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\drivers\SWDUMon.sys, Smazat při restartu, [98e8c921f7f17f113aaa128ec7310213],
PUP.Optional.SlimCleanerPlus, C:\Windows\Tasks\SlimDrivers Startup.job, Do karantény, [7d60c9d975331d19b3e814602dd33bc5],
PUP.Optional.SlimCleanerPlus, C:\Users\Public\Desktop\SlimDrivers.lnk, Do karantény, [12cbe7bbfdabec4a0e176b0b6e9206fa],
PUP.Optional.SlimCleanerPlus, C:\Windows\System32\Tasks\SlimDrivers Startup, Do karantény, [14c9564c7137fd393a6ed8a1f20ee21e],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\Open-Source Licenses.txt, Do karantény, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Smazat při restartu, [8f4e554dbfe976c0eef4c2b2b0502fd1],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk, Do karantény, [75686240a701979fc02a086d53ad32ce],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\005BB5BBF7F552BFFBF52AF02E37C660200000000000345FCC.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00141FE31BF8001641E89EEB133ED9FA4800000000163A2080.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\001B1CDE8B777AABB630BC736144897F4E0000000006A1A0F6.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\002A07541DF4F606752FE30D7EF177C8900000000000483C71.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\002B0A103B66DEC69F4F7040C4BF8F054B00000000002ED18F.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\003B29C80AD8A0AA794582B026DB4FE73C0000000005EDB76C.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0056DEB266A2ECC8EA232D69FB17CA5C40000000000C9BC44C.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\005CA653BA87097751073CDDAD564807AC0000000000B857FD.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00678166AB5A2F988B408CFE131B205DFB00000000003EAC01.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\007858BFCCC5799FD10783669CD4EA0912000000000DC39135.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\007D6016313FCE26C9F8C6F93F3576C2420000000000FD146D.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0086337436C211BF368CB05A518E99F12400000000004F9189.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\008B6597F5E4682AA9AC883E66EA474A230000000000D63F18.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00B3E9AE34D73D900EFEB1240DFECD31E700000000004D02B1.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00BD94D85BC811AB9CF71734F43105C92B0000000005F06037.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00C336C3A8AA2885ED8A16528E4CC989F90000000000C4F2EC.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00E0CDBC3FC3F99D0553C655A2B543810C000000000082BF4D.exe, Do karantény, [5b822c767a2e64d2b0d7c9af2ad617e9],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Program Slim Drivers by neměl být nebezpečný, ale radši jsem nechal vše vymazat, aby další výsledky byly přehlednější. Dále jsem spustil CCleaner, ve kterém jsem nechal nejprve analyzovat a spustil cleaner ve Windows a Aplikacích a dále jsem analyzoval a nechal opravit všechny chyby v registrech. Nakonec jsem to nechal ještě projet programem RSIT, log jsem rozdělil do dvou zpráv:

Logfile of random's system information tool 1.14 (written by random/random)
Run by tomas at 2017-02-14 21:58:14
Microsoft Windows 10 Education
System drive C: has 243 GB (56%) free of 436 GB
Total RAM: 8098 MB (38% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:58:15, on 14.02.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0726)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
C:\Program Files\trend micro\tomas_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" (User '?')
O4 - HKUS\S-1-5-21-3629950189-3343636212-1747802599-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\Fanda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = upce.cz,wifi-net.upce.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = upce.cz,wifi-net.upce.cz
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Developer Tools Service (DeveloperToolsService) - Unknown owner - C:\Windows\System32\DeveloperToolsSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem73.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 14719 bytes

======Enumerating Processes======

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4bc3c2ae-807a-4909-bb9d-c7371ab57d62 -SystemEventPortName:HostProcess-6fd68ab8-cd35-46a5-88f2-fd28df9f6cfd -IoCancelEventPortName:HostProcess-5dd72a78-5f43-472b-ac55-1ceb81cf6712 -NonStateChangingEventPortName:HostProcess-7b26ec88-deae-469a-a5a8-7ec9775b2c5e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8753b429-c0fb-403a-ab5e-a30dcaebc97d -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\WLANExt.exe 2827392367616
C:\Windows\System32\spoolsv.exe
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\ibtsiva.exe
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\system32\svchost.exe -k SshBrokerGroup
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k SshProxyGroup
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=gpu-process --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,23,40,59,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4568 --gpu-driver-date=12-16-2016 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x1299 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --service-request-channel-token=09AABA458274C7D3FD40092AC429840F --mojo-platform-channel-handle=1504 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=9D708145FBB58FE39E90BBA98354E2CF --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9D708145FBB58FE39E90BBA98354E2CF --renderer-client-id=3 --mojo-platform-channel-handle=2096 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=89A82D8C6FBB0D2B25E0E3BC51905C56 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=89A82D8C6FBB0D2B25E0E3BC51905C56 --renderer-client-id=4 --mojo-platform-channel-handle=2112 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=F80D306EFA86864C0D12DB7C52F51E1C --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=F80D306EFA86864C0D12DB7C52F51E1C --renderer-client-id=5 --mojo-platform-channel-handle=2096 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=09170BA0A3B3F427C143F6F278620226 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=09170BA0A3B3F427C143F6F278620226 --renderer-client-id=6 --mojo-platform-channel-handle=2244 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=0029EF49944E0E0934A54E87D9DCAF8A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0029EF49944E0E0934A54E87D9DCAF8A --renderer-client-id=7 --mojo-platform-channel-handle=2252 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=3DA901ADA932F518F430E1B098249C5D --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3DA901ADA932F518F430E1B098249C5D --renderer-client-id=8 --mojo-platform-channel-handle=2916 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=7AA6B8E99AE93C0798FB6B5DB1C55430 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=7AA6B8E99AE93C0798FB6B5DB1C55430 --renderer-client-id=11 --mojo-platform-channel-handle=3080 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=0307EACB8A40D4D7EE72CF932B903E7A --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0307EACB8A40D4D7EE72CF932B903E7A --renderer-client-id=12 --mojo-platform-channel-handle=5964 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\system32\fontdrvhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=8064013FEB52155489A95994AC9D0B69 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=8064013FEB52155489A95994AC9D0B69 --renderer-client-id=29 --mojo-platform-channel-handle=9644 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=A2FEC230F70A95EA278151D75B1A9AEE --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A2FEC230F70A95EA278151D75B1A9AEE --renderer-client-id=30 --mojo-platform-channel-handle=9876 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=53AB1D2E044ED9BB44BEDF093E7777BD --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=53AB1D2E044ED9BB44BEDF093E7777BD --renderer-client-id=31 --mojo-platform-channel-handle=10124 /prefetch:1
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=B72110798D5D3142B0251C32BFAA665B --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=B72110798D5D3142B0251C32BFAA665B --renderer-client-id=32 --mojo-platform-channel-handle=8524 /prefetch:1
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe" --type=renderer --alt-high-dpi-setting=144 --system-dpi-setting=144 --primordial-pipe-token=518BB47A38C4F1D5DF59E28EAD7F7729 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=518BB47A38C4F1D5DF59E28EAD7F7729 --renderer-client-id=43 --mojo-platform-channel-handle=11792 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.202.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxMail.exe" -ServerName:microsoft.windowslive.mail.AppX7fgs1v31b27fq9zen50wdw83aappcatm.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\taskhostw.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\AUDIODG.EXE 0x474
"C:\Users\tomas\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1474730951 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\{09CD85D6-0074-4140-9175-386AE26D4228} - C:\Windows\system32\pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Setup.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
C:\Windows\system32\tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} - C:\Windows\system32\pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Game.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate - %comspec% /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\Windows\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - %systemroot%\system32\MusNotification.exe Display
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - %systemroot%\system32\MusNotification.exe ReadyToReboot
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\Windows\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\Windows\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\applicationdata\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\VisualStudio\VSIX Auto Update 14 - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload

=========Mozilla firefox=========

ProfilePath - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll


C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\addons.json
SQLite Manager - extension - SQLiteManager@mrinalkant.blogspot.com

C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\extensions.json
SQLite Manager - extension - SQLiteManager@mrinalkant.blogspot.com - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\tjdwn9tk.default\pluginreg.dat
Plugin - VLC Web Plugin - 2.2.4.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.7654 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.7654 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.20513.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
Plugin - Java(TM) Platform SE 8 U121 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1210.13 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll
Plugin - Foxit Reader Plugin for Mozilla - 2.2.5.1228 - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

=========Google Chrome=========

C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bfojhefgpnccghohpddmflkacblipkka
Extension binjiceocgbfooocmheaenmmcominbpe
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension boeajhmfdjldchidhphikilcgdacljfm 0 Facebook 1.0.3
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension ebjecbnjnlpimkjjbejpkpnnaikidkfn
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efgpgbcidmnhkoeceikdacelidndbfgl
Extension ejjicmeblgpmajnghnpcppodonldlgfn 0 Kalendář Google 4.5.10
Extension elioihkkcdgakfbahdoddophfngopipi 1 Photo Zoom for Facebook 1.1428.5.3
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension galfofdpepkcahkfobimileafiobdplb
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hafdlehgocfcodbgjnpecfajgkeejnaa 1 NetBeans Connector 1.1.5
Extension hgdddaddoobhekenhpjbmfdbfbgdikid 1 Settings 1.1
Extension hijbjhjjipenfibfbleadidijdimlpmk
Extension ibiiaimghkbhffgkkdogldehnidojjga 1 History 1.0.5
Extension icppfcnhkcmnfdhfhphakoifcfokfdhg 0 Google Play Music 5.5
Extension ihmgiclibbndffejedjimfjmfoabpcke 1 Instant Translate: Select and Translate 3.1.3
Extension jfchnphgogjhineanplmfkofljiagjfb 1 Downloads 2
Extension jpnjjlbngpejmmhgcaagljaomgnginml 0 IP adresa 8.0
Extension kchdfagjljmhgapoonapmfngpadcjkhk 1 Viewport Dimensions 0.0.7
Extension khkndikhbnfgibpkpdgdnmdlcfpkichc
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lneaknkopdijkpnocmklfnjbeapigfbh 0 Mapy Google 5.4.1
Extension mafbdhjdkjnoafhfelkjpchpaepjknad 1 Morpheon Dark 3.1
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mfpkkoiibimbkkchgekkjcadbmjkmaia
Extension mgndgikekgjfcpckkfioiadnlibdjbkf
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension ndjpnladcallmjemlbaebfadecfhkepb 1 Office Online 1.5.0
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension niloccemoadcdkdjlinkgdfekeahmflj 1 Save to Pocket 2.1.17
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension ocahflfncldbecinbclgfbkgenbdpjjh
Extension odklcfojpedohplkimfdpcamkjnhanaj 0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: http://www.google.com
default_search_provider.search_url:
C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28 214208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22 571456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28 2888896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22 234560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28 151232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06 75104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28 1955528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2015-11-24 71168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03 3944136]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-09-09 16696832]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-09 1467400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-20 1517280]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-02-08 9363672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\tomas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"=C:\Windows\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2016-07-11 225944]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
Nahoru
valkys27
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 14 úno 2017 18:32

Re: snaživý svchost.exe

#2 Příspěvek od valkys27 »

======List of files/folders created in the last 1 month======

2017-02-14 18:36:28 ----D---- C:\rsit
2017-02-14 18:36:28 ----D---- C:\Program Files\trend micro
2017-02-14 17:24:20 ----HD---- C:\OneDriveTemp
2017-02-13 21:44:08 ----D---- C:\Users\tomas\AppData\Roaming\java
2017-02-13 18:30:29 ----AD---- C:\Program Files (x86)\Microsoft VS Code
2017-02-13 00:15:16 ----D---- C:\Users\tomas\AppData\Roaming\Code
2017-02-12 00:31:15 ----D---- C:\ProgramData\ESET
2017-02-12 00:31:15 ----D---- C:\Program Files\ESET
2017-02-11 23:30:05 ----A---- C:\Windows\system32\SRSWOW64.dll
2017-02-11 23:30:05 ----A---- C:\Windows\system32\SRSTSX64.dll
2017-02-11 23:30:04 ----A---- C:\Windows\system32\SRSTSH64.dll
2017-02-11 23:30:04 ----A---- C:\Windows\system32\SRSHP64.dll
2017-02-11 23:29:59 ----A---- C:\Windows\system32\SFSS_APO.dll
2017-02-11 23:29:58 ----A---- C:\Windows\system32\SFNHK64.dll
2017-02-11 23:29:57 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2017-02-11 23:29:57 ----A---- C:\Windows\system32\SFCOM64.dll
2017-02-11 23:29:57 ----A---- C:\Windows\system32\SFAPO64.dll
2017-02-11 23:29:54 ----A---- C:\Windows\system32\drivers\rtvienna.dat
2017-02-11 23:29:53 ----A---- C:\Windows\system32\RtPgEx64.dll
2017-02-11 23:29:53 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2017-02-11 23:29:51 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2017-02-11 23:29:50 ----A---- C:\Windows\system32\RtkCoLDR64.dll
2017-02-11 23:29:50 ----A---- C:\Windows\system32\RtkCfg64.dll
2017-02-11 23:29:49 ----A---- C:\Windows\system32\RtkApi64.dll
2017-02-11 23:29:49 ----A---- C:\Windows\system32\RTEEP64A.dll
2017-02-11 23:29:49 ----A---- C:\Windows\system32\RTEEL64A.dll
2017-02-11 23:29:48 ----A---- C:\Windows\system32\RTEEG64A.dll
2017-02-11 23:29:48 ----A---- C:\Windows\system32\RTEED64A.dll
2017-02-11 23:29:48 ----A---- C:\Windows\system32\RtDataProc64.dll
2017-02-11 23:29:46 ----A---- C:\Windows\system32\RTCOM64.dll
2017-02-11 23:29:45 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2017-02-11 23:29:44 ----A---- C:\Windows\system32\RP3DHT64.dll
2017-02-11 23:29:44 ----A---- C:\Windows\system32\RP3DAA64.dll
2017-02-11 23:29:44 ----A---- C:\Windows\system32\RltkAPO64.dll
2017-02-11 23:29:39 ----A---- C:\Windows\system32\RCoRes64.dat
2017-02-11 23:29:38 ----A---- C:\Windows\system32\RCoInstII64.dll
2017-02-11 23:29:35 ----A---- C:\Windows\system32\R4EEP64A.dll
2017-02-11 23:29:35 ----A---- C:\Windows\system32\R4EEL64A.dll
2017-02-11 23:29:35 ----A---- C:\Windows\system32\R4EEG64A.dll
2017-02-11 23:29:35 ----A---- C:\Windows\system32\R4EED64A.dll
2017-02-11 23:29:35 ----A---- C:\Windows\system32\R4EEA64A.dll
2017-02-11 23:29:27 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-02-11 23:29:15 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2017-02-11 23:29:13 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2017-02-11 23:29:13 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2017-02-11 23:29:11 ----A---- C:\Windows\system32\HiFiDAX2API.dll
2017-02-11 23:28:53 ----A---- C:\Windows\system32\FMAPO64.dll
2017-02-11 23:28:53 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-02-11 23:28:52 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2017-02-11 23:28:51 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-02-11 23:28:51 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-02-11 23:28:51 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2017-02-11 23:28:51 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2017-02-11 23:28:50 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2017-02-11 23:28:50 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2017-02-11 23:28:50 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2017-02-11 23:28:50 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-02-11 23:28:49 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2017-02-11 23:28:48 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-02-11 23:28:47 ----A---- C:\Windows\system32\DolbyDAX2APOv211.dll
2017-02-11 23:28:47 ----A---- C:\Windows\system32\DolbyDAX2APOProp.dll
2017-02-11 23:28:46 ----A---- C:\Windows\system32\DDPP64AF3.dll
2017-02-11 23:28:46 ----A---- C:\Windows\system32\DDPP64A.dll
2017-02-11 23:28:46 ----A---- C:\Windows\system32\DDPO64AF3.dll
2017-02-11 23:28:46 ----A---- C:\Windows\system32\DDPO64A.dll
2017-02-11 23:28:45 ----A---- C:\Windows\system32\DDPD64AF3.dll
2017-02-11 23:28:45 ----A---- C:\Windows\system32\DDPD64A.dll
2017-02-11 23:28:45 ----A---- C:\Windows\system32\DDPA64F3.dll
2017-02-11 23:28:45 ----A---- C:\Windows\system32\DDPA64.dll
2017-02-11 23:28:43 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-02-11 23:28:39 ----A---- C:\Windows\system32\AERTAR64.dll
2017-02-11 23:28:39 ----A---- C:\Windows\system32\AERTAC64.dll
2017-02-08 22:28:56 ----D---- C:\Program Files (x86)\FOXIT SOFTWARE
2017-02-08 08:26:46 ----A---- C:\Windows\SetupAfterRebootService.exe
2017-02-07 18:03:01 ----D---- C:\Users\tomas\AppData\Roaming\ESET
2017-02-07 09:30:24 ----D---- C:\Windows\SYSWOW64\RTCOM
2017-02-07 01:25:03 ----A---- C:\Windows\system32\WdfCoInstaller01011.dll
2017-02-07 01:25:02 ----A---- C:\Windows\system32\drivers\dptf_pch.sys
2017-02-07 00:57:41 ----A---- C:\Windows\system32\RtNicProp64.dll
2017-02-07 00:49:31 ----D---- C:\Windows\LastGood
2017-02-07 00:47:57 ----A---- C:\Windows\SYSWOW64\RtCamP.dll
2017-02-07 00:47:57 ----A---- C:\Windows\system32\RtCamP64.dll
2017-02-07 00:47:53 ----A---- C:\Windows\SYSWOW64\RsDecode.dll
2017-02-07 00:47:53 ----A---- C:\Windows\system32\RtCamO64.dll
2017-02-07 00:46:00 ----D---- C:\Win10_Drivers
2017-02-07 00:37:25 ----D---- C:\Program Files\Common Files\Intel
2017-02-01 21:48:39 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2017-02-01 21:48:34 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2017-02-01 21:48:34 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2017-02-01 21:48:34 ----A---- C:\Windows\system32\vulkaninfo.exe
2017-02-01 21:48:34 ----A---- C:\Windows\system32\vulkan-1.dll
2017-02-01 21:47:15 ----A---- C:\Windows\NvContainerRecovery.bat
2017-01-28 16:34:10 ----D---- C:\Windows\LastGood.Tmp
2017-01-26 17:09:11 ----AD---- C:\Program Files\NetBeans 8.2
2017-01-25 15:05:05 ----A---- C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-01-25 15:05:04 ----A---- C:\Windows\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2017-01-25 15:05:04 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-01-25 15:05:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-01-25 15:05:04 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-01-25 15:05:04 ----A---- C:\Windows\system32\msfeeds.dll
2017-01-25 15:05:04 ----A---- C:\Windows\system32\iedkcs32.dll
2017-01-25 15:05:04 ----A---- C:\Windows\system32\ie4uinit.exe
2017-01-25 15:05:03 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-01-25 15:05:03 ----A---- C:\Windows\system32\webcheck.dll
2017-01-25 15:05:03 ----A---- C:\Windows\system32\Unistore.dll
2017-01-25 15:05:03 ----A---- C:\Windows\system32\RADCUI.dll
2017-01-25 15:05:02 ----A---- C:\Windows\system32\ieframe.dll
2017-01-25 15:05:01 ----A---- C:\Windows\system32\srvsvc.dll
2017-01-25 15:05:01 ----A---- C:\Windows\system32\MFMediaEngine.dll
2017-01-25 15:05:01 ----A---- C:\Windows\system32\lsasrv.dll
2017-01-25 15:05:00 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-01-25 15:05:00 ----A---- C:\Windows\system32\sdshext.dll
2017-01-25 15:05:00 ----A---- C:\Windows\system32\sdengin2.dll
2017-01-25 15:05:00 ----A---- C:\Windows\system32\Pimstore.dll
2017-01-25 15:05:00 ----A---- C:\Windows\system32\mfds.dll
2017-01-25 15:04:59 ----A---- C:\Windows\SYSWOW64\Windows.Media.Speech.dll
2017-01-25 15:04:59 ----A---- C:\Windows\system32\MSPhotography.dll
2017-01-25 15:04:59 ----A---- C:\Windows\system32\mfsvr.dll
2017-01-25 15:04:58 ----A---- C:\Windows\SYSWOW64\MMDevAPI.dll
2017-01-25 15:04:58 ----A---- C:\Windows\SYSWOW64\explorer.exe
2017-01-25 15:04:58 ----A---- C:\Windows\system32\wcnwiz.dll
2017-01-25 15:04:58 ----A---- C:\Windows\system32\MMDevAPI.dll
2017-01-25 15:04:58 ----A---- C:\Windows\system32\mfcore.dll
2017-01-25 15:04:58 ----A---- C:\Windows\system32\drivers\cng.sys
2017-01-25 15:04:58 ----A---- C:\Windows\system32\AuthHost.exe
2017-01-25 15:04:57 ----A---- C:\Windows\SYSWOW64\twinui.dll
2017-01-25 15:04:57 ----A---- C:\Windows\SYSWOW64\netiohlp.dll
2017-01-25 15:04:57 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2017-01-25 15:04:57 ----A---- C:\Windows\system32\wlanui.dll
2017-01-25 15:04:57 ----A---- C:\Windows\system32\mfsrcsnk.dll
2017-01-25 15:04:56 ----A---- C:\Windows\system32\mfnetsrc.dll
2017-01-25 15:04:56 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-25 15:04:56 ----A---- C:\Windows\system32\ExplorerFrame.dll
2017-01-25 15:04:55 ----A---- C:\Windows\system32\wmpmde.dll
2017-01-25 15:04:55 ----A---- C:\Windows\system32\VsGraphicsDesktopEngine.exe
2017-01-25 15:04:55 ----A---- C:\Windows\system32\mfasfsrcsnk.dll
2017-01-25 15:04:55 ----A---- C:\Windows\system32\comsvcs.dll
2017-01-25 15:04:54 ----A---- C:\Windows\SYSWOW64\wsp_health.dll
2017-01-25 15:04:54 ----A---- C:\Windows\SYSWOW64\wsp_fs.dll
2017-01-25 15:04:54 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2017-01-25 15:04:54 ----A---- C:\Windows\SYSWOW64\winmde.dll
2017-01-25 15:04:54 ----A---- C:\Windows\SYSWOW64\FXSCOMEX.dll
2017-01-25 15:04:54 ----A---- C:\Windows\system32\LockAppHost.exe
2017-01-25 15:04:54 ----A---- C:\Windows\system32\DeviceCensus.exe
2017-01-25 15:04:54 ----A---- C:\Windows\system32\dcntel.dll
2017-01-25 15:04:53 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2017-01-25 15:04:53 ----A---- C:\Windows\SYSWOW64\msftedit.dll
2017-01-25 15:04:53 ----A---- C:\Windows\system32\msdtctm.dll
2017-01-25 15:04:53 ----A---- C:\Windows\system32\mfplat.dll
2017-01-25 15:04:53 ----A---- C:\Windows\system32\mfnetcore.dll
2017-01-25 15:04:53 ----A---- C:\Windows\system32\ContactApis.dll
2017-01-25 15:04:53 ----A---- C:\Windows\system32\cemapi.dll
2017-01-25 15:04:52 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Sensors.dll
2017-01-25 15:04:52 ----A---- C:\Windows\system32\Windows.Media.dll
2017-01-25 15:04:52 ----A---- C:\Windows\system32\TokenBroker.dll
2017-01-25 15:04:52 ----A---- C:\Windows\system32\LockAppBroker.dll
2017-01-25 15:04:52 ----A---- C:\Windows\system32\CloudBackupSettings.dll
2017-01-25 15:04:51 ----A---- C:\Windows\SYSWOW64\WWAHost.exe
2017-01-25 15:04:51 ----A---- C:\Windows\SYSWOW64\wpnapps.dll
2017-01-25 15:04:51 ----A---- C:\Windows\SYSWOW64\Windows.UI.Logon.dll
2017-01-25 15:04:51 ----A---- C:\Windows\SYSWOW64\Windows.UI.dll
2017-01-25 15:04:51 ----A---- C:\Windows\SYSWOW64\twinapi.dll
2017-01-25 15:04:51 ----A---- C:\Windows\SYSWOW64\gameux.dll
2017-01-25 15:04:51 ----A---- C:\Windows\system32\Windows.Media.Editing.dll
2017-01-25 15:04:51 ----A---- C:\Windows\system32\Windows.Devices.SmartCards.dll
2017-01-25 15:04:51 ----A---- C:\Windows\system32\TSWorkspace.dll
2017-01-25 15:04:51 ----A---- C:\Windows\system32\MusNotification.exe
2017-01-25 15:04:51 ----A---- C:\Windows\system32\mfmp4srcsnk.dll
2017-01-25 15:04:51 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-01-25 15:04:50 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Perception.dll
2017-01-25 15:04:50 ----A---- C:\Windows\SYSWOW64\daxexec.dll
2017-01-25 15:04:50 ----A---- C:\Windows\system32\srmclient.dll
2017-01-25 15:04:50 ----A---- C:\Windows\system32\SettingSync.dll
2017-01-25 15:04:50 ----A---- C:\Windows\system32\MFCaptureEngine.dll
2017-01-25 15:04:50 ----A---- C:\Windows\system32\EmailApis.dll
2017-01-25 15:04:50 ----A---- C:\Windows\system32\ci.dll
2017-01-25 15:04:49 ----A---- C:\Windows\SYSWOW64\Windows.Graphics.Printing.3D.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\winhttp.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\Windows.Media.Audio.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\UserLanguagesCpl.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\twinui.appcore.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\MSVideoDSP.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\ChatApis.dll
2017-01-25 15:04:49 ----A---- C:\Windows\system32\AppointmentApis.dll
2017-01-25 15:04:48 ----A---- C:\Windows\SYSWOW64\srmclient.dll
2017-01-25 15:04:48 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-01-25 15:04:48 ----A---- C:\Windows\system32\srmscan.dll
2017-01-25 15:04:48 ----A---- C:\Windows\system32\MusNotificationUx.exe
2017-01-25 15:04:48 ----A---- C:\Windows\system32\evr.dll
2017-01-25 15:04:48 ----A---- C:\Windows\system32\combase.dll
2017-01-25 15:04:48 ----A---- C:\Windows\system32\CloudExperienceHostCommon.dll
2017-01-25 15:04:47 ----A---- C:\Windows\SYSWOW64\gpapi.dll
2017-01-25 15:04:47 ----A---- C:\Windows\system32\WinTypes.dll
2017-01-25 15:04:47 ----A---- C:\Windows\system32\UserDataService.dll
2017-01-25 15:04:47 ----A---- C:\Windows\system32\ole32.dll
2017-01-25 15:04:47 ----A---- C:\Windows\system32\MFPlay.dll
2017-01-25 15:04:47 ----A---- C:\Windows\system32\dlnashext.dll
2017-01-25 15:04:47 ----A---- C:\Windows\system32\CloudExperienceHostUser.dll
2017-01-25 15:04:46 ----A---- C:\Windows\SYSWOW64\wsp_sr.dll
2017-01-25 15:04:46 ----A---- C:\Windows\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-01-25 15:04:46 ----A---- C:\Windows\SYSWOW64\dlnashext.dll
2017-01-25 15:04:46 ----A---- C:\Windows\SYSWOW64\CoreUIComponents.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\Windows.Perception.Stub.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\UserDataTimeUtil.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\thumbcache.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\StoreAgent.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\MCCSEngineShared.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\LicenseManager.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\internetmail.dll
2017-01-25 15:04:46 ----A---- C:\Windows\system32\drivers\csc.sys
2017-01-25 15:04:46 ----A---- C:\Windows\system32\CloudStorageWizard.exe
2017-01-25 15:04:45 ----A---- C:\Windows\SYSWOW64\Windows.Devices.SerialCommunication.dll
2017-01-25 15:04:45 ----A---- C:\Windows\SYSWOW64\themecpl.dll
2017-01-25 15:04:45 ----A---- C:\Windows\SYSWOW64\sud.dll
2017-01-25 15:04:45 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2017-01-25 15:04:45 ----A---- C:\Windows\system32\mfmkvsrcsnk.dll
2017-01-25 15:04:45 ----A---- C:\Windows\system32\ActiveSyncProvider.dll
2017-01-25 15:04:45 ----A---- C:\Windows\system32\AboveLockAppHost.dll
2017-01-25 15:04:44 ----A---- C:\Windows\SYSWOW64\WPDShServiceObj.dll
2017-01-25 15:04:44 ----A---- C:\Windows\SYSWOW64\olepro32.dll
2017-01-25 15:04:44 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2017-01-25 15:04:44 ----A---- C:\Windows\SYSWOW64\hgcpl.dll
2017-01-25 15:04:44 ----A---- C:\Windows\system32\SyncSettings.dll
2017-01-25 15:04:44 ----A---- C:\Windows\system32\pnidui.dll
2017-01-25 15:04:44 ----A---- C:\Windows\system32\LocationFramework.dll
2017-01-25 15:04:44 ----A---- C:\Windows\system32\ExSMime.dll
2017-01-25 15:04:44 ----A---- C:\Windows\system32\AppXDeploymentClient.dll
2017-01-25 15:04:43 ----A---- C:\Windows\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-25 15:04:43 ----A---- C:\Windows\SYSWOW64\netshell.dll
2017-01-25 15:04:43 ----A---- C:\Windows\SYSWOW64\mspaint.exe
2017-01-25 15:04:43 ----A---- C:\Windows\SYSWOW64\fontext.dll
2017-01-25 15:04:43 ----A---- C:\Windows\SYSWOW64\DevicePairing.dll
2017-01-25 15:04:43 ----A---- C:\Windows\SYSWOW64\BrowserSettingSync.dll
2017-01-25 15:04:43 ----A---- C:\Windows\system32\Windows.StateRepositoryClient.dll
2017-01-25 15:04:43 ----A---- C:\Windows\system32\TokenBrokerCookies.exe
2017-01-25 15:04:43 ----A---- C:\Windows\system32\tbauth.dll
2017-01-25 15:04:43 ----A---- C:\Windows\system32\rshx32.dll
2017-01-25 15:04:43 ----A---- C:\Windows\system32\nshwfp.dll
2017-01-25 15:04:43 ----A---- C:\Windows\system32\BrowserSettingSync.dll
2017-01-25 15:04:42 ----A---- C:\Windows\system32\Windows.StateRepositoryBroker.dll
2017-01-25 15:04:42 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-01-25 15:04:42 ----A---- C:\Windows\system32\VCardParser.dll
2017-01-25 15:04:42 ----A---- C:\Windows\system32\fhcfg.dll
2017-01-25 15:04:42 ----A---- C:\Windows\system32\DavSyncProvider.dll
2017-01-25 15:04:42 ----A---- C:\Windows\system32\accountaccessor.dll
2017-01-25 15:04:41 ----A---- C:\Windows\SYSWOW64\LaunchWinApp.exe
2017-01-25 15:04:41 ----A---- C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-25 15:04:41 ----A---- C:\Windows\system32\InstallAgent.exe
2017-01-25 15:04:40 ----A---- C:\Windows\SYSWOW64\Unistore.dll
2017-01-25 15:04:40 ----A---- C:\Windows\SYSWOW64\Pimstore.dll
2017-01-25 15:04:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-01-25 15:04:40 ----A---- C:\Windows\SYSWOW64\comuid.dll
2017-01-25 15:04:39 ----A---- C:\Windows\SYSWOW64\WMVSENCD.DLL
2017-01-25 15:04:39 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.dll
2017-01-25 15:04:39 ----A---- C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-25 15:04:39 ----A---- C:\Windows\system32\vds.exe
2017-01-25 15:04:38 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-25 15:04:38 ----A---- C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-25 15:04:36 ----A---- C:\Windows\system32\NgcCtnrSvc.dll
2017-01-25 15:04:32 ----A---- C:\Windows\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-25 15:04:32 ----A---- C:\Windows\system32\wbengine.exe
2017-01-25 15:04:32 ----A---- C:\Windows\system32\generaltel.dll
2017-01-25 15:04:32 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-01-25 15:04:32 ----A---- C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-25 15:04:32 ----A---- C:\Windows\system32\appraiser.dll
2017-01-25 15:04:32 ----A---- C:\Windows\system32\acmigration.dll
2017-01-25 15:04:30 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2017-01-25 15:04:30 ----A---- C:\Windows\system32\Wpc.dll
2017-01-25 15:04:30 ----A---- C:\Windows\system32\VSSVC.exe
2017-01-25 15:04:30 ----A---- C:\Windows\system32\vssapi.dll
2017-01-25 15:04:29 ----A---- C:\Windows\SYSWOW64\aepic.dll
2017-01-25 15:04:29 ----A---- C:\Windows\system32\WpcMon.exe
2017-01-25 15:04:29 ----A---- C:\Windows\system32\ResetEngine.dll
2017-01-25 15:04:29 ----A---- C:\Windows\system32\drivers\vmbkmcl.sys
2017-01-25 15:04:29 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-01-25 15:04:29 ----A---- C:\Windows\system32\drivers\hvsocket.sys
2017-01-25 15:04:29 ----A---- C:\Windows\system32\aepic.dll
2017-01-25 15:04:29 ----A---- C:\Windows\system32\aeinv.dll
2017-01-25 15:04:28 ----A---- C:\Windows\SYSWOW64\wcnwiz.dll
2017-01-25 15:04:28 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2017-01-25 15:04:28 ----A---- C:\Windows\system32\reseteng.dll
2017-01-25 15:04:28 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-01-25 15:04:27 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2017-01-25 15:04:27 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2017-01-25 15:04:27 ----A---- C:\Windows\SYSWOW64\scksp.dll
2017-01-25 15:04:27 ----A---- C:\Windows\SYSWOW64\dbgeng.dll
2017-01-25 15:04:27 ----A---- C:\Windows\SYSWOW64\basecsp.dll
2017-01-25 15:04:27 ----A---- C:\Windows\system32\diagtrack.dll
2017-01-25 15:04:26 ----A---- C:\Windows\system32\Windows.UI.Logon.dll
2017-01-25 15:04:26 ----A---- C:\Windows\system32\devinv.dll
2017-01-25 15:04:25 ----A---- C:\Windows\SYSWOW64\IPHLPAPI.DLL
2017-01-25 15:04:25 ----A---- C:\Windows\system32\wsp_fs.dll
2017-01-25 15:04:25 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2017-01-25 15:04:24 ----A---- C:\Windows\SYSWOW64\cemapi.dll
2017-01-25 15:04:24 ----A---- C:\Windows\system32\wsp_health.dll
2017-01-25 15:04:24 ----A---- C:\Windows\system32\Windows.Web.Http.dll
2017-01-25 15:04:24 ----A---- C:\Windows\system32\Windows.Devices.Sensors.dll
2017-01-25 15:04:23 ----A---- C:\Windows\SYSWOW64\Windows.Web.Http.dll
2017-01-25 15:04:23 ----A---- C:\Windows\system32\xpsrchvw.exe
2017-01-25 15:04:23 ----A---- C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2017-01-25 15:04:23 ----A---- C:\Windows\system32\systemreset.exe
2017-01-25 15:04:23 ----A---- C:\Windows\system32\MusUpdateHandlers.dll
2017-01-25 15:04:23 ----A---- C:\Windows\system32\invagent.dll
2017-01-25 15:04:23 ----A---- C:\Windows\system32\clusapi.dll
2017-01-25 15:04:22 ----A---- C:\Windows\system32\usercpl.dll
2017-01-25 15:04:22 ----A---- C:\Windows\system32\ReAgent.dll
2017-01-25 15:04:22 ----A---- C:\Windows\system32\mstscax.dll
2017-01-25 15:04:21 ----A---- C:\Windows\SYSWOW64\WpcWebFilter.dll
2017-01-25 15:04:21 ----A---- C:\Windows\SYSWOW64\Windows.Networking.Connectivity.dll
2017-01-25 15:04:21 ----A---- C:\Windows\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2017-01-25 15:04:21 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2017-01-25 15:04:21 ----A---- C:\Windows\SYSWOW64\fontdrvhost.exe
2017-01-25 15:04:21 ----A---- C:\Windows\system32\vss_ps.dll
2017-01-25 15:04:21 ----A---- C:\Windows\system32\resutils.dll
2017-01-25 15:04:21 ----A---- C:\Windows\system32\puiobj.dll
2017-01-25 15:04:21 ----A---- C:\Windows\system32\EnterpriseAPNCsp.dll
2017-01-25 15:04:21 ----A---- C:\Windows\system32\CspCellularSettings.dll
2017-01-25 15:04:21 ----A---- C:\Windows\system32\CfgSPCellular.dll
2017-01-25 15:04:20 ----A---- C:\Windows\SYSWOW64\RTMediaFrame.dll
2017-01-25 15:04:20 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-01-25 15:04:20 ----A---- C:\Windows\system32\WinSetupUI.dll
2017-01-25 15:04:20 ----A---- C:\Windows\system32\Windows.Web.dll
2017-01-25 15:04:20 ----A---- C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-01-25 15:04:20 ----A---- C:\Windows\system32\Windows.Devices.Perception.dll
2017-01-25 15:04:19 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2017-01-25 15:04:19 ----A---- C:\Windows\SYSWOW64\AppointmentApis.dll
2017-01-25 15:04:19 ----A---- C:\Windows\system32\WpcWebFilter.dll
2017-01-25 15:04:19 ----A---- C:\Windows\system32\werconcpl.dll
2017-01-25 15:04:17 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2017-01-25 15:04:17 ----A---- C:\Windows\SYSWOW64\EmailApis.dll
2017-01-25 15:04:17 ----A---- C:\Windows\system32\Windows.Networking.dll
2017-01-25 15:04:16 ----A---- C:\Windows\SYSWOW64\Windows.Web.dll
2017-01-25 15:04:16 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Picker.dll
2017-01-25 15:04:16 ----A---- C:\Windows\system32\wsp_sr.dll
2017-01-25 15:04:16 ----A---- C:\Windows\system32\SpaceAgent.exe
2017-01-25 15:04:16 ----A---- C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2017-01-25 15:04:16 ----A---- C:\Windows\system32\BootMenuUX.dll
2017-01-25 15:04:15 ----A---- C:\Windows\system32\RDXService.dll
2017-01-25 15:04:14 ----A---- C:\Windows\SYSWOW64\Windows.Networking.dll
2017-01-25 15:04:14 ----A---- C:\Windows\SYSWOW64\UserDataTimeUtil.dll
2017-01-25 15:04:13 ----A---- C:\Windows\SYSWOW64\wlanapi.dll
2017-01-25 15:04:13 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2017-01-25 15:04:13 ----A---- C:\Windows\SYSWOW64\PlayToDevice.dll
2017-01-25 15:04:13 ----A---- C:\Windows\SYSWOW64\MSVPXENC.dll
2017-01-25 15:04:13 ----A---- C:\Windows\system32\Windows.UI.dll
2017-01-25 15:04:13 ----A---- C:\Windows\system32\Windows.Graphics.Printing.dll
2017-01-25 15:04:13 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-01-25 15:04:12 ----A---- C:\Windows\SYSWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-01-25 15:04:12 ----A---- C:\Windows\SYSWOW64\win32kfull.sys
2017-01-25 15:04:12 ----A---- C:\Windows\SYSWOW64\UserDataAccountApis.dll
2017-01-25 15:04:12 ----A---- C:\Windows\SYSWOW64\AppXDeploymentClient.dll
2017-01-25 15:04:12 ----A---- C:\Windows\system32\wwansvc.dll
2017-01-25 15:04:12 ----A---- C:\Windows\system32\Windows.Networking.Connectivity.dll
2017-01-25 15:04:12 ----A---- C:\Windows\system32\wdp.dll
2017-01-25 15:04:12 ----A---- C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-01-25 15:04:12 ----A---- C:\Windows\system32\FrameServer.dll
2017-01-25 15:04:12 ----A---- C:\Windows\system32\efswrt.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\Windows.Media.FaceAnalysis.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Scanners.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\wfdprov.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\PlayToManager.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\ChatApis.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\ExSMime.dll
2017-01-25 15:04:11 ----A---- C:\Windows\SYSWOW64\dialclient.dll
2017-01-25 15:04:11 ----A---- C:\Windows\system32\wuuhext.dll
2017-01-25 15:04:11 ----A---- C:\Windows\system32\Windows.Devices.Scanners.dll
2017-01-25 15:04:11 ----A---- C:\Windows\system32\Windows.ApplicationModel.dll
2017-01-25 15:04:11 ----A---- C:\Windows\system32\PrintWSDAHost.dll
2017-01-25 15:04:11 ----A---- C:\Windows\system32\PrintDialogs.dll
2017-01-25 15:04:11 ----A---- C:\Windows\system32\cscui.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\Windows.StateRepositoryClient.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\updatepolicy.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\puiobj.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\puiapi.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\iprtrmgr.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\DafPrintProvider.dll
2017-01-25 15:04:10 ----A---- C:\Windows\SYSWOW64\ContactApis.dll
2017-01-25 15:04:10 ----A---- C:\Windows\system32\Windows.Networking.HostName.dll
2017-01-25 15:04:10 ----A---- C:\Windows\system32\Windows.Internal.Management.SecureAssessment.dll
2017-01-25 15:04:10 ----A---- C:\Windows\system32\puiapi.dll
2017-01-25 15:04:10 ----A---- C:\Windows\system32\PrintRenderAPIHost.DLL
2017-01-25 15:04:10 ----A---- C:\Windows\system32\PrintDialogs3D.dll
2017-01-25 15:04:10 ----A---- C:\Windows\system32\drivers\xboxgip.sys
2017-01-25 15:04:10 ----A---- C:\Windows\system32\deviceaccess.dll
2017-01-25 15:04:10 ----A---- C:\Windows\system32\DafPrintProvider.dll
2017-01-25 15:04:09 ----RA---- C:\Windows\system32\SecureAssessmentHandlers.dll
2017-01-25 15:04:09 ----A---- C:\Windows\SYSWOW64\VCardParser.dll
2017-01-25 15:04:09 ----A---- C:\Windows\SYSWOW64\findnetprinters.dll
2017-01-25 15:04:09 ----A---- C:\Windows\system32\rdpencom.dll
2017-01-25 15:04:09 ----A---- C:\Windows\system32\netplwiz.dll
2017-01-25 15:04:08 ----A---- C:\Windows\system32\win32kbase.sys
2017-01-25 15:04:08 ----A---- C:\Windows\system32\urlmon.dll
2017-01-25 15:04:08 ----A---- C:\Windows\system32\SHCore.dll
2017-01-25 15:04:08 ----A---- C:\Windows\system32\certmgr.dll
2017-01-25 15:04:07 ----A---- C:\Windows\system32\mshtml.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\wlansvc.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\Windows.UI.Search.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\werui.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\wcmsvc.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\msctf.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\dui70.dll
2017-01-25 15:04:06 ----A---- C:\Windows\system32\drivers\mskssrv.sys
2017-01-25 15:04:05 ----A---- C:\Windows\system32\WpAXHolder.dll
2017-01-25 15:04:05 ----A---- C:\Windows\system32\mmc.exe
2017-01-25 15:04:05 ----A---- C:\Windows\system32\iertutil.dll
2017-01-25 15:04:05 ----A---- C:\Windows\system32\drivers\ks.sys
2017-01-25 15:04:05 ----A---- C:\Windows\system32\bisrv.dll
2017-01-25 15:04:04 ----A---- C:\Windows\system32\edgehtml.dll
2017-01-25 15:04:03 ----A---- C:\Windows\SYSWOW64\wlidprov.dll
2017-01-25 15:04:03 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2017-01-25 15:04:03 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2017-01-25 15:04:03 ----A---- C:\Windows\SYSWOW64\RADCUI.dll
2017-01-25 15:04:02 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-01-25 15:04:01 ----A---- C:\Windows\SYSWOW64\edgehtml.dll
2017-01-25 15:04:01 ----A---- C:\Windows\system32\Windows.Media.Speech.dll
2017-01-25 15:04:00 ----A---- C:\Windows\SYSWOW64\mfsvr.dll
2017-01-25 15:04:00 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll
2017-01-25 15:04:00 ----A---- C:\Windows\SYSWOW64\mfds.dll
2017-01-25 15:03:59 ----A---- C:\Windows\SYSWOW64\storagewmi.dll
2017-01-25 15:03:59 ----A---- C:\Windows\SYSWOW64\SettingSyncHost.exe
2017-01-25 15:03:59 ----A---- C:\Windows\SYSWOW64\SettingSyncCore.dll
2017-01-25 15:03:59 ----A---- C:\Windows\SYSWOW64\OneDriveSettingSyncProvider.dll
2017-01-25 15:03:59 ----A---- C:\Windows\SYSWOW64\MSPhotography.dll
2017-01-25 15:03:59 ----A---- C:\Windows\system32\BingMaps.dll
2017-01-25 15:03:58 ----A---- C:\Windows\SYSWOW64\wlanui.dll
2017-01-25 15:03:58 ----A---- C:\Windows\SYSWOW64\mispace.dll
2017-01-25 15:03:58 ----A---- C:\Windows\SYSWOW64\mfcore.dll
2017-01-25 15:03:58 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-01-25 15:03:58 ----A---- C:\Windows\system32\Chakra.dll
2017-01-25 15:03:57 ----A---- C:\Windows\SYSWOW64\shell32.dll
2017-01-25 15:03:56 ----A---- C:\Windows\SYSWOW64\mfsrcsnk.dll
2017-01-25 15:03:56 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-25 15:03:56 ----A---- C:\Windows\SYSWOW64\mfasfsrcsnk.dll
2017-01-25 15:03:56 ----A---- C:\Windows\system32\wininet.dll
2017-01-25 15:03:56 ----A---- C:\Windows\system32\wifinetworkmanager.dll
2017-01-25 15:03:56 ----A---- C:\Windows\system32\MapGeocoder.dll
2017-01-25 15:03:56 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2017-01-25 15:03:55 ----A---- C:\Windows\SYSWOW64\mfnetcore.dll
2017-01-25 15:03:55 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-01-25 15:03:55 ----A---- C:\Windows\system32\MapsStore.dll
2017-01-25 15:03:55 ----A---- C:\Windows\system32\MapRouter.dll
2017-01-25 15:03:55 ----A---- C:\Windows\system32\KernelBase.dll
2017-01-25 15:03:54 ----A---- C:\Windows\SYSWOW64\Windows.UI.Input.Inking.dll
2017-01-25 15:03:54 ----A---- C:\Windows\SYSWOW64\Chakra.dll
2017-01-25 15:03:54 ----A---- C:\Windows\system32\winload.exe
2017-01-25 15:03:54 ----A---- C:\Windows\system32\twinapi.appcore.dll
2017-01-25 15:03:54 ----A---- C:\Windows\system32\drivers\dxgmms2.sys
2017-01-25 15:03:54 ----A---- C:\Windows\system32\drivers\dam.sys
2017-01-25 15:03:53 ----A---- C:\Windows\SYSWOW64\Windows.Media.Audio.dll
2017-01-25 15:03:53 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-01-25 15:03:53 ----A---- C:\Windows\SYSWOW64\AppContracts.dll
2017-01-25 15:03:53 ----A---- C:\Windows\system32\wlansec.dll
2017-01-25 15:03:53 ----A---- C:\Windows\system32\Windows.UI.Xaml.Phone.dll
2017-01-25 15:03:53 ----A---- C:\Windows\system32\smartscreen.exe
2017-01-25 15:03:53 ----A---- C:\Windows\system32\iphlpsvc.dll
2017-01-25 15:03:53 ----A---- C:\Windows\system32\hvloader.exe
2017-01-25 15:03:53 ----A---- C:\Windows\system32\drivers\partmgr.sys
2017-01-25 15:03:53 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-01-25 15:03:53 ----A---- C:\Windows\system32\drivers\ndis.sys
2017-01-25 15:03:52 ----A---- C:\Windows\SYSWOW64\Windows.Media.dll
2017-01-25 15:03:52 ----A---- C:\Windows\SYSWOW64\UIRibbon.dll
2017-01-25 15:03:52 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll
2017-01-25 15:03:52 ----A---- C:\Windows\SYSWOW64\authui.dll
2017-01-25 15:03:52 ----A---- C:\Windows\system32\rasmans.dll
2017-01-25 15:03:52 ----A---- C:\Windows\system32\mprddm.dll
2017-01-25 15:03:52 ----A---- C:\Windows\system32\drivers\WdiWiFi.sys
2017-01-25 15:03:51 ----A---- C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-01-25 15:03:51 ----A---- C:\Windows\system32\Windows.Devices.Bluetooth.dll
2017-01-25 15:03:51 ----A---- C:\Windows\system32\UIRibbon.dll
2017-01-25 15:03:51 ----A---- C:\Windows\system32\tabcal.exe
2017-01-25 15:03:51 ----A---- C:\Windows\system32\SpaceControl.dll
2017-01-25 15:03:51 ----A---- C:\Windows\system32\ieapfltr.dll
2017-01-25 15:03:51 ----A---- C:\Windows\system32\dmcertinst.exe
2017-01-25 15:03:51 ----A---- C:\Windows\system32\atmfd.dll
2017-01-25 15:03:50 ----A---- C:\Windows\SYSWOW64\Windows.Media.Editing.dll
2017-01-25 15:03:50 ----A---- C:\Windows\SYSWOW64\cdp.dll
2017-01-25 15:03:50 ----A---- C:\Windows\system32\XblGameSaveExt.dll
2017-01-25 15:03:50 ----A---- C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2017-01-25 15:03:50 ----A---- C:\Windows\system32\msftedit.dll
2017-01-25 15:03:50 ----A---- C:\Windows\system32\GamePanel.exe
2017-01-25 15:03:50 ----A---- C:\Windows\system32\fontdrvhost.exe
2017-01-25 15:03:50 ----A---- C:\Windows\system32\drivers\dfsc.sys
2017-01-25 15:03:50 ----A---- C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-01-25 15:03:49 ----A---- C:\Windows\SYSWOW64\MSVideoDSP.dll
2017-01-25 15:03:49 ----A---- C:\Windows\SYSWOW64\CloudExperienceHostCommon.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\WlanMediaManager.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\wlanapi.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\Windows.UI.Xaml.Maps.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\Windows.Internal.Bluetooth.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\Windows.Devices.Usb.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\Windows.Devices.PointOfService.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\SensorDataService.exe
2017-01-25 15:03:49 ----A---- C:\Windows\system32\InputService.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\drivers\nwifi.sys
2017-01-25 15:03:49 ----A---- C:\Windows\system32\drivers\Classpnp.sys
2017-01-25 15:03:49 ----A---- C:\Windows\system32\CloudExperienceHostBroker.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-25 15:03:49 ----A---- C:\Windows\system32\AppReadiness.dll
2017-01-25 15:03:47 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2017-01-25 15:03:47 ----A---- C:\Windows\SYSWOW64\ShareHost.dll
2017-01-25 15:03:47 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2017-01-25 15:03:47 ----A---- C:\Windows\SYSWOW64\mfnetsrc.dll
2017-01-25 15:03:47 ----A---- C:\Windows\SYSWOW64\CloudExperienceHostUser.dll
2017-01-25 15:03:47 ----A---- C:\Windows\system32\Windows.Media.MediaControl.dll
2017-01-25 15:03:47 ----A---- C:\Windows\system32\UserDeviceRegistration.dll
2017-01-25 15:03:47 ----A---- C:\Windows\system32\SettingsHandlers_StorageSense.dll
2017-01-25 15:03:47 ----A---- C:\Windows\system32\musdialoghandlers.dll
2017-01-25 15:03:47 ----A---- C:\Windows\system32\hvix64.exe
2017-01-25 15:03:47 ----A---- C:\Windows\system32\hvax64.exe
2017-01-25 15:03:47 ----A---- C:\Windows\system32\CoreUIComponents.dll
2017-01-25 15:03:47 ----A---- C:\Windows\system32\CloudExperienceHost.dll
2017-01-25 15:03:46 ----A---- C:\Windows\SYSWOW64\Windows.Media.Import.dll
2017-01-25 15:03:46 ----A---- C:\Windows\SYSWOW64\Windows.Graphics.Printing.dll
2017-01-25 15:03:46 ----A---- C:\Windows\SYSWOW64\netiougc.exe
2017-01-25 15:03:46 ----A---- C:\Windows\system32\wwanmm.dll
2017-01-25 15:03:46 ----A---- C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll
2017-01-25 15:03:46 ----A---- C:\Windows\system32\PlayToManager.dll
2017-01-25 15:03:46 ----A---- C:\Windows\system32\CPFilters.dll
2017-01-25 15:03:46 ----A---- C:\Windows\system32\appinfo.dll
2017-01-25 15:03:45 ----A---- C:\Windows\SYSWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-01-25 15:03:45 ----A---- C:\Windows\SYSWOW64\Windows.Globalization.dll
2017-01-25 15:03:45 ----A---- C:\Windows\SYSWOW64\Windows.Gaming.Input.dll
2017-01-25 15:03:45 ----A---- C:\Windows\SYSWOW64\Windows.Devices.WiFi.dll
2017-01-25 15:03:45 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Radios.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\WinRtTracing.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\Windows.UI.Core.TextInput.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\Windows.System.UserDeviceAssociation.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\win32kfull.sys
2017-01-25 15:03:45 ----A---- C:\Windows\system32\wfdprov.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\PlayToDevice.dll
2017-01-25 15:03:45 ----A---- C:\Windows\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\msdtcuiu.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\mfmkvsrcsnk.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\Chakradiag.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\ErrorDetails.dll
2017-01-25 15:03:44 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\Windows.Storage.Search.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\Windows.Media.Ocr.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\Windows.Media.FaceAnalysis.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\UserDeviceRegistration.Ngc.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\SettingsHandlers_ClosedCaptioning.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\MultiDigiMon.exe
2017-01-25 15:03:44 ----A---- C:\Windows\system32\mshtmled.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\MapConfiguration.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\dxtrans.dll
2017-01-25 15:03:44 ----A---- C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2017-01-25 15:03:43 ----A---- C:\Windows\SYSWOW64\XInputUap.dll
2017-01-25 15:03:43 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2017-01-25 15:03:43 ----A---- C:\Windows\SYSWOW64\ProximityCommon.dll
2017-01-25 15:03:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-01-25 15:03:43 ----A---- C:\Windows\SYSWOW64\ieproxy.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\wwanconn.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\Windows.ApplicationModel.Core.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\StructuredQuery.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\oleacc.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\ipnathlp.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\DevicesFlowBroker.dll
2017-01-25 15:03:43 ----A---- C:\Windows\system32\AudioSrvPolicyManager.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\UIRibbonRes.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\tcpipcfg.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\odbcconf.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\indexeddbserver.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\CoreMessaging.dll
2017-01-25 15:03:42 ----A---- C:\Windows\SYSWOW64\aadtb.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\winsrv.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\windowslivelogin.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\UIRibbonRes.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\indexeddbserver.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\GamePanelExternalHook.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\enrollmentapi.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\apprepsync.dll
2017-01-25 15:03:42 ----A---- C:\Windows\system32\apprepapi.dll
2017-01-25 15:03:41 ----A---- C:\Windows\SYSWOW64\windows.storage.dll
2017-01-25 15:03:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-01-25 15:03:41 ----A---- C:\Windows\SYSWOW64\LockAppHost.exe
2017-01-25 15:03:40 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2017-01-25 15:03:40 ----A---- C:\Windows\system32\SettingSyncHost.exe
2017-01-25 15:03:40 ----A---- C:\Windows\system32\OneDriveSettingSyncProvider.dll
2017-01-25 15:03:39 ----A---- C:\Windows\SYSWOW64\BingMaps.dll
2017-01-25 15:03:39 ----A---- C:\Windows\system32\SettingSyncCore.dll
2017-01-25 15:03:39 ----A---- C:\Windows\system32\dbgeng.dll
2017-01-25 15:03:38 ----A---- C:\Windows\SYSWOW64\uReFS.dll
2017-01-25 15:03:38 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-01-25 15:03:38 ----A---- C:\Windows\system32\uReFS.dll
2017-01-25 15:03:38 ----A---- C:\Windows\system32\MPSSVC.dll
2017-01-25 15:03:38 ----A---- C:\Windows\system32\mf.dll
2017-01-25 15:03:38 ----A---- C:\Windows\system32\CertEnroll.dll
2017-01-25 15:03:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-01-25 15:03:37 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-01-25 15:03:37 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2017-01-25 15:03:37 ----A---- C:\Windows\system32\msxml6.dll
2017-01-25 15:03:37 ----A---- C:\Windows\system32\mispace.dll
2017-01-25 15:03:36 ----A---- C:\Windows\SYSWOW64\MapRouter.dll
2017-01-25 15:03:36 ----A---- C:\Windows\SYSWOW64\MapGeocoder.dll
2017-01-25 15:03:36 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2017-01-25 15:03:36 ----A---- C:\Windows\system32\XblAuthManager.dll
2017-01-25 15:03:36 ----A---- C:\Windows\system32\storagewmi.dll
2017-01-25 15:03:35 ----A---- C:\Windows\SYSWOW64\twinapi.appcore.dll
2017-01-25 15:03:35 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-01-25 15:03:35 ----A---- C:\Windows\SYSWOW64\hevcdecoder.dll
2017-01-25 15:03:35 ----A---- C:\Windows\system32\vaultcli.dll
2017-01-25 15:03:35 ----A---- C:\Windows\system32\netiohlp.dll
2017-01-25 15:03:35 ----A---- C:\Windows\system32\MbaeApiPublic.dll
2017-01-25 15:03:34 ----A---- C:\Windows\SYSWOW64\twinui.appcore.dll
2017-01-25 15:03:34 ----A---- C:\Windows\system32\wpncore.dll
2017-01-25 15:03:34 ----A---- C:\Windows\system32\Tabbtn.dll
2017-01-25 15:03:34 ----A---- C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-01-25 15:03:34 ----A---- C:\Windows\system32\dxgi.dll
2017-01-25 15:03:33 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.dll
2017-01-25 15:03:33 ----A---- C:\Windows\SYSWOW64\Windows.AccountsControl.dll
2017-01-25 15:03:33 ----A---- C:\Windows\SYSWOW64\mprddm.dll
2017-01-25 15:03:33 ----A---- C:\Windows\SYSWOW64\LogonController.dll
2017-01-25 15:03:33 ----A---- C:\Windows\SYSWOW64\CloudBackupSettings.dll
2017-01-25 15:03:33 ----A---- C:\Windows\system32\wuaueng.dll
2017-01-25 15:03:33 ----A---- C:\Windows\system32\wuapi.dll
2017-01-25 15:03:33 ----A---- C:\Windows\system32\wpnapps.dll
2017-01-25 15:03:33 ----A---- C:\Windows\system32\twinapi.dll
2017-01-25 15:03:33 ----A---- C:\Windows\system32\icfupgd.dll
2017-01-25 15:03:33 ----A---- C:\Windows\system32\drivers\vmbkmclr.sys
2017-01-25 15:03:32 ----A---- C:\Windows\SYSWOW64\usoapi.dll
2017-01-25 15:03:32 ----A---- C:\Windows\SYSWOW64\TokenBroker.dll
2017-01-25 15:03:32 ----A---- C:\Windows\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2017-01-25 15:03:32 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2017-01-25 15:03:32 ----A---- C:\Windows\system32\Windows.Gaming.UI.GameBar.dll
2017-01-25 15:03:32 ----A---- C:\Windows\system32\ubpm.dll
2017-01-25 15:03:32 ----A---- C:\Windows\system32\modernexecserver.dll
2017-01-25 15:03:32 ----A---- C:\Windows\system32\authui.dll
2017-01-25 15:03:31 ----A---- C:\Windows\system32\WWAHost.exe
2017-01-25 15:03:31 ----A---- C:\Windows\system32\Windows.Gaming.Input.dll
2017-01-25 15:03:31 ----A---- C:\Windows\system32\mbsmsapi.dll
2017-01-25 15:03:31 ----A---- C:\Windows\system32\daxexec.dll
2017-01-25 15:03:31 ----A---- C:\Windows\system32\AppContracts.dll
2017-01-25 15:03:30 ----A---- C:\Windows\system32\WMPDMC.exe
2017-01-25 15:03:30 ----A---- C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2017-01-25 15:03:30 ----A---- C:\Windows\system32\Windows.Devices.LowLevel.dll
2017-01-25 15:03:30 ----A---- C:\Windows\system32\MSVPXENC.dll
2017-01-25 15:03:30 ----A---- C:\Windows\system32\MiracastReceiver.dll
2017-01-25 15:03:30 ----A---- C:\Windows\system32\CompPkgSup.dll
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\WMPDMC.exe
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\Windows.Media.MediaControl.dll
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Bluetooth.dll
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\MiracastReceiver.dll
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\MCRecvSrc.dll
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\LicenseManager.dll
2017-01-25 15:03:29 ----A---- C:\Windows\SYSWOW64\InputService.dll
2017-01-25 15:03:29 ----A---- C:\Windows\system32\WsmWmiPl.dll
2017-01-25 15:03:29 ----A---- C:\Windows\system32\Windows.Media.Import.dll
2017-01-25 15:03:29 ----A---- C:\Windows\system32\Windows.Devices.Picker.dll
2017-01-25 15:03:29 ----A---- C:\Windows\system32\ShareHost.dll
2017-01-25 15:03:29 ----A---- C:\Windows\system32\MCRecvSrc.dll
2017-01-25 15:03:29 ----A---- C:\Windows\system32\AudioSes.dll
2017-01-25 15:03:28 ----A---- C:\Windows\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-25 15:03:28 ----A---- C:\Windows\SYSWOW64\Windows.Devices.SmartCards.dll
2017-01-25 15:03:28 ----A---- C:\Windows\SYSWOW64\Windows.Devices.AllJoyn.dll
2017-01-25 15:03:28 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-01-25 15:03:28 ----A---- C:\Windows\SYSWOW64\efswrt.dll
2017-01-25 15:03:28 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2017-01-25 15:03:28 ----A---- C:\Windows\system32\WebcamUi.dll
2017-01-25 15:03:28 ----A---- C:\Windows\system32\SystemSettingsAdminFlows.exe
2017-01-25 15:03:28 ----A---- C:\Windows\system32\CoreMessaging.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\WebcamUi.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\UserMgrProxy.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\thumbcache.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\MSVP9DEC.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\MCCSEngineShared.dll
2017-01-25 15:03:27 ----A---- C:\Windows\SYSWOW64\AboveLockAppHost.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\Windows.Web.Diagnostics.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\Windows.Devices.WiFi.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\Windows.Devices.Radios.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\Windows.Devices.Midi.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\Windows.ApplicationModel.Wallet.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\UserMgrProxy.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\spaceman.exe
2017-01-25 15:03:27 ----A---- C:\Windows\system32\RelPost.exe
2017-01-25 15:03:27 ----A---- C:\Windows\system32\pmcsnap.dll
2017-01-25 15:03:27 ----A---- C:\Windows\system32\CryptoWinRT.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\Windows.UI.Core.TextInput.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\Windows.System.UserDeviceAssociation.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\Windows.Internal.Bluetooth.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\UserDeviceRegistration.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\PlayToReceiver.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\mtxclu.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\LockAppBroker.dll
2017-01-25 15:03:26 ----A---- C:\Windows\SYSWOW64\BcastDVRHelper.dll
2017-01-25 15:03:26 ----A---- C:\Windows\system32\wups.dll
2017-01-25 15:03:26 ----A---- C:\Windows\system32\ppcsnap.dll
2017-01-25 15:03:26 ----A---- C:\Windows\system32\d2d1.dll
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\UserLanguagesCpl.dll
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\SyncSettings.dll
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\StoreAgent.dll
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\AuthBroker.dll
2017-01-25 15:03:25 ----A---- C:\Windows\SYSWOW64\ActiveSyncProvider.dll
2017-01-25 15:03:25 ----A---- C:\Windows\system32\updatepolicy.dll
2017-01-25 15:03:25 ----A---- C:\Windows\system32\flvprophandler.dll
2017-01-25 15:03:25 ----A---- C:\Windows\system32\ErrorDetails.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\Windows.Energy.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\UserDeviceRegistration.Ngc.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\TokenBrokerCookies.exe
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\tbauth.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\MapConfiguration.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\DavSyncProvider.dll
2017-01-25 15:03:24 ----A---- C:\Windows\SYSWOW64\accountaccessor.dll
2017-01-25 15:03:24 ----A---- C:\Windows\system32\XInputUap.dll
2017-01-25 15:03:24 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2017-01-25 15:03:24 ----A---- C:\Windows\system32\cdp.dll
2017-01-25 15:03:23 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-01-25 15:03:23 ----A---- C:\Windows\SYSWOW64\GamePanelExternalHook.dll
2017-01-25 15:03:23 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2017-01-25 15:03:22 ----A---- C:\Windows\SYSWOW64\InstallAgentUserBroker.exe
2017-01-25 15:03:22 ----A---- C:\Windows\SYSWOW64\InstallAgent.exe
2017-01-25 15:03:22 ----A---- C:\Windows\system32\odbcconf.dll
2017-01-25 15:03:17 ----A---- C:\Windows\SYSWOW64\wmp.dll
2017-01-25 15:03:17 ----A---- C:\Windows\SYSWOW64\mmc.exe
2017-01-25 15:03:17 ----A---- C:\Windows\SYSWOW64\azroleui.dll
2017-01-25 15:03:16 ----A---- C:\Windows\system32\wmp.dll
2017-01-25 15:03:16 ----A---- C:\Windows\system32\comuid.dll
2017-01-25 15:03:15 ----A---- C:\Windows\system32\windows.storage.dll
2017-01-25 15:03:14 ----A---- C:\Windows\SYSWOW64\rasgcw.dll
2017-01-25 15:03:14 ----A---- C:\Windows\system32\winmde.dll
2017-01-25 15:03:14 ----A---- C:\Windows\system32\shell32.dll
2017-01-25 15:03:14 ----A---- C:\Windows\system32\scksp.dll
2017-01-25 15:03:14 ----A---- C:\Windows\system32\rasgcw.dll
2017-01-25 15:03:14 ----A---- C:\Windows\system32\basecsp.dll
2017-01-25 15:03:13 ----A---- C:\Windows\system32\WMVDECOD.DLL
2017-01-25 15:03:13 ----A---- C:\Windows\system32\twinui.dll
2017-01-25 15:03:12 ----A---- C:\Windows\system32\tquery.dll
2017-01-25 15:03:12 ----A---- C:\Windows\system32\mssrch.dll
2017-01-25 15:03:12 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2017-01-25 15:03:11 ----A---- C:\Windows\SYSWOW64\certmgr.dll
2017-01-25 15:03:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-01-25 15:03:11 ----A---- C:\Windows\explorer.exe
2017-01-25 15:03:10 ----A---- C:\Windows\SYSWOW64\Windows.UI.Search.dll
2017-01-25 15:03:10 ----A---- C:\Windows\SYSWOW64\VsGraphicsDesktopEngine.exe
2017-01-25 15:03:10 ----A---- C:\Windows\SYSWOW64\vaultcli.dll
2017-01-25 15:03:10 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2017-01-25 15:03:09 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.Phone.dll
2017-01-25 15:03:09 ----A---- C:\Windows\system32\wlidprov.dll
2017-01-25 15:03:09 ----A---- C:\Windows\system32\Windows.Media.Streaming.dll
2017-01-25 15:03:09 ----A---- C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll
2017-01-25 15:03:09 ----A---- C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-25 15:03:09 ----A---- C:\Windows\system32\DataSenseHandlers.dll
2017-01-25 15:03:08 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2017-01-25 15:03:08 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2017-01-25 15:03:08 ----A---- C:\Windows\SYSWOW64\clusapi.dll
2017-01-25 15:03:08 ----A---- C:\Windows\system32\workfolderssvc.dll
2017-01-25 15:03:08 ----A---- C:\Windows\system32\usocore.dll
2017-01-25 15:03:08 ----A---- C:\Windows\system32\usoapi.dll
2017-01-25 15:03:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-01-25 15:03:08 ----A---- C:\Windows\system32\localspl.dll
2017-01-25 15:03:07 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-01-25 15:03:07 ----A---- C:\Windows\SYSWOW64\ReAgent.dll
2017-01-25 15:03:07 ----A---- C:\Windows\SYSWOW64\MbaeApiPublic.dll
2017-01-25 15:03:07 ----A---- C:\Windows\system32\winresume.exe
2017-01-25 15:03:07 ----A---- C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2017-01-25 15:03:07 ----A---- C:\Windows\system32\RDXTaskFactory.dll
2017-01-25 15:03:06 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.Maps.dll
2017-01-25 15:03:06 ----A---- C:\Windows\SYSWOW64\resutils.dll
2017-01-25 15:03:06 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2017-01-25 15:03:06 ----A---- C:\Windows\system32\SpeechPal.dll
2017-01-25 15:03:06 ----A---- C:\Windows\system32\hevcdecoder.dll
2017-01-25 15:03:06 ----A---- C:\Windows\system32\gameux.dll
2017-01-25 15:03:06 ----A---- C:\Windows\system32\FlightSettings.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\Windows.AccountsControl.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\updatehandlers.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\themecpl.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\spoolsv.exe
2017-01-25 15:03:05 ----A---- C:\Windows\system32\SharedStartModel.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-01-25 15:03:05 ----A---- C:\Windows\system32\RTMediaFrame.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\ntshrui.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\DuCsps.dll
2017-01-25 15:03:05 ----A---- C:\Windows\system32\aadcloudap.dll
2017-01-25 15:03:04 ----A---- C:\Windows\SYSWOW64\Windows.Shell.Search.UriHandler.dll
2017-01-25 15:03:04 ----A---- C:\Windows\SYSWOW64\mbsmsapi.dll
2017-01-25 15:03:04 ----A---- C:\Windows\system32\WorkfoldersControl.dll
2017-01-25 15:03:04 ----A---- C:\Windows\system32\wmpps.dll
2017-01-25 15:03:04 ----A---- C:\Windows\system32\LogonController.dll
2017-01-25 15:03:04 ----A---- C:\Windows\system32\DMRServer.dll
2017-01-25 15:03:04 ----A---- C:\Windows\system32\certprop.dll
2017-01-25 15:03:04 ----A---- C:\Windows\system32\bootux.dll
2017-01-25 15:03:03 ----A---- C:\Windows\SYSWOW64\Windows.Media.Streaming.dll
2017-01-25 15:03:03 ----A---- C:\Windows\SYSWOW64\Windows.Devices.PointOfService.dll
2017-01-25 15:03:03 ----A---- C:\Windows\SYSWOW64\CompPkgSup.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\win32spl.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\sud.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\stobject.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\sppobjs.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\MSVP9DEC.dll
2017-01-25 15:03:03 ----A---- C:\Windows\system32\icsvcext.dll
2017-01-25 15:03:02 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Usb.dll
2017-01-25 15:03:02 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2017-01-25 15:03:02 ----A---- C:\Windows\SYSWOW64\MFPlay.dll
2017-01-25 15:03:02 ----A---- C:\Windows\SYSWOW64\evr.dll
2017-01-25 15:03:02 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2017-01-25 15:03:02 ----A---- C:\Windows\system32\Windows.Devices.AllJoyn.dll
2017-01-25 15:03:02 ----A---- C:\Windows\system32\SystemSettings.Handlers.dll
2017-01-25 15:03:02 ----A---- C:\Windows\system32\SearchFolder.dll
2017-01-25 15:03:02 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-01-25 15:03:02 ----A---- C:\Windows\system32\mssphtb.dll
2017-01-25 15:03:02 ----A---- C:\Windows\system32\gpapi.dll
2017-01-25 15:03:02 ----A---- C:\Windows\system32\drivers\pdc.sys
2017-01-25 15:03:02 ----A---- C:\Windows\system32\DevicePairing.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\WinRtTracing.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\Windows.Perception.Stub.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\Windows.Devices.WiFiDirect.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Midi.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Wallet.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\SearchFolder.dll
2017-01-25 15:03:01 ----A---- C:\Windows\SYSWOW64\CryptoWinRT.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\Windows.Cortana.Desktop.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\shutdownux.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\mssvp.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\mssprxy.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\mssph.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\hgcpl.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\gpsvc.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\Family.SyncEngine.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\dggpext.dll
2017-01-25 15:03:01 ----A---- C:\Windows\system32\ApplicationFrame.dll
2017-01-25 15:03:00 ----A---- C:\Windows\SYSWOW64\Windows.Storage.Search.dll
2017-01-25 15:03:00 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\WorkFoldersShell.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\Windows.Cortana.OneCore.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\PlayToReceiver.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\netshell.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\mssitlb.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\mspaint.exe
2017-01-25 15:03:00 ----A---- C:\Windows\system32\iprtrmgr.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\DevicePairingFolder.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\DeviceCenter.dll
2017-01-25 15:03:00 ----A---- C:\Windows\system32\BluetoothDesktopHandlers.dll
2017-01-25 15:02:59 ----A---- C:\Windows\SYSWOW64\Windows.Web.Diagnostics.dll
2017-01-25 15:02:59 ----A---- C:\Windows\SYSWOW64\Windows.Gaming.UI.GameBar.dll
2017-01-25 15:02:59 ----A---- C:\Windows\system32\zipfldr.dll
2017-01-25 15:02:59 ----A---- C:\Windows\system32\WorkFolders.exe
2017-01-25 15:02:59 ----A---- C:\Windows\system32\Windows.UI.Cred.dll
2017-01-25 15:02:59 ----A---- C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-25 15:02:59 ----A---- C:\Windows\system32\SyncCenter.dll
2017-01-25 15:02:59 ----A---- C:\Windows\system32\netiougc.exe
2017-01-25 15:02:59 ----A---- C:\Windows\system32\IdCtrls.dll
2017-01-25 15:02:59 ----A---- C:\Windows\system32\aadtb.dll
2017-01-25 15:02:58 ----A---- C:\Windows\SYSWOW64\apprepsync.dll
2017-01-25 15:02:58 ----A---- C:\Windows\SYSWOW64\apprepapi.dll
2017-01-25 15:02:58 ----A---- C:\Windows\system32\Windows.UI.Shell.dll
2017-01-25 15:02:58 ----A---- C:\Windows\system32\LaunchWinApp.exe
2017-01-25 15:02:20 ----A---- C:\Windows\SYSWOW64\OneDriveSetup.exe
2017-01-25 14:47:26 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-01-25 14:47:26 ----A---- C:\Windows\system32\poqexec.exe
2017-01-22 13:47:52 ----D---- C:\Users\tomas\AppData\Roaming\Oracle SQL Developer Data Modeler
2017-01-22 13:36:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-64.dll
2017-01-22 13:36:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-01-22 13:32:45 ----D---- C:\Users\tomas\AppData\Roaming\datamodeler
2017-01-19 03:00:59 ----SD---- C:\Windows\SYSWOW64\Microsoft
2017-01-19 03:00:53 ----AD---- C:\Program Files\IIS Express
2017-01-19 03:00:53 ----AD---- C:\Program Files (x86)\IIS Express
2017-01-19 02:35:31 ----D---- C:\Program Files (x86)\Xamarin
2017-01-19 02:35:03 ----D---- C:\ProgramData\Git
2017-01-19 02:34:07 ----AD---- C:\Program Files\Git
2017-01-19 02:15:09 ----AD---- C:\Program Files\Application Verifier
2017-01-19 02:15:09 ----AD---- C:\Program Files (x86)\Application Verifier
2017-01-19 02:14:46 ----AD---- C:\ProgramData\Windows App Certification Kit
2017-01-19 02:10:53 ----D---- C:\Program Files (x86)\AppInsights
2017-01-19 01:46:02 ----D---- C:\Program Files (x86)\Android
2017-01-19 01:45:40 ----D---- C:\Program Files (x86)\Java
2017-01-19 01:42:56 ----D---- C:\Program Files (x86)\Workflow Manager Tools
2017-01-19 01:42:53 ----D---- C:\Program Files (x86)\Open XML SDK
2017-01-19 01:42:51 ----D---- C:\Program Files\Microsoft Identity Extensions
2017-01-19 01:42:39 ----D---- C:\Program Files\Windows Identity Foundation
2017-01-19 01:41:30 ----AD---- C:\Program Files\SharePoint Client Components
2017-01-19 01:41:28 ----D---- C:\Program Files (x86)\Microsoft
2017-01-19 01:39:54 ----D---- C:\ProgramData\Microsoft DNX
2017-01-19 01:39:54 ----D---- C:\Program Files\Microsoft DNX
2017-01-19 01:38:33 ----D---- C:\Program Files (x86)\Windows Phone Silverlight Kits
2017-01-19 01:38:23 ----D---- C:\Program Files (x86)\Microsoft XDE
2017-01-17 11:07:38 ----HD---- C:\$SysReset
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\epfwwfp.sys
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\epfw.sys
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\ekbdflt.sys
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\ehdrv.sys
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\eelam.sys
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\edevmon.sys
2017-01-17 09:15:38 ----A---- C:\Windows\system32\drivers\eamonm.sys
2017-01-17 05:56:36 ----A---- C:\Windows\system32\nvoglv64.dll
2017-01-17 05:56:30 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2017-01-17 05:56:10 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2017-01-17 05:56:06 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2017-01-17 05:56:04 ----A---- C:\Windows\system32\NvIFR64.dll
2017-01-17 05:56:02 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2017-01-17 05:55:36 ----A---- C:\Windows\system32\NvFBC64.dll
2017-01-17 05:55:32 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2017-01-17 05:55:22 ----A---- C:\Windows\system32\nvdispgenco6437654.dll
2017-01-17 05:55:20 ----A---- C:\Windows\system32\nvdispco6437654.dll
2017-01-17 05:55:10 ----A---- C:\Windows\system32\nvcuvid.dll
2017-01-17 05:55:06 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2017-01-17 05:54:56 ----A---- C:\Windows\system32\nvcompiler.dll
2017-01-17 05:54:48 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2017-01-17 05:53:00 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2017-01-17 05:52:56 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2017-01-17 05:52:52 ----A---- C:\Windows\system32\nvopencl.dll
2017-01-17 05:52:50 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2017-01-17 05:52:46 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2017-01-17 05:52:44 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2017-01-17 05:52:42 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2017-01-17 05:52:42 ----A---- C:\Windows\SYSWOW64\nvEncMFTH264.dll
2017-01-17 05:52:42 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2017-01-17 05:52:42 ----A---- C:\Windows\system32\nvEncMFTH264.dll
2017-01-17 05:52:20 ----A---- C:\Windows\system32\nvcuda.dll
2017-01-17 05:52:16 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2017-01-17 05:52:12 ----A---- C:\Windows\SYSWOW64\nvapi.dll

======List of files/folders modified in the last 1 month======

2017-02-14 21:56:56 ----D---- C:\Windows\Temp
2017-02-14 21:56:56 ----D---- C:\Windows\system32\SleepStudy
2017-02-14 21:35:22 ----D---- C:\Windows\prefetch
2017-02-14 21:25:00 ----D---- C:\Windows\system32\sru
2017-02-14 20:24:50 ----D---- C:\Windows\rescache
2017-02-14 18:36:28 ----RD---- C:\Program Files
2017-02-14 17:27:59 ----D---- C:\Windows\SoftwareDistribution
2017-02-14 17:27:58 ----D---- C:\Windows
2017-02-14 17:27:10 ----D---- C:\Windows\System32
2017-02-14 17:27:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-14 17:23:20 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-14 17:22:59 ----D---- C:\ProgramData\NVIDIA
2017-02-14 16:57:26 ----D---- C:\Users\tomas\AppData\Roaming\inkscape
2017-02-14 16:57:26 ----D---- C:\ProgramData\Foxit Software
2017-02-14 16:57:26 ----D---- C:\Program Files (x86)\Steam
2017-02-14 16:55:38 ----D---- C:\Windows\INF
2017-02-14 16:55:37 ----D---- C:\Windows\Minidump
2017-02-14 16:55:37 ----D---- C:\Windows\Logs
2017-02-14 16:55:37 ----D---- C:\Windows\debug
2017-02-14 16:33:03 ----RD---- C:\Windows\WebManagement
2017-02-14 16:33:03 ----RD---- C:\Program Files (x86)
2017-02-14 16:33:03 ----D---- C:\Windows\system32\drivers
2017-02-14 16:25:56 ----HD---- C:\ProgramData
2017-02-14 16:25:54 ----D---- C:\Windows\Tasks
2017-02-14 16:25:54 ----D---- C:\Windows\system32\Tasks
2017-02-14 16:05:20 ----D---- C:\Windows\syswow64
2017-02-14 16:05:13 ----D---- C:\Windows\system32\Macromed
2017-02-14 16:05:09 ----D---- C:\Windows\SYSWOW64\Macromed
2017-02-14 14:06:02 ----HD---- C:\Program Files\WindowsApps
2017-02-14 14:06:02 ----D---- C:\Windows\AppReadiness
2017-02-14 11:25:13 ----AD---- C:\Program Files (x86)\Opera
2017-02-14 01:39:15 ----RD---- C:\Windows\Microsoft.NET
2017-02-13 15:50:45 ----D---- C:\Windows\system32\CatRoot
2017-02-13 00:15:21 ----SHD---- C:\Windows\Installer
2017-02-13 00:15:20 ----D---- C:\ProgramData\Lenovo
2017-02-13 00:11:40 ----D---- C:\Windows\system32\catroot2
2017-02-13 00:11:38 ----SHD---- C:\System Volume Information
2017-02-12 00:32:33 ----D---- C:\Windows\system32\DriverStore
2017-02-12 00:32:21 ----HD---- C:\Windows\ELAMBKUP
2017-02-12 00:30:40 ----RSD---- C:\Windows\assembly
2017-02-11 23:32:10 ----HD---- C:\Program Files (x86)\Temp
2017-02-11 23:31:29 ----D---- C:\Windows\system32\DAX2
2017-02-11 23:28:30 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-02-07 17:59:47 ----SHD---- C:\$RECYCLE.BIN
2017-02-07 17:58:52 ----RD---- C:\Users
2017-02-07 01:30:42 ----D---- C:\drivers
2017-02-07 01:25:48 ----AD---- C:\Program Files\Intel
2017-02-07 01:07:50 ----D---- C:\Windows\SYSWOW64\drivers
2017-02-07 01:07:49 ----D---- C:\Program Files (x86)\Intel
2017-02-07 00:57:36 ----D---- C:\Program Files (x86)\Realtek
2017-02-07 00:49:37 ----D---- C:\Program Files\Realtek
2017-02-07 00:49:33 ----D---- C:\Windows\twain_32
2017-02-07 00:40:03 ----D---- C:\ProgramData\Package Cache
2017-02-07 00:37:46 ----D---- C:\ProgramData\Intel
2017-02-07 00:37:25 ----D---- C:\Program Files\Common Files
2017-02-07 00:37:11 ----AD---- C:\Program Files (x86)\Cisco
2017-02-07 00:07:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 00:07:32 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-02-06 23:38:04 ----D---- C:\temp
2017-02-06 23:36:36 ----D---- C:\Windows\system32\NDF
2017-02-06 12:54:12 ----D---- C:\Windows\system32\drivers\etc
2017-02-01 21:49:24 ----D---- C:\ProgramData\NVIDIA Corporation
2017-02-01 21:48:33 ----D---- C:\Program Files (x86)\VulkanRT
2017-02-01 21:47:15 ----D---- C:\Program Files\NVIDIA Corporation
2017-02-01 21:47:15 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-02-01 20:12:23 ----D---- C:\Windows\system32\config
2017-01-31 10:59:32 ----D---- C:\Windows\system32\drivers\UMDF
2017-01-28 11:01:41 ----D---- C:\Windows\WinSxS
2017-01-26 17:54:16 ----D---- C:\Users\tomas\AppData\Roaming\NetBeans
2017-01-26 14:24:02 ----SD---- C:\Windows\SYSWOW64\F12
2017-01-26 14:24:02 ----D---- C:\Windows\SYSWOW64\sr-Latn-CS
2017-01-26 14:24:02 ----D---- C:\Windows\SYSWOW64\setup
2017-01-26 14:24:02 ----D---- C:\Windows\SYSWOW64\migration
2017-01-26 14:23:55 ----D---- C:\Windows\SYSWOW64\en-US
2017-01-26 14:23:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-01-26 14:23:40 ----SD---- C:\Windows\system32\F12
2017-01-26 14:23:40 ----D---- C:\Windows\system32\wbem
2017-01-26 14:23:40 ----D---- C:\Windows\system32\sr-Latn-CS
2017-01-26 14:23:40 ----D---- C:\Windows\system32\setup
2017-01-26 14:23:40 ----D---- C:\Windows\system32\oobe
2017-01-26 14:23:40 ----D---- C:\Windows\system32\migwiz
2017-01-26 14:23:40 ----D---- C:\Windows\system32\migration
2017-01-26 14:23:40 ----D---- C:\Windows\system32\en-US
2017-01-26 14:23:40 ----D---- C:\Windows\system32\drivers\cs-CZ
2017-01-26 14:23:40 ----D---- C:\Windows\system32\cs-CZ
2017-01-26 14:23:40 ----D---- C:\Windows\system32\Boot
2017-01-26 14:23:40 ----D---- C:\Windows\system32\appraiser
2017-01-26 14:23:37 ----D---- C:\Windows\ShellExperiences
2017-01-26 14:23:37 ----D---- C:\Windows\PolicyDefinitions
2017-01-26 14:23:36 ----RD---- C:\Windows\ImmersiveControlPanel
2017-01-26 14:23:36 ----RD---- C:\Program Files\Windows Defender
2017-01-26 14:23:36 ----D---- C:\Windows\bcastdvr
2017-01-26 14:23:36 ----D---- C:\Windows\AppPatch
2017-01-26 14:23:36 ----D---- C:\Program Files\Windows Photo Viewer
2017-01-26 14:23:36 ----D---- C:\Program Files\Windows Mail
2017-01-26 14:23:36 ----D---- C:\Program Files\Internet Explorer
2017-01-26 14:23:36 ----D---- C:\Program Files\Common Files\System
2017-01-26 14:23:36 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2017-01-26 14:23:36 ----D---- C:\Program Files (x86)\Windows Mail
2017-01-26 14:23:36 ----D---- C:\Program Files (x86)\Windows Defender
2017-01-26 14:23:36 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-26 14:17:25 ----D---- C:\Users\tomas\AppData\Roaming\qBittorrent
2017-01-25 19:10:34 ----D---- C:\Windows\CbsTemp
2017-01-22 13:37:16 ----D---- C:\ProgramData\Oracle
2017-01-22 12:08:32 ----D---- C:\Program Files\Java
2017-01-22 12:08:20 ----D---- C:\Program Files (x86)\Common Files
2017-01-22 12:08:01 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-20 11:49:52 ----A---- C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-19 03:07:10 ----AD---- C:\Program Files (x86)\Microsoft SQL Server
2017-01-19 03:07:09 ----AD---- C:\Program Files\Microsoft SQL Server
2017-01-19 03:01:39 ----AD---- C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-01-19 02:40:27 ----AD---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-01-19 02:39:54 ----AD---- C:\Program Files (x86)\Microsoft SDKs
2017-01-19 02:36:53 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-19 02:35:32 ----AD---- C:\Program Files (x86)\MSBuild
2017-01-19 02:02:24 ----ASD---- C:\ProgramData\Microsoft
2017-01-19 01:43:37 ----AD---- C:\Program Files\Common Files\microsoft shared
2017-01-19 01:38:23 ----D---- C:\Program Files (x86)\Windows Phone Kits
2017-01-19 01:36:58 ----AD---- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-01-19 01:34:50 ----D---- C:\Windows\SYSWOW64\1033
2017-01-19 01:34:50 ----D---- C:\Windows\system32\1033
2017-01-17 05:52:12 ----A---- C:\Windows\system32\nvapi64.dll

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2017-01-17 106768]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2015-11-24 1468416]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\Windows\system32\drivers\iorate.sys [2016-11-02 48992]
R0 lxss;@%SystemRoot%\system32\drivers\lxss.sys,-100; C:\Windows\system32\drivers\lxss.sys [2016-11-21 15712]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2017-01-17 132272]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2017-01-17 180544]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2017-01-17 77616]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2017-01-17 96856]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\Windows\System32\drivers\registry.sys [2016-07-16 70144]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2017-01-17 49672]
R2 IntelHaxm;Intel HAXM Service; C:\Windows\system32\DRIVERS\IntelHaxm.sys [2016-09-13 91256]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\Windows\System32\drivers\AcpiVpc.sys [2015-06-04 35064]
R3 BazisVirtualCDBus;@oem2.inf,%dev.SVCDESC%;WinCDEmu Virtual Bus Driver; C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2015-09-28 172376]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2016-08-20 114176]
R3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\BthLEEnum.sys [2016-09-15 249856]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2016-10-05 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\drivers\BTHUSB.sys [2016-08-20 84992]
R3 dptf_pch;dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [2016-08-12 65088]
R3 ibtusb;@oem73.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\Windows\system32\DRIVERS\ibtusb.sys [2016-12-12 230656]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-02-14 192216]
R3 NETwNb64;___ Ovladač adaptéru Intel(R) Wireless pro systém Windows 8.1 64 Bit; C:\Windows\System32\drivers\Netwbw02.sys [2016-10-20 3517200]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [2017-01-17 14190520]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\System32\drivers\rfcomm.sys [2016-07-16 183808]
R3 rt640x64;@oem100.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2016-08-23 943112]
R3 rtsuvc;@oem92.inf,%rtsuvc.DeviceDesc%;EasyCamera; C:\Windows\system32\DRIVERS\rtsuvc.sys [2016-08-04 3138056]
R3 SensorsSimulatorDriver;@oem63.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [2016-07-16 216064]
R3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2015-06-03 42696]
S0 eelam;eelam; C:\Windows\system32\DRIVERS\eelam.sys [2017-01-17 15488]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-10-23 129520]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys [2016-09-15 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys [2016-09-26 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys [2016-09-26 141152]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 dg_ssudbus;@oem49.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 dot4;@oem69.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem70.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem69.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 GeneStor;@oem14.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\Windows\System32\drivers\GeneStor.sys [2014-04-17 111336]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS_GPIO;@oem15.inf,%iaLPSS_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Driver; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [2014-06-10 35832]
S3 iaLPSS_I2C;@oem31.inf,%iaLPSS_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver; C:\Windows\System32\drivers\iaLPSS_I2C.sys [2014-06-10 120312]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2016-07-16 120320]
S3 KMDFVirtualKbd;@oem22.inf,%KMDFVirtualKbd.SVCDESC%;Lenovo Virtual Keyboard Device; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [2014-08-04 22264]
S3 KMDFVirtualMouse;@oem18.inf,%KMDFVirtualMouse.SVCDESC%;Lenovo Virtual Mouse Device; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [2014-08-04 21240]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys [2016-09-26 179040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 NVSWCFilter;@oem1.inf,%NVSWCFilter.SvcDesc%;NVIDIA SHIELD Wireless Controller Trackpad Service; C:\Windows\System32\drivers\nvswcfilter.sys [2014-11-14 19616]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\Windows\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2015-01-14 29864]
S3 ssudmdm;@oem61.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Xamarin Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [2015-07-15 394752]
R2 CDPUserSvc_75aa8;CDPUserSvc_75aa8; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-12-28 3699904]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-12-14 2836296]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2016-10-06 640928]
R2 FoxitReaderService;Foxit Reader Service; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [2016-12-29 1659592]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 1165368]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-11-17 19424]
R2 ibtsiva;@oem73.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\Windows\system32\ibtsiva []
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc); C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [2016-07-28 21184]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 OneSyncSvc_75aa8;Hostitel synchronizace_75aa8; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2016-10-06 157600]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2016-04-30 131776]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 PimIndexMaintenanceSvc_75aa8;Data kontaktů_75aa8; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 SshBroker;@%SystemRoot%\system32\SshBroker.dll,-3; %SystemRoot%\system32\svchost.exe -k SshBrokerGroup;"ServiceDll"=%SystemRoot%\System32\SshBroker.dll
R3 SshProxy;@%SystemRoot%\system32\SshProxy.dll,-3; %SystemRoot%\system32\svchost.exe -k SshProxyGroup;"ServiceDll"=%SystemRoot%\System32\SshProxy.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 debugregsvc;debugregsvc; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\debugregsvc.dll
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2017-01-19 5632]
S3 DeveloperToolsService;Developer Tools Service; C:\Windows\System32\DeveloperToolsSvc.exe [2016-07-15 104448]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 LxssManager;@%systemroot%\system32\lxss\LxssManager.dll,-100; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\system32\lxss\LxssManager.dll
S3 MessagingService_75aa8;Služba zasílání zpráv_75aa8; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-02-06 172488]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-10-06 268704]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-12-28 209096]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-09-15 2889896]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-01-19 1464096]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe [2016-12-14 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Budu Vám moc vděčný za jakékoliv rady, s pozdravem valkys27.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7264
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: snaživý svchost.exe

#3 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: Problemy se svchostem (ve spravnem umisteni) nejcasteji zpusobuji aktualizace (klasicke druhe utery v mesici nebo-li patch tuesday je mimoradne odlozeno) nebo havet. Kontrola na vyskyt teto haveti bohuzel neni v logu z RSIT zahrnuta, ale mrkneme na to. Jakou konkretni hlasku vam ESET vyhazuje pri upozornovani na tuto cinnost?


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
valkys27
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 14 úno 2017 18:32

Re: snaživý svchost.exe

#4 Příspěvek od valkys27 »

Děkuji Vám za odpověď. Problémy se svchostem byly určitě delší než jeden den, tak bych to viděl spíš na tu havěť. Eset ukazuje historii zablokování firewallem pouze za poslední hodinu, tak Vám to přesně neřeknu, ale myslím, že to byla příchozí nebo příchozí a odchozí UDP komunikace. Problémy zdá se prozatím ustály po Malwarebytes kontrole, nemohla být ta havěť toto?

PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\drivers\SWDUMon.sys, Smazat při restartu, [98e8c921f7f17f113aaa128ec7310213]

Zde je obsah logu programu AdwCleaner:

# AdwCleaner v6.043 - Log vytvořen 15/02/2017 v 01:55:12
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Server]
# Operační systém : Windows 10 Education (X64)
# Uživatelské jméno : tomas - DESKTOP-QTE48LG
# Spuštěno z : C:\Users\tomas\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: swdumon


***** [ Složky ] *****

[-] Složka smazána: C:\Users\tomas\AppData\Local\slimware utilities inc
[#] Složka smazána po restartu: C:\Users\tomas\AppData\Local\SlimWare Utilities Inc
[-] Složka smazána: C:\Users\Public\Documents\Downloaded Installers


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\Software\SlimWare Utilities Inc
[#] Klíč smazán po restartu: HKCU\Software\SlimWare Utilities Inc
[-] Klíč smazán: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
[#] Klíč smazán po restartu: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2189 Bajty] - [15/02/2017 01:55:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [2500 Bajty] - [15/02/2017 01:53:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2335 Bajty] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7264
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: snaživý svchost.exe

#5 Příspěvek od altrok »

:arrow: Tezko rict, o cem si SlimDrivers chtel povidat, ale pokud problemy skoncily po jeho smazani, tak je to ocividne.


:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
valkys27
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 14 úno 2017 18:32

Re: snaživý svchost.exe

#6 Příspěvek od valkys27 »

Zde je log Addition (byl kratší), FRST jsem umístil do přílohy.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017
Ran by tomas (15-02-2017 13:34:44)
Running from C:\Users\tomas\Desktop
Windows 10 Education Version 1607 (X64) (2016-09-24 15:17:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3629950189-3343636212-1747802599-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3629950189-3343636212-1747802599-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3629950189-3343636212-1747802599-1000 - Limited - Disabled) => C:\Users\defaultuser0
Fanda (S-1-5-21-3629950189-3343636212-1747802599-1005 - Limited - Enabled)
Guest (S-1-5-21-3629950189-3343636212-1747802599-501 - Limited - Disabled)
tomas (S-1-5-21-3629950189-3343636212-1747802599-1001 - Administrator - Enabled) => C:\Users\tomas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.11.4.1 (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apache Tomcat 8.0.27 (HKLM\...\nbi-tomcat-8.0.27.0.0) (Version: - )
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.12020 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.12020 - Cisco Systems, Inc.) Hidden
Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
Clang with Microsoft CodeGen (x32 Version: 14.0.25516 - Microsoft Corporation) Hidden
Clang with Microsoft CodeGen for Microsoft Visual Studio 2015 (HKLM-x32\...\{da78a187-c216-4b8f-b2ff-f6f254e2e26e}) (Version: 14.0.25516.0 - Microsoft Corporation)
CodedUITest81 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
CodedUITestUAP (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Doplněk sady Microsoft Visual Studio 2015 pro Windows Phone – Language Pack – CSY (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11211 - Realtek Semiconductor Corp.)
Enterprise Architect (HKLM-x32\...\{51B5639E-3F96-4B6E-AC93-5571985B99A4}) (Version: 12.0.1215.11 - Sparx Systems)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ESET Smart Security (HKLM\...\{61C3C6CF-C71F-41A8-9C35-E01BC146C4D9}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Genymotion version 2.8.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.8.1 - Genymobile)
Git version 2.10.1 (HKLM\...\Git_is1) (Version: 2.10.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4568 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.33 - Intel(R) Corporation) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 10.0.26624 - Microsoft) Hidden
Kolekce nástrojů pro sledování výkonu sady Microsoft Visual Studio 2015 – CSY (Version: 14.0.23107 - Microsoft Corporation) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPCui for cs-cz (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{964A79BD-5901-39B4-9288-E1E8F0EDD0CF}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (ENU) (HKLM-x32\...\{7CCDA034-B4FF-4855-B8A4-E080AE3DC129}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (čeština) (HKLM-x32\...\{034D5ABF-A7C7-3E7D-97DE-65F09EEF5A33}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (ENU) (HKLM-x32\...\{E3F235E4-94A4-4E4B-9EBE-E6869ABC954D}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (čeština) (HKLM-x32\...\{DDCB1126-92F2-44F0-A8C5-95048C5F38A8}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (čeština) (HKLM-x32\...\{E249803A-BD5B-4FDC-A630-976C2971F5B4}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština) (HKLM-x32\...\{25C7677B-0398-46A3-A0EE-7B393D20FA30}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Language Pack – CSY (HKLM-x32\...\Microsoft Help Viewer 2.2 Language Pack - CSY) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 CSY (HKLM\...\{F0E39311-E741-4374-963A-8E899DC2C7B6}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.9.1 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 (HKLM-x32\...\{aaff6d8c-30d0-4446-82ae-1f1650eab4b9}) (Version: 14.0.23107.178 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector Net 6.9.9 (HKLM-x32\...\{E09F82E9-3EB3-4725-BDC8-3C77F83E262C}) (Version: 6.9.9 - Oracle)
Nástroj Preparation sady Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Nástroje Windows Phone 8.1 pro sadu Visual Studio 2013 – CSY (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Nástroje Windows Phone 8.1 pro sadu Visual Studio 2015 – CSY (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Nástroje Windows Phone 8.1 pro sadu Visual Studio Professional 2015 – CSY (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Nástroje Windows Phone 8.1 pro sadu Visual Studio Professionald 2013 – CSY (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Návrhář uživatelského rozhraní jazyka XAML sady Microsoft Visual Studio 2015 – CSY (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
Original War (HKLM\...\Steam App 235320) (Version: - Altar Games)
Ovládací panel NVIDIA 376.54 (Version: 376.54 - NVIDIA Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Project and Item Templates for Visual Studio Community 2015 - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Prostředky nástroje Devenv sady Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 15.0.4641.1002 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.3104.1200 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Šablony projektů a položek pro Visual Studio Community 2015 – CSY (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual C++ for Mobile Development (Android support) (HKLM-x32\...\{11f23290-022a-4ed3-a39b-ba3eee3fefa2}) (Version: 14.0.25401.0 - Microsoft Corporation)
Visual C++ for Mobile Development (iOS support) (HKLM-x32\...\{6aa67741-cbea-4763-a744-e612ed2e6294}) (Version: 14.0.25401.0 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinSCP 5.9.3 (HKLM-x32\...\winscp3_is1) (Version: 5.9.3 - Martin Prikryl)
Workflow Manager Client 1.0 (Version: 2.0.50408.1 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.50408.2 - Microsoft Corporation) Hidden
Xamarin (HKLM-x32\...\{71C2500C-BA4B-47D4-9B1A-44FF33D1AF3B}) (Version: 4.2.1.62 - Xamarin)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
Zdroje prostředí sady Microsoft Visual Studio 2015 (minimální) (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03381B87-9B1A-4799-826B-B0FAE991E145} - System32\Tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} => pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Game.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
Task: {0F044B4A-20E3-4BC0-9DAA-94F4F6CF6657} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {1199EE0C-0996-4172-B3A3-53EDB52E2E53} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {12AC3118-9B54-46B1-8AD7-C44D2F84A911} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {140A0E2C-EBFB-4D34-9428-02AACE9D194A} - System32\Tasks\{09CD85D6-0074-4140-9175-386AE26D4228} => pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Setup.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
Task: {7038FE19-6A20-4CEC-81C3-0FD021958C9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {7FA13692-146C-40FD-955A-8402DAD65632} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {9A382DB8-7C9D-46DD-8ECE-3B2DBC900FA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-24] (Google Inc.)
Task: {9C795C5E-14B4-4E24-A40C-FC995CBED3EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {B070F3A7-8CB3-47CE-9F49-BBAC43643E55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-24] (Google Inc.)
Task: {BCE359B6-B1D9-4DE4-B996-EB1A072C2095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {BDD5F7C3-1E44-499E-B3C9-D2F1EDDC7E38} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {CA2938A3-4D9C-44AC-8CCD-B4ABDFA63883} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec%
Task: {D3A0B034-1356-495C-9344-8C4507072FE2} - System32\Tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {D63366F2-90A2-4EC3-93A9-1B521DF0091E} - System32\Tasks\Opera scheduled Autoupdate 1474730951 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {E68F923C-1CE4-4240-BA98-7896526C6B7E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {EE346217-E832-4173-9761-BDF9902E9C2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3629950189-3343636212-1747802599-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
Přílohy
FRST.zip
(26.04 KiB) Staženo 76 x
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7264
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: snaživý svchost.exe

#7 Příspěvek od altrok »

:arrow: Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
Task: {03381B87-9B1A-4799-826B-B0FAE991E145} - System32\Tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} => pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Game.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
Task: {140A0E2C-EBFB-4D34-9428-02AACE9D194A} - System32\Tasks\{09CD85D6-0074-4140-9175-386AE26D4228} => pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Setup.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\...\MountPoints2: {5a477f43-949d-11e6-95e8-34e6ad5a2552} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\...\MountPoints2: {ac645455-8725-11e6-95dc-34e6ad5a2552} - "W:\OW2.EXE" 
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-02-14 18:36 - 2017-02-14 21:58 - 00000000 ____D C:\Program Files\trend micro
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
valkys27
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 14 úno 2017 18:32

Re: snaživý svchost.exe

#8 Příspěvek od valkys27 »

Tak se zdá, že je problém vyřešen! Firewall Esetu už nezaznamenává žádné problémy, počítač pracuje absolutně bez problému. Zde je Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 01
Ran by tomas (15-02-2017 14:33:17) Run:1
Running from C:\Users\tomas\Desktop
Loaded Profiles: tomas (Available Profiles: defaultuser0 & tomas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {03381B87-9B1A-4799-826B-B0FAE991E145} - System32\Tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} => pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Game.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
Task: {140A0E2C-EBFB-4D34-9428-02AACE9D194A} - System32\Tasks\{09CD85D6-0074-4140-9175-386AE26D4228} => pcalua.exe -a "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ\Setup.exe" -d "C:\Users\tomas\Downloads\Mafia 1 – Plna Verze Hry – CZ"
HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\...\MountPoints2: {5a477f43-949d-11e6-95e8-34e6ad5a2552} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\...\MountPoints2: {ac645455-8725-11e6-95dc-34e6ad5a2552} - "W:\OW2.EXE"
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-02-14 18:36 - 2017-02-14 21:58 - 00000000 ____D C:\Program Files\trend micro
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03381B87-9B1A-4799-826B-B0FAE991E145} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03381B87-9B1A-4799-826B-B0FAE991E145} => key removed successfully
C:\Windows\System32\Tasks\{61E897AF-4C88-4762-8343-6C659AA2C83A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{61E897AF-4C88-4762-8343-6C659AA2C83A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{140A0E2C-EBFB-4D34-9428-02AACE9D194A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{140A0E2C-EBFB-4D34-9428-02AACE9D194A} => key removed successfully
C:\Windows\System32\Tasks\{09CD85D6-0074-4140-9175-386AE26D4228} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09CD85D6-0074-4140-9175-386AE26D4228} => key removed successfully
HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a477f43-949d-11e6-95e8-34e6ad5a2552} => key removed successfully
HKCR\CLSID\{5a477f43-949d-11e6-95e8-34e6ad5a2552} => key not found.
HKU\S-1-5-21-3629950189-3343636212-1747802599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac645455-8725-11e6-95dc-34e6ad5a2552} => key removed successfully
HKCR\CLSID\{ac645455-8725-11e6-95dc-34e6ad5a2552} => key not found.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\Program Files\trend micro => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8281897 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45615631 B
Java, Flash, Steam htmlcache => 55489963 B
Windows/system/drivers => 18889838 B
Edge => 189534568 B
Chrome => 14917924 B
Firefox => 11064269 B
Opera => 417803476 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 19548 B
LocalService => 1634 B
NetworkService => 124689852 B
defaultuser0 => 587916 B
tomas => 34239940 B
Fanda => 20512639 B

RecycleBin => 160265 B
EmptyTemp: => 898.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:34:15 ====

Ještě bych se chtěl zeptat na některé logy, které Eset zaznamenal v nedávné minulosti. První je log z Firewallu:

Čas;Událost;Zdroj;Cíl;Protokol;Název pravidla/červa;Aplikace;Uživatel
15.02.2017 1:12:35;Detekován útok ICMP Flooding;192.168.1.1;192.168.1.168;ICMP;;;

Další logy pak jsou filtrované webové stránky:

Čas;URL;Stav;Aplikace;Uživatel;IP adresa;SHA1
14.02.2017 17:15:36;https://620666.10appstore.net/favicon.ico;Blokováno interním seznamem;C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe;DESKTOP-QTE48LG\tomas;185.137.18.210;EB50C1864CEBC8FBD1DF435F7331CD35B6399274
Čas;URL;Stav;Aplikace;Uživatel;IP adresa;SHA1
14.02.2017 17:15:34;https://620666.10appstore.net/win10soft ... ;Blokováno interním seznamem;C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe;DESKTOP-QTE48LG\tomas;185.137.18.210;EB50C1864CEBC8FBD1DF435F7331CD35B6399274

A nakonec ještě v příloze přikládám screeny zachycující síťovou aktivitu a Firewallem zablokovanou aktivitu z mého telefonu.
Přílohy
příloha.zip
(339.55 KiB) Staženo 68 x
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7264
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: snaživý svchost.exe

#9 Příspěvek od altrok »

Nemam dostatecne znalosti, abych tyto reporty mohl nezpochybnitelne interpretovat. Prvni je podezrela komunikace uvnitr vasi site (obe IP adresy). Dalsi dva jsou z Opery a tezko urcit, cim presne byly zpusobeny. Mozna skodlivym rozsirenim? Co je za rozsireni Stormcrow? Nedokazu vyloucit, zda byl vas router kompromitovan, protoze v PC jiz dalsi aktivni malware nevidim.

Jeste uklidime pouzite nastroje.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
valkys27
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 14 úno 2017 18:32

Re: snaživý svchost.exe

#10 Příspěvek od valkys27 »

Žádné takové rozšíření v Opeře nemám... Co se týče routeru, zkusím tedy ještě pro jistotu stáhnout jeho firmware z jiné sítě, poté odpojit LAN kabel, provést hard reset, nainstalovat novou verzi a přenastavit přístup. Ale ovládání z jiné než lokální sítě mám zakázané, tak snad by mělo být vše v pořádku. Moc Vám děkuji za pomoc, přeji hezký zbytek večera.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7264
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: snaživý svchost.exe

#11 Příspěvek od altrok »

Opera:
=======
OPR Extension: (Stormcrow) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbfifpkeojjlabelpjdgonmigjofgoim [2017-01-05]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2016-12-30]
OPR Extension: (Quick History) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmnhfgcahjdhfocnolfkmfadlieleijj [2016-12-30]
OPR Extension: (Google Keep Sidebar) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\jahdnmdiogdjiondmkmicfekiokaalkj [2016-12-30]
OPR Extension: (TweetDeck Sidebar) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofcpiojpnndnkfhbjffnfcepniapjanf [2016-12-30]
OPR Extension: (Instant Translate: Select and Translate) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2016-12-30]
Podle logu mate :)

Dejte vedet, zda bude FW detekovat podobnou sitovou aktivitu i po resetu routeru. Hezky vecer i vam :)
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
grrr
Návštěvník
Návštěvník
Příspěvky: 2
Registrován: 16 úno 2017 22:22

Re: snaživý svchost.exe

#12 Příspěvek od grrr »

ALTROK je možnost se na to podívat ?
Děkuji

http://forum.viry.cz/viewtopic.php?f=13&t=151438

http://forum.viry.cz/viewtopic.php?f=13&t=151438


http://forum.viry.cz/viewtopic.php?f=13&t=151438


dekuji nevim co a jak
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7264
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: snaživý svchost.exe

#13 Příspěvek od altrok »

grrr píše:ALTROK je možnost se na to podívat ?
Hezky vecer "grrr",

takova moznost tu samozrejme je, ale vzhledem k tomu, ze za chvili vstavam do prace, uprednostnim ted spanek. Zitra se Vam urcite nekdo z kolegu bude venovat.

Preji dobrou noc.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“