Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu- Nimda

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Prosím o kontrolu logu- Nimda

#1 Příspěvek od noora12 »

Avast našel Win32/Nimda, kterého se nelze zbavit. Smažu ho a pak je zase zpátky.



Logfile of random's system information tool 1.10 (written by random/random)
Run by Markét at 2018-04-28 14:13:04
Microsoft Windows 10 Home
System drive C: has 884 GB (93%) free of 953 GB
Total RAM: 8093 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:13:11, on 28.04.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0371)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Markét\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Users\Markét\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\Markét\Downloads\NPE.exe
C:\Users\Markét\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileCoAuth.exe
C:\Program Files\trend micro\Markét.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus15.msn.com/?pc=ASTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus15.msn.com/?pc=ASTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\ASUSWSLoader.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Markét\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Google Update] C:\Users\Markét\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Markét\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Markét\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files (x86)\ASUS\Giftbox" --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem57.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WinZip Compression Smart Monitor Service - Unknown owner - C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 16142 bytes

======Listing Processes======









c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e2932849-c39e-4529-8368-47e15df7d50e -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-032eedb0-b7da-4dfd-a319-57590f0f4f2b -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e73fdd3c-c7ef-49ff-a995-1b913572e49b -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e0beb954-3d0e-4f29-9f15-9b2343c6a8b0 -LifetimeId:0c722125-0147-4325-a16b-db56fdc94303 -DeviceGroupId:
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
winlogon.exe
"fontdrvhost.exe"
"dwm.exe"
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\WINDOWS\system32\nvvsvc.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first

C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
"C:\Program Files\HitmanPro\hmpsched.exe"
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection

c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe"
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe" --type=crashpad-handler --no-rate-limit --database=C:\Users\Markét\AppData\Local\Crashpad --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=7.6.5.0-devel --handshake-handle=0x218
"ctfmon.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\SysWOW64\esif_uf.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"

"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
"C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
igfxEM.exe
igfxHK.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
igfxTray.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe" -userServiceMode
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe" -run
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\WinZip\WzPreloader.exe"
"C:\Program Files\WinZip\FAHWindow64.exe" register
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Users\Markét\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe"
"C:\Users\Markét\AppData\Roaming\Spotify\SpotifyWebHelper.exe" --autostart
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\iPod\bin\iPodService.exe"

AvastUI.exe /nogui
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe -Embedding
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,DocumentWriteEvaluator<DocumentWriteEvaluator,RenderingPipelineThrottling<RenderingPipelineThrottling,V8_Serialize_Age_Code<V8SerializeOptions,V8_Serialize_Eager<V8SerializeOptions,WebRTC-H264WithOpenH264FFmpeg<WebRTC-H264WithOpenH264FFmpeg,token-binding<TokenBinding,use-new-media-cache<use-new-media-cache --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_10-gen2/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/DefaultBrowserInfobar/SettingsText/DocumentWriteEvaluator/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/PreRead/NoPrefetchArgument/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TokenBinding/TokenBinding/TriggeredResetFieldTrial/On/V8SerializeOptions/SerializeEagerAndAgeCode/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-H264WithOpenH264FFmpeg/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --type=gpu-process --channel="4496.0.233617660\647216260" --no-sandbox --user-data-dir="C:\Users\Markét\AppData\Local\ASUS GIFTBOX\User Data" --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,46,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4549 --user-data-dir="C:\Users\Markét\AppData\Local\ASUS GIFTBOX\User Data" --mojo-platform-channel-handle=1284
"C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe" --type=renderer --disable-raf-throttling --no-sandbox --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,DocumentWriteEvaluator<DocumentWriteEvaluator,RenderingPipelineThrottling<RenderingPipelineThrottling,V8_Serialize_Age_Code<V8SerializeOptions,V8_Serialize_Eager<V8SerializeOptions,WebRTC-H264WithOpenH264FFmpeg<WebRTC-H264WithOpenH264FFmpeg,token-binding<TokenBinding,use-new-media-cache<use-new-media-cache --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/*AutomaticTabDiscarding/Enabled_Once_10-gen2/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/DefaultBrowserInfobar/SettingsText/DocumentWriteEvaluator/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/PreRead/NoPrefetchArgument/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TokenBinding/TokenBinding/*TriggeredResetFieldTrial/On/V8SerializeOptions/SerializeEagerAndAgeCode/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-H264WithOpenH264FFmpeg/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --primordial-pipe-token=510A4E8BAC1C8692B3CB9B5791E7A518 --lang=cs --user-data-dir="C:\Users\Markét\AppData\Local\ASUS GIFTBOX\User Data" --nwjs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="4496.1.846779058\1800623923" --mojo-platform-channel-handle=2192
/S
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=renderer --disable-gpu-compositing --disable-pinch --no-sandbox --primordial-pipe-token=346C57A4CAB414981F9BEE7E77B5ED27 --lang=en-US --lang=en-US --log-file="C:\Users\Markét\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.3.2987.1601 Safari/537.36 Avastium (18.3.2333)" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=346C57A4CAB414981F9BEE7E77B5ED27 --renderer-client-id=2 --mojo-platform-channel-handle=4888 /prefetch:1
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe"
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Markét\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Markét\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Markét\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=66.0.3359.139 --initial-client-data=0x8c,0x1e0,0x1e4,0x60,0x1e8,0x7ffafbdf3218,0x7ffafbdf3228,0x7ffafbdf3238
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=11164 --on-initialized-event-handle=688 --parent-handle=696 /prefetch:6
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=6FFFA7165AB2BA90F89782D6921CF830 --mojo-platform-channel-handle=1504 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --service-pipe-token=53740FBA62B8928A1B849BDA68E21DEC --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=53740FBA62B8928A1B849BDA68E21DEC --renderer-client-id=3 --mojo-platform-channel-handle=3176 /prefetch:1
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe" chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.d9d3e4901b36759b > \\.\pipe\chrome.nativeMessaging.out.d9d3e4901b36759b
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe" chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/ --parent-window=0
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --lang=cs --service-sandbox-type=utility --service-request-channel-token=AEFE7BB8CE9E50553A2ACE41F54C8156 --mojo-platform-channel-handle=6868 --ignored=" --type=renderer " /prefetch:8
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --service-pipe-token=A43D6FF2DA61A021A5C2EEA6216578D7 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=A43D6FF2DA61A021A5C2EEA6216578D7 --renderer-client-id=36 --mojo-platform-channel-handle=5064 /prefetch:1
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe"
C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Markét\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Markét\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443 --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.0.77.338 --initial-client-data=0x5a8,0x5b0,0x5b4,0x5ac,0x5b8,0x67ae8718,0x67ae8728,0x67ae8734
"C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-file="C:\Users\Markét\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.77.338 --lang=en-US --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4549 --gpu-driver-date=11-10-2016 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x1299 --log-file="C:\Users\Markét\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.77.338 --lang=en-US --service-request-channel-token=9DB764E9858A74CBE274BD9E0D5A725E --mojo-platform-channel-handle=2108 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Markét\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --service-pipe-token=53FFE2946DD590573991897B57C853CA --lang=en-US --log-file="C:\Users\Markét\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.77.338 --disable-spell-checking --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=53FFE2946DD590573991897B57C853CA --renderer-client-id=3 --mojo-platform-channel-handle=3220 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x450
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\WINDOWS\system32\wwahost.exe" -ServerName:Netflix.App.wwa
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --service-pipe-token=B58C8F7F78994F48CE33DD87604822CC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=B58C8F7F78994F48CE33DD87604822CC --renderer-client-id=138 --mojo-platform-channel-handle=6312 /prefetch:1
"C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
"C:\Users\Markét\Downloads\NPE.exe"
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --service-pipe-token=C472C52200CDF44B0441615871AE5244 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=C472C52200CDF44B0441615871AE5244 --renderer-client-id=172 --mojo-platform-channel-handle=8668 /prefetch:1
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --service-pipe-token=89544A618BE7565B311312B5FB307BBB --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=89544A618BE7565B311312B5FB307BBB --renderer-client-id=179 --mojo-platform-channel-handle=3948 /prefetch:1
"C:\Users\Markét\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,818923771277995209,12476909992700303607,131072 --service-pipe-token=05656A5682126A5EB6BD332B22F22E7C --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=05656A5682126A5EB6BD332B22F22E7C --renderer-client-id=180 --mojo-platform-channel-handle=5108 /prefetch:1
C:\Users\Markét\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileCoAuth.exe -Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 720 736 748 8192 744
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\Markét\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\WpsUpdateTask_Administrator.job - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe -from=task

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-04-17 207024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2018-03-19 199648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-17 3210416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-04 149168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2018-03-19 167480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-17 2200752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-10-03 2654512]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-04-10 242392]
"WinZip UN"=C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-14 2047744]
"WinZip PreLoader"=C:\Program Files\WinZip\WzPreloader.exe [2017-12-14 123848]
"WinZip FAH"=C:\Program Files\WinZip\FAHConsole.exe [2017-12-14 436416]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2018-03-25 298296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Markét\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-04-25 1624224]
"Google Update"=C:\Users\Markét\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [2017-11-17 601680]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2017-12-08 67384]
"AppleIEDAV"=C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [2017-12-08 68408]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2017-12-08 110392]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2017-12-08 67896]
"iCloudPhotos"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2017-12-08 356664]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"Spotify Web Helper"=C:\Users\Markét\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018-03-27 782736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"=C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [2017-09-18 1049600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\ASUSWSLoader.exe [2015-10-22 63272]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-04-28 14:13:05 ----D---- C:\Program Files\trend micro
2018-04-28 14:13:04 ----D---- C:\rsit
2018-04-28 13:57:30 ----A---- C:\WINDOWS\system32\drivers\SMR520.SYS
2018-04-28 13:57:30 ----A---- C:\WINDOWS\system32\drivers\SMR520.dat
2018-04-28 13:57:17 ----D---- C:\ProgramData\Norton
2018-04-28 09:26:03 ----HD---- C:\OneDriveTemp
2018-04-19 18:05:56 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-17 10:37:51 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2018-04-17 10:37:50 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-04-17 10:37:48 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-04-17 10:37:47 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-04-17 10:37:47 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-04-17 10:37:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2018-04-17 10:37:46 ----A---- C:\WINDOWS\SYSWOW64\rdpbase.dll
2018-04-17 10:37:46 ----A---- C:\WINDOWS\SYSWOW64\nlaapi.dll
2018-04-17 10:37:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-04-17 10:37:45 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2018-04-17 10:37:45 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-04-17 10:37:44 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-04-17 10:37:44 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-04-17 10:37:44 ----A---- C:\WINDOWS\SYSWOW64\rdpserverbase.dll
2018-04-17 10:37:44 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-04-17 10:37:44 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-04-17 10:37:44 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-04-17 10:37:43 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-04-17 10:37:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Bluetooth.dll
2018-04-17 10:37:42 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-04-17 10:37:42 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-04-17 10:37:42 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2018-04-17 10:37:42 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2018-04-17 10:37:42 ----A---- C:\WINDOWS\system32\rdpbase.dll
2018-04-17 10:37:41 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-04-17 10:37:41 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-04-17 10:37:41 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-04-17 10:37:41 ----A---- C:\WINDOWS\system32\rdpserverbase.dll
2018-04-17 10:37:41 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-04-17 10:37:41 ----A---- C:\WINDOWS\system32\drivers\vmbkmclr.sys
2018-04-17 10:37:41 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-04-17 10:37:41 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2018-04-17 10:37:40 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\SYSWOW64\FirewallAPI.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\SYSWOW64\evr.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-04-17 10:37:39 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-04-17 10:37:38 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2018-04-17 10:37:38 ----A---- C:\WINDOWS\system32\WcnApi.dll
2018-04-17 10:37:38 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-04-17 10:37:38 ----A---- C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-17 10:37:38 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-04-17 10:37:37 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-04-17 10:37:37 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-04-17 10:37:37 ----A---- C:\WINDOWS\system32\samsrv.dll
2018-04-17 10:37:37 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-04-17 10:37:37 ----A---- C:\WINDOWS\system32\drivers\storahci.sys
2018-04-17 10:37:37 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-04-17 10:37:36 ----A---- C:\WINDOWS\system32\drivers\wfplwfs.sys
2018-04-17 10:37:36 ----A---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2018-04-17 10:37:36 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2018-04-17 10:37:36 ----A---- C:\WINDOWS\system32\drivers\netbios.sys
2018-04-17 10:37:35 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-04-17 10:37:35 ----A---- C:\WINDOWS\system32\hal.dll
2018-04-17 10:37:35 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys
2018-04-17 10:37:35 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2018-04-17 10:37:35 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2018-04-17 10:37:34 ----A---- C:\WINDOWS\system32\drivers\storufs.sys
2018-04-17 10:37:34 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-04-17 10:37:34 ----A---- C:\WINDOWS\system32\drivers\BasicRender.sys
2018-04-17 10:37:34 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-04-17 10:37:33 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2018-04-17 10:37:33 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2018-04-17 10:37:33 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-04-17 10:37:33 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-04-17 10:37:32 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2018-04-17 10:37:32 ----A---- C:\WINDOWS\system32\drivers\vmbkmcl.sys
2018-04-17 10:37:32 ----A---- C:\WINDOWS\system32\drivers\fsdepends.sys
2018-04-17 10:37:31 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-04-17 10:37:31 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-04-17 10:37:31 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2018-04-17 10:37:30 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2018-04-17 10:37:30 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-04-17 10:37:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-04-17 10:37:30 ----A---- C:\WINDOWS\system32\dxtrans.dll
2018-04-17 10:37:29 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2018-04-17 10:37:29 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-04-17 10:37:29 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2018-04-17 10:37:29 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-04-17 10:37:28 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2018-04-17 10:37:28 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-04-17 10:37:28 ----A---- C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2018-04-17 10:37:27 ----A---- C:\WINDOWS\system32\evr.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-04-17 10:37:26 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-04-17 10:37:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-04-17 10:37:25 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2018-04-17 10:37:25 ----A---- C:\WINDOWS\SYSWOW64\fwpolicyiomgr.dll
2018-04-17 10:37:25 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2018-04-17 10:37:25 ----A---- C:\WINDOWS\system32\fontsub.dll
2018-04-17 10:37:25 ----A---- C:\WINDOWS\system32\FirewallAPI.dll
2018-04-17 10:37:24 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2018-04-17 10:37:24 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-04-17 10:37:24 ----A---- C:\WINDOWS\system32\taskcomp.dll
2018-04-17 10:37:24 ----A---- C:\WINDOWS\system32\PhoneProviders.dll
2018-04-17 10:37:24 ----A---- C:\WINDOWS\system32\drivers\wanarp.sys
2018-04-17 10:37:24 ----A---- C:\WINDOWS\system32\drivers\UcmUcsi.sys
2018-04-17 10:37:24 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2018-04-17 10:37:24 ----A---- C:\WINDOWS\system32\AcSpecfc.dll
2018-04-17 10:37:23 ----A---- C:\WINDOWS\system32\drivers\bam.sys
2018-04-17 10:37:22 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2018-04-17 10:37:22 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-04-17 10:37:22 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2018-04-17 10:37:21 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-04-17 10:37:21 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-04-17 10:37:21 ----A---- C:\WINDOWS\system32\wifitask.exe
2018-04-17 10:37:21 ----A---- C:\WINDOWS\system32\wcncsvc.dll
2018-04-17 10:37:21 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-04-17 10:37:20 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2018-04-17 10:37:20 ----A---- C:\WINDOWS\system32\InputService.dll
2018-04-17 10:37:20 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-04-17 10:37:19 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-17 10:37:19 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-04-17 10:37:18 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-04-17 10:37:18 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-04-17 10:37:18 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-04-17 10:37:17 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-04-17 10:37:17 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-04-17 10:37:16 ----A---- C:\WINDOWS\system32\webcheck.dll
2018-04-17 10:37:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-04-17 10:37:15 ----A---- C:\WINDOWS\system32\mshtmled.dll
2018-04-17 10:37:15 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-04-17 10:37:15 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-04-17 10:37:15 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2018-04-17 10:37:14 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-04-17 10:37:14 ----A---- C:\WINDOWS\system32\jscript.dll
2018-04-17 10:37:14 ----A---- C:\WINDOWS\system32\iepeers.dll
2018-04-17 10:37:13 ----A---- C:\WINDOWS\system32\pnrpsvc.dll
2018-04-17 10:37:13 ----A---- C:\WINDOWS\system32\drivers\netvsc.sys
2018-04-17 10:37:12 ----A---- C:\WINDOWS\system32\drivers\volmgr.sys
2018-04-17 10:37:12 ----A---- C:\WINDOWS\system32\drivers\vmbus.sys
2018-04-17 10:37:12 ----A---- C:\WINDOWS\system32\drivers\RfxVmt.sys
2018-04-17 10:37:12 ----A---- C:\WINDOWS\system32\drivers\hvsocket.sys
2018-04-17 10:37:11 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2018-04-17 10:37:11 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-04-17 10:37:11 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-04-17 10:37:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-04-17 10:37:10 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-17 10:37:10 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-04-17 10:37:10 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2018-04-17 10:37:10 ----A---- C:\WINDOWS\system32\actxprxy.dll
2018-04-17 10:37:09 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-04-17 10:37:09 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2018-04-17 10:37:09 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-04-17 10:37:09 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2018-04-17 10:37:09 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-04-17 10:37:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-04-17 10:37:08 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2018-04-17 10:37:08 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-04-17 10:37:07 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-04-17 10:37:07 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-04-17 10:37:06 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-17 10:37:06 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2018-04-17 10:37:05 ----A---- C:\WINDOWS\system32\Unistore.dll
2018-04-17 10:37:05 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-17 10:37:05 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-04-17 10:37:04 ----A---- C:\WINDOWS\system32\UserDataService.dll
2018-04-17 10:37:04 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2018-04-17 10:37:04 ----A---- C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-17 10:37:04 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-04-17 10:37:03 ----A---- C:\WINDOWS\system32\schedsvc.dll
2018-04-17 10:37:03 ----A---- C:\WINDOWS\system32\PhoneService.dll
2018-04-17 10:37:03 ----A---- C:\WINDOWS\system32\ncsi.dll
2018-04-17 10:37:03 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-04-17 10:37:03 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-04-17 10:37:02 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-04-17 10:37:01 ----A---- C:\WINDOWS\system32\ole32.dll
2018-04-17 10:37:00 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-04-17 10:36:59 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-04-17 10:36:58 ----A---- C:\WINDOWS\system32\wininet.dll
2018-04-17 10:36:58 ----A---- C:\WINDOWS\system32\usermgr.dll
2018-04-17 10:36:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
2018-04-17 10:36:57 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-17 10:36:57 ----A---- C:\WINDOWS\system32\msIso.dll
2018-04-17 10:36:56 ----A---- C:\WINDOWS\system32\sysmain.dll
2018-04-17 10:36:56 ----A---- C:\WINDOWS\system32\NaturalAuth.dll
2018-04-17 10:36:56 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2018-04-17 10:36:55 ----A---- C:\WINDOWS\system32\wwansvc.dll
2018-04-17 10:36:55 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-04-17 10:36:55 ----A---- C:\WINDOWS\system32\wlansec.dll
2018-04-17 10:36:55 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2018-04-17 10:36:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-04-17 10:36:53 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-04-17 10:36:50 ----A---- C:\WINDOWS\system32\p2psvc.dll
2018-04-17 10:36:49 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-04-17 10:36:48 ----A---- C:\WINDOWS\system32\winmde.dll
2018-04-17 10:36:48 ----A---- C:\WINDOWS\system32\SyncController.dll
2018-04-17 10:36:48 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-04-17 10:36:48 ----A---- C:\WINDOWS\system32\APHostService.dll
2018-04-17 10:36:47 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-04-17 10:36:47 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-04-17 10:36:47 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-04-17 10:36:46 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-04-17 10:36:46 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-04-17 10:36:45 ----A---- C:\WINDOWS\system32\mfplat.dll
2018-04-17 10:36:45 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-04-17 10:36:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2018-04-17 10:36:43 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2018-04-17 10:36:43 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2018-04-17 10:36:43 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2018-04-17 10:36:42 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-17 10:36:42 ----A---- C:\WINDOWS\system32\ISM.dll
2018-04-17 10:36:42 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-04-17 10:36:41 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-04-17 10:36:41 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2018-04-17 10:36:41 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-04-17 10:36:41 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2018-04-17 10:36:40 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2018-04-17 10:36:40 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2018-04-17 10:36:40 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2018-04-17 10:36:40 ----A---- C:\WINDOWS\system32\spoolsv.exe
2018-04-17 10:36:40 ----A---- C:\WINDOWS\system32\nlaapi.dll
2018-04-17 10:36:40 ----A---- C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-17 10:36:39 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-04-17 10:36:39 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-04-17 10:36:39 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-04-17 10:36:39 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2018-04-17 10:36:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2018-04-17 10:36:38 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-04-17 10:36:38 ----A---- C:\WINDOWS\system32\wscapi.dll
2018-04-17 10:36:38 ----A---- C:\WINDOWS\system32\winlogon.exe
2018-04-17 10:36:38 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2018-04-17 10:36:38 ----A---- C:\WINDOWS\system32\iumdll.dll
2018-04-17 10:36:37 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2018-04-17 10:36:37 ----A---- C:\WINDOWS\SYSWOW64\container.dll
2018-04-17 10:36:37 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-04-17 10:36:37 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-04-17 10:36:36 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-04-17 10:36:36 ----A---- C:\WINDOWS\system32\wuapi.dll
2018-04-17 10:36:36 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-04-17 10:36:35 ----A---- C:\WINDOWS\system32\nlasvc.dll
2018-04-17 10:36:35 ----A---- C:\WINDOWS\system32\icfupgd.dll
2018-04-17 10:36:35 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2018-04-17 10:36:34 ----A---- C:\WINDOWS\system32\twinui.dll
2018-04-17 10:36:34 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-04-17 10:36:34 ----A---- C:\WINDOWS\system32\comdlg32.dll
2018-04-17 10:36:33 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-04-17 10:36:33 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-04-17 10:36:33 ----A---- C:\WINDOWS\system32\nshhttp.dll
2018-04-17 10:36:33 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-04-17 10:36:33 ----A---- C:\WINDOWS\system32\appinfo.dll
2018-04-17 10:36:32 ----A---- C:\WINDOWS\explorer.exe
2018-04-17 10:36:31 ----A---- C:\WINDOWS\system32\iumcrypt.dll
2018-04-17 10:36:30 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-04-17 10:36:30 ----A---- C:\WINDOWS\system32\shell32.dll
2018-04-17 10:36:29 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-04-17 10:36:28 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-17 10:36:28 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-04-17 10:36:27 ----A---- C:\WINDOWS\system32\mfps.dll
2018-04-17 10:36:26 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-17 10:36:22 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2018-04-17 10:36:22 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-04-17 10:36:21 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-17 10:36:20 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-04-17 10:36:19 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2018-04-17 10:36:13 ----A---- C:\WINDOWS\system32\usocore.dll
2018-04-17 10:36:13 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-17 10:36:13 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2018-04-17 10:36:11 ----A---- C:\WINDOWS\system32\vac.exe
2018-04-17 10:36:05 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2018-04-17 10:36:05 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2018-04-17 10:36:05 ----A---- C:\WINDOWS\system32\SRH.dll
2018-04-17 10:36:05 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-17 10:36:04 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-17 10:36:04 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-17 10:36:03 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-04-17 10:36:03 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-04-17 10:36:02 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-17 10:36:01 ----A---- C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-17 10:35:59 ----A---- C:\WINDOWS\system32\runexehelper.exe
2018-04-17 10:35:59 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-04-17 10:35:58 ----A---- C:\WINDOWS\system32\convertvhd.exe
2018-04-17 10:35:58 ----A---- C:\WINDOWS\system32\container.dll
2018-04-17 10:35:55 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-04-17 10:35:54 ----A---- C:\WINDOWS\system32\winresume.exe
2018-04-17 10:35:54 ----A---- C:\WINDOWS\system32\winload.exe
2018-04-17 10:35:54 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-04-17 10:35:52 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-04-17 10:35:52 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-04-17 10:35:52 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-04-17 10:35:52 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-04-17 10:35:52 ----A---- C:\WINDOWS\system32\systemreset.exe
2018-04-17 10:35:52 ----A---- C:\WINDOWS\system32\reseteng.dll
2018-04-17 10:35:52 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-04-17 10:35:51 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2018-04-17 10:35:51 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\devinv.dll
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-04-17 10:35:50 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-04-17 10:35:48 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2018-04-17 10:35:47 ----A---- C:\WINDOWS\SYSWOW64\WWanAPI.dll
2018-04-17 10:35:47 ----A---- C:\WINDOWS\system32\WWanAPI.dll
2018-04-17 10:35:47 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-04-17 10:35:47 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-04-17 10:35:46 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-04-17 10:35:46 ----A---- C:\WINDOWS\system32\tquery.dll
2018-04-17 10:35:45 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-04-17 10:35:45 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-04-17 10:35:45 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-04-17 10:35:45 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-04-17 10:35:44 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-04-17 10:35:44 ----A---- C:\WINDOWS\system32\msi.dll
2018-04-17 10:35:44 ----A---- C:\WINDOWS\system32\efscore.dll
2018-04-17 10:35:43 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-04-17 10:35:42 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-04-17 10:35:42 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2018-04-17 10:35:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2018-04-17 10:35:41 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2018-04-17 10:35:41 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2018-04-17 10:35:41 ----A---- C:\WINDOWS\system32\atmfd.dll
2018-04-17 10:35:40 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-04-17 10:35:40 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2018-04-17 10:35:40 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2018-04-17 10:35:40 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-04-17 10:35:39 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2018-04-17 10:35:39 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2018-04-17 10:35:39 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-04-17 10:35:38 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2018-04-17 10:35:38 ----A---- C:\WINDOWS\system32\skci.dll
2018-04-17 10:35:38 ----A---- C:\WINDOWS\system32\ci.dll
2018-04-17 10:35:37 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-04-17 10:35:37 ----A---- C:\WINDOWS\system32\Spectrum.exe
2018-04-17 10:35:37 ----A---- C:\WINDOWS\system32\mos.dll
2018-04-17 10:35:37 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-04-17 10:35:36 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2018-04-17 10:35:36 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2018-04-17 10:35:36 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-04-17 10:35:35 ----A---- C:\WINDOWS\SYSWOW64\UIRibbon.dll
2018-04-17 10:35:35 ----A---- C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-17 10:35:35 ----A---- C:\WINDOWS\system32\SensorService.dll
2018-04-17 10:35:35 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-04-17 10:35:34 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2018-04-17 10:35:34 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2018-04-17 10:35:34 ----A---- C:\WINDOWS\system32\usercpl.dll
2018-04-17 10:35:34 ----A---- C:\WINDOWS\system32\cdp.dll
2018-04-17 10:35:33 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-04-17 10:35:32 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2018-04-17 10:35:31 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2018-04-17 10:35:31 ----A---- C:\WINDOWS\system32\Wpc.dll
2018-04-17 10:35:31 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-17 10:35:31 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-04-17 10:35:30 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2018-04-17 10:35:30 ----A---- C:\WINDOWS\system32\mmc.exe
2018-04-17 10:35:30 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-04-17 10:35:29 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-04-17 10:35:29 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-04-17 10:35:29 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2018-04-17 10:35:29 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-04-17 10:35:29 ----A---- C:\WINDOWS\system32\ieui.dll
2018-04-17 10:35:28 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2018-04-17 10:35:28 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2018-04-17 10:35:28 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-04-17 10:35:27 ----A---- C:\WINDOWS\SYSWOW64\StateRepository.Core.dll
2018-04-17 10:35:27 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-04-17 10:35:26 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-04-17 10:35:26 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2018-04-17 10:35:26 ----A---- C:\WINDOWS\SYSWOW64\rtmpltfm.dll
2018-04-17 10:35:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2018-04-17 10:35:25 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2018-04-17 10:35:25 ----A---- C:\WINDOWS\system32\wow64.dll
2018-04-17 10:35:25 ----A---- C:\WINDOWS\system32\vmrdvcore.dll
2018-04-17 10:35:25 ----A---- C:\WINDOWS\system32\sppwinob.dll
2018-04-17 10:35:25 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-04-17 10:35:25 ----A---- C:\WINDOWS\system32\DWrite.dll
2018-04-17 10:35:24 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-04-17 10:35:23 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-04-17 10:35:23 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-04-17 10:35:22 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-04-17 10:35:22 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-17 10:35:22 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-04-17 10:35:22 ----A---- C:\WINDOWS\system32\mf.dll
2018-04-17 10:35:22 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-04-17 10:35:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2018-04-17 10:35:21 ----A---- C:\WINDOWS\SYSWOW64\vssapi.dll
2018-04-17 10:35:21 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2018-04-17 10:35:21 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-04-17 10:35:20 ----A---- C:\WINDOWS\SYSWOW64\StructuredQuery.dll
2018-04-17 10:35:20 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2018-04-17 10:35:20 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2018-04-17 10:35:20 ----A---- C:\WINDOWS\system32\sspicli.dll
2018-04-17 10:35:20 ----A---- C:\WINDOWS\system32\lsm.dll
2018-04-17 10:35:19 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2018-04-17 10:35:19 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-04-17 10:35:19 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2018-04-17 10:35:19 ----A---- C:\WINDOWS\system32\invagent.dll
2018-04-17 10:35:19 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-04-17 10:35:18 ----A---- C:\WINDOWS\system32\SEMgrSvc.dll
2018-04-17 10:35:18 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-04-17 10:35:18 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-04-17 10:35:18 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2018-04-17 10:35:18 ----A---- C:\WINDOWS\system32\aepic.dll
2018-04-17 10:35:17 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-04-17 10:35:17 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-04-17 10:35:17 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-04-17 10:35:16 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2018-04-17 10:35:15 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-04-17 10:35:15 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\system32\UIRibbon.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-04-17 10:35:14 ----A---- C:\WINDOWS\system32\qmgr.dll
2018-04-17 10:35:14 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-04-17 10:35:13 ----A---- C:\WINDOWS\system32\WpcMon.exe
2018-04-17 10:35:13 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-04-17 10:35:13 ----A---- C:\WINDOWS\system32\VSSVC.exe
2018-04-17 10:35:13 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-04-17 10:35:12 ----A---- C:\WINDOWS\SYSWOW64\setupapi.dll
2018-04-17 10:35:12 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2018-04-17 10:35:12 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-04-17 10:35:12 ----A---- C:\WINDOWS\system32\rtmpal.dll
2018-04-17 10:35:12 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-17 10:35:12 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-04-17 10:35:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-04-17 10:35:11 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2018-04-17 10:35:11 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-04-17 10:35:11 ----A---- C:\WINDOWS\system32\localspl.dll
2018-04-17 10:35:10 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-04-17 10:35:10 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2018-04-17 10:35:10 ----A---- C:\WINDOWS\system32\webio.dll
2018-04-17 10:35:10 ----A---- C:\WINDOWS\system32\gameux.dll
2018-04-17 10:35:10 ----A---- C:\WINDOWS\system32\authui.dll
2018-04-17 10:35:09 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2018-04-17 10:35:09 ----A---- C:\WINDOWS\system32\srcore.dll
2018-04-17 10:35:09 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-04-17 10:35:09 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-04-17 10:35:09 ----A---- C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-17 10:35:09 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-17 10:35:08 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2018-04-17 10:35:08 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2018-04-17 10:35:07 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-04-17 10:35:07 ----A---- C:\WINDOWS\system32\usoapi.dll
2018-04-17 10:35:07 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-04-17 10:35:07 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\shutdownux.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\propsys.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-04-17 10:35:06 ----A---- C:\WINDOWS\system32\efswrt.dll
2018-04-17 10:35:05 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-04-17 10:35:05 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-04-17 10:35:05 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-04-17 10:35:05 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-04-17 10:35:04 ----A---- C:\WINDOWS\SYSWOW64\SyncCenter.dll
2018-04-17 10:35:04 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2018-04-17 10:35:04 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2018-04-17 10:35:04 ----A---- C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-17 10:35:04 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2018-04-17 10:35:03 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2018-04-17 10:35:03 ----A---- C:\WINDOWS\SYSWOW64\CredProvDataModel.dll
2018-04-17 10:35:03 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-04-17 10:35:03 ----A---- C:\WINDOWS\system32\Magnify.exe
2018-04-17 10:35:03 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-04-17 10:35:03 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2018-04-17 10:34:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll
2018-04-17 10:34:59 ----A---- C:\WINDOWS\SYSWOW64\MicrosoftAccountWAMExtension.dll
2018-04-17 10:34:59 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2018-04-17 10:34:58 ----A---- C:\WINDOWS\system32\rasgcw.dll
2018-04-17 10:34:56 ----A---- C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-04-17 10:34:56 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2018-04-17 10:34:55 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-04-17 10:34:54 ----A---- C:\WINDOWS\SYSWOW64\WMVXENCD.DLL
2018-04-17 10:34:54 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2018-04-17 10:34:53 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2018-04-17 10:34:53 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-04-17 10:34:53 ----A---- C:\WINDOWS\system32\mspaint.exe
2018-04-17 10:34:52 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2018-04-17 10:34:52 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-04-17 10:34:52 ----A---- C:\WINDOWS\system32\cdpusersvc.dll
2018-04-17 10:34:51 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2018-04-17 10:34:51 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2018-04-17 10:34:51 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-04-17 10:34:51 ----A---- C:\WINDOWS\system32\TSpkg.dll
2018-04-17 10:34:51 ----A---- C:\WINDOWS\system32\setupapi.dll
2018-04-17 10:34:50 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-04-17 10:34:49 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2018-04-17 10:34:49 ----A---- C:\WINDOWS\SYSWOW64\rtmpal.dll
2018-04-17 10:34:49 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-04-17 10:34:49 ----A---- C:\WINDOWS\SYSWOW64\Magnify.exe
2018-04-17 10:34:49 ----A---- C:\WINDOWS\system32\vssapi.dll
2018-04-17 10:34:49 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-17 10:34:49 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-04-17 10:34:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-04-17 10:34:48 ----A---- C:\WINDOWS\system32\sud.dll
2018-04-17 10:34:48 ----A---- C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-04-17 10:34:47 ----A---- C:\WINDOWS\system32\WMVXENCD.DLL
2018-04-17 10:34:47 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-04-17 10:34:46 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2018-04-17 10:34:46 ----A---- C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-17 10:34:46 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-04-17 10:34:46 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-04-17 10:34:46 ----A---- C:\WINDOWS\system32\hgcpl.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\SYSWOW64\nshhttp.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\SYSWOW64\MsSpellCheckingFacility.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\SYSWOW64\AuthFWSnapin.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\system32\winbrand.dll
2018-04-17 10:34:45 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-04-17 10:34:44 ----A---- C:\WINDOWS\SYSWOW64\WMVSENCD.DLL
2018-04-17 10:34:44 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2018-04-17 10:34:44 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-04-17 10:34:44 ----A---- C:\WINDOWS\system32\AuthFWSnapin.dll
2018-04-17 10:34:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2018-04-17 10:34:43 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-04-17 10:34:43 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2018-04-17 10:34:43 ----A---- C:\WINDOWS\system32\SettingSync.dll
2018-04-17 10:34:43 ----A---- C:\WINDOWS\system32\edputil.dll
2018-04-17 10:34:42 ----A---- C:\WINDOWS\SYSWOW64\winbrand.dll
2018-04-17 10:34:42 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2018-04-17 10:34:42 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2018-04-17 10:34:42 ----A---- C:\WINDOWS\system32\stobject.dll
2018-04-17 10:34:42 ----A---- C:\WINDOWS\system32\offlinesam.dll
2018-04-17 10:34:42 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-04-17 10:34:42 ----A---- C:\WINDOWS\system32\aclui.dll
2018-04-17 10:34:41 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-04-17 10:34:41 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-04-17 10:34:41 ----A---- C:\WINDOWS\SYSWOW64\rtmcodecs.dll
2018-04-17 10:34:41 ----A---- C:\WINDOWS\system32\WMVSENCD.DLL
2018-04-17 10:34:41 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-04-17 10:34:41 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-04-17 10:34:41 ----A---- C:\WINDOWS\system32\puiobj.dll
2018-04-17 10:34:41 ----A---- C:\WINDOWS\system32\mfksproxy.dll
2018-04-17 10:34:41 ----A---- C:\WINDOWS\system32\ListSvc.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\SYSWOW64\edputil.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\system32\vpnike.dll
2018-04-17 10:34:40 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-04-17 10:34:39 ----A---- C:\WINDOWS\SYSWOW64\sppcomapi.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\SYSWOW64\msvcp110_win.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\system32\updatecsp.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\system32\SettingMonitor.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\system32\ninput.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-04-17 10:34:39 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-04-17 10:34:38 ----A---- C:\WINDOWS\SYSWOW64\shsetup.dll
2018-04-17 10:34:38 ----A---- C:\WINDOWS\SYSWOW64\SettingMonitor.dll
2018-04-17 10:34:38 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-04-17 10:34:38 ----A---- C:\WINDOWS\system32\RTWorkQ.dll
2018-04-17 10:34:38 ----A---- C:\WINDOWS\system32\msra.exe
2018-04-17 10:34:38 ----A---- C:\WINDOWS\system32\FsIso.exe
2018-04-17 10:34:38 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-04-17 10:34:37 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2018-04-17 10:34:37 ----A---- C:\WINDOWS\SYSWOW64\OneCoreCommonProxyStub.dll
2018-04-17 10:34:37 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-04-17 10:34:37 ----A---- C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-17 10:34:37 ----A---- C:\WINDOWS\system32\shsetup.dll
2018-04-17 10:34:37 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-04-17 10:34:36 ----A---- C:\WINDOWS\SYSWOW64\themeui.dll
2018-04-17 10:34:36 ----A---- C:\WINDOWS\SYSWOW64\RTWorkQ.dll
2018-04-17 10:34:36 ----A---- C:\WINDOWS\system32\twinapi.dll
2018-04-17 10:34:36 ----A---- C:\WINDOWS\system32\rastls.dll
2018-04-17 10:34:36 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-04-17 10:34:35 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-04-17 10:34:35 ----A---- C:\WINDOWS\system32\win32spl.dll
2018-04-17 10:34:35 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-04-17 10:34:35 ----A---- C:\WINDOWS\system32\HoloShellRuntime.dll
2018-04-17 10:34:35 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\newdev.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\mmcbase.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2018-04-17 10:34:34 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-04-17 10:34:33 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-04-17 10:34:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2018-04-17 10:34:33 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2018-04-17 10:34:33 ----A---- C:\WINDOWS\SYSWOW64\mfksproxy.dll
2018-04-17 10:34:33 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\wldp.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\WebClnt.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\offlinelsa.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\drivers\dumpfve.sys
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-17 10:34:32 ----A---- C:\WINDOWS\system32\basecsp.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\SYSWOW64\offlinelsa.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\SYSWOW64\newdev.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\system32\ortcengine.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-04-17 10:34:31 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2018-04-17 10:34:30 ----A---- C:\WINDOWS\SYSWOW64\rtmmvrortc.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\SYSWOW64\ortcengine.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\SYSWOW64\CloudNotifications.exe
2018-04-17 10:34:30 ----A---- C:\WINDOWS\SYSWOW64\basecsp.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\LsaIso.exe
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2018-04-17 10:34:30 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-04-17 10:34:29 ----A---- C:\WINDOWS\system32\wwapi.dll
2018-04-17 10:34:29 ----A---- C:\WINDOWS\system32\drivers\rdyboost.sys
2018-04-17 10:34:29 ----A---- C:\WINDOWS\system32\drivers\pcw.sys
2018-04-17 10:34:29 ----A---- C:\WINDOWS\system32\drivers\mup.sys
2018-04-17 10:34:29 ----A---- C:\WINDOWS\system32\drivers\ataport.sys
2018-04-17 10:34:29 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2018-04-17 10:34:28 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\TtlsExt.dll
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\netplwiz.dll
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\IumSdk.dll
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\drivers\winhv.sys
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\drivers\mountmgr.sys
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-04-17 10:34:28 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-04-17 10:34:27 ----A---- C:\WINDOWS\SYSWOW64\DeviceReactivation.dll
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\NetSetupApi.dll
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\drivers\vpci.sys
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\drivers\vmstorfl.sys
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\drivers\tdx.sys
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-04-17 10:34:27 ----A---- C:\WINDOWS\system32\drivers\disk.sys
2018-04-17 10:34:26 ----A---- C:\WINDOWS\SYSWOW64\PCShellCommonProxyStub.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\SDFHost.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\msvcp110_win.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\logoncli.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\kdhvcom.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\iumbase.dll
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\drivers\vdrvroot.sys
2018-04-17 10:34:26 ----A---- C:\WINDOWS\system32\drivers\storvsc.sys
2018-04-17 10:34:25 ----A---- C:\WINDOWS\SYSWOW64\wwapi.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\SYSWOW64\wshhyperv.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\SYSWOW64\logoncli.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\SYSWOW64\icm32.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\wlanapi.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\vmbuspipe.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\svf.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\ntshrui.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\icm32.dll
2018-04-17 10:34:25 ----A---- C:\WINDOWS\system32\hvhostsvc.dll
2018-04-17 10:34:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2018-04-17 10:34:24 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-04-17 10:34:24 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2018-04-17 10:34:24 ----A---- C:\WINDOWS\system32\gpapi.dll
2018-04-17 10:34:24 ----A---- C:\WINDOWS\system32\FontProvider.dll
2018-04-17 10:34:24 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2018-04-17 10:34:24 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2018-04-17 10:34:23 ----A---- C:\WINDOWS\system32\wshhyperv.dll
2018-04-17 10:34:23 ----A---- C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-04-17 10:34:23 ----A---- C:\WINDOWS\system32\themeui.dll
2018-04-17 10:34:23 ----A---- C:\WINDOWS\system32\themecpl.dll
2018-04-17 10:34:23 ----A---- C:\WINDOWS\system32\drivers\isapnp.sys
2018-04-17 10:34:23 ----A---- C:\WINDOWS\system32\drivers\fs_rec.sys
2018-04-17 10:34:22 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2018-04-17 10:34:22 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-04-17 10:34:22 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-04-17 10:34:22 ----A---- C:\WINDOWS\system32\drivers\intelppm.sys
2018-04-17 10:34:22 ----A---- C:\WINDOWS\system32\browserexport.exe
2018-04-17 10:34:22 ----A---- C:\WINDOWS\system32\authz.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\SYSWOW64\mscms.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\SYSWOW64\davclnt.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\srchadmin.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\scksp.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\regsvr32.exe
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\puiapi.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\mscms.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\drivers\processr.sys
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\davclnt.dll
2018-04-17 10:34:21 ----A---- C:\WINDOWS\system32\certprop.dll
2018-04-17 10:34:20 ----A---- C:\WINDOWS\SYSWOW64\regsvr32.exe
2018-04-17 10:34:20 ----A---- C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-17 10:34:20 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-04-17 10:34:20 ----A---- C:\WINDOWS\system32\drivers\amdppm.sys
2018-04-17 10:34:20 ----A---- C:\WINDOWS\system32\drivers\amdk8.sys
2018-04-17 10:34:19 ----A---- C:\WINDOWS\system32\wudriver.dll
2018-04-17 10:34:19 ----A---- C:\WINDOWS\system32\bootux.dll
2018-04-17 10:34:18 ----A---- C:\WINDOWS\SYSWOW64\setup16.exe
2018-04-17 10:34:18 ----A---- C:\WINDOWS\SYSWOW64\scksp.dll
2018-04-17 10:34:18 ----A---- C:\WINDOWS\SYSWOW64\HoloShellRuntime.dll
2018-04-17 10:34:18 ----A---- C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-04-17 10:34:18 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-04-17 10:34:18 ----A---- C:\WINDOWS\system32\fontext.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\SYSWOW64\wlgpclnt.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\SYSWOW64\mssprxy.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\system32\rstrui.exe
2018-04-17 10:34:17 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\system32\gpsvc.dll
2018-04-17 10:34:17 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2018-04-17 10:34:17 ----A---- C:\WINDOWS\system32\adhsvc.dll
2018-04-17 10:34:16 ----A---- C:\WINDOWS\SYSWOW64\wsnmp32.dll
2018-04-17 10:34:16 ----A---- C:\WINDOWS\SYSWOW64\twext.dll
2018-04-17 10:34:16 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-04-17 10:34:15 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2018-04-17 10:34:15 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-04-17 10:34:15 ----A---- C:\WINDOWS\system32\drivers\ahcache.sys
2018-04-17 10:34:14 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2018-04-17 10:34:14 ----A---- C:\WINDOWS\SYSWOW64\winsku.dll
2018-04-17 10:34:14 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2018-04-17 10:34:14 ----A---- C:\WINDOWS\system32\wlgpclnt.dll
2018-04-17 10:34:14 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-04-17 10:34:14 ----A---- C:\WINDOWS\system32\LockScreenContent.dll
2018-04-17 10:34:14 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2018-04-17 10:34:14 ----A---- C:\WINDOWS\system32\drivers\dfsc.sys
2018-04-17 10:34:14 ----A---- C:\WINDOWS\system32\drivers\bowser.sys
2018-04-17 10:34:13 ----A---- C:\WINDOWS\system32\wups.dll
2018-04-17 10:34:13 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2018-04-17 10:34:13 ----A---- C:\WINDOWS\system32\rshx32.dll
2018-04-17 10:34:12 ----A---- C:\WINDOWS\SYSWOW64\SearchFilterHost.exe
2018-04-17 10:34:12 ----A---- C:\WINDOWS\system32\tcpmon.dll
2018-04-17 10:34:12 ----A---- C:\WINDOWS\system32\imgutil.dll
2018-04-17 10:34:12 ----A---- C:\WINDOWS\system32\drivers\winhvr.sys
2018-04-17 10:34:12 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-04-17 10:34:12 ----A---- C:\WINDOWS\system32\drivers\msfs.sys
2018-04-17 10:34:11 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2018-04-17 10:34:11 ----A---- C:\WINDOWS\system32\drivers\rmcast.sys
2018-04-17 10:34:11 ----A---- C:\WINDOWS\system32\drivers\PEAuth.sys
2018-04-17 10:34:11 ----A---- C:\WINDOWS\system32\drivers\nsiproxy.sys
2018-04-17 10:34:11 ----A---- C:\WINDOWS\system32\drivers\lltdio.sys
2018-04-17 10:34:10 ----A---- C:\WINDOWS\SYSWOW64\sendmail.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\system32\TtlsCfg.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-17 10:34:10 ----A---- C:\WINDOWS\system32\drivers\rdpbus.sys
2018-04-17 10:34:10 ----A---- C:\WINDOWS\system32\drivers\ndisuio.sys
2018-04-17 10:34:10 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-04-17 10:34:09 ----A---- C:\WINDOWS\SYSWOW64\UserDeviceRegistration.dll
2018-04-17 10:34:09 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-04-17 10:34:09 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-04-17 10:34:09 ----A---- C:\WINDOWS\system32\drivers\Synth3dVsc.sys
2018-04-17 10:34:09 ----A---- C:\WINDOWS\system32\drivers\irda.sys
2018-04-17 10:34:09 ----A---- C:\WINDOWS\system32\drivers\dmvsc.sys
2018-04-17 10:34:09 ----A---- C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.ProxyStub.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\SYSWOW64\TtlsCfg.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\system32\ncbservice.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\system32\compstui.dll
2018-04-17 10:34:08 ----A---- C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\SYSWOW64\SyncController.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\SYSWOW64\occache.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\SYSWOW64\mmcbase.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\SYSWOW64\compstui.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\wscsvc.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\WordBreakers.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\wfdprov.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\twext.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\TtlsAuth.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\racpldlg.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\occache.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2018-04-17 10:34:07 ----A---- C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-17 10:34:06 ----A---- C:\WINDOWS\SYSWOW64\puiapi.dll
2018-04-17 10:34:06 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2018-04-17 10:34:06 ----A---- C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-17 10:34:06 ----A---- C:\WINDOWS\system32\drivers\hyperkbd.sys
2018-04-17 10:34:05 ----A---- C:\WINDOWS\SYSWOW64\EnterpriseAppMgmtClient.dll
2018-04-17 10:34:05 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2018-04-17 10:34:05 ----A---- C:\WINDOWS\system32\ieUnatt.exe
2018-04-17 10:34:05 ----A---- C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-17 10:34:04 ----A---- C:\WINDOWS\SYSWOW64\ieUnatt.exe
2018-04-17 10:34:04 ----A---- C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-17 10:34:04 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
2018-04-17 10:34:04 ----A---- C:\WINDOWS\system32\drivers\HyperVideo.sys
2018-04-17 10:34:03 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2018-04-17 10:34:03 ----A---- C:\WINDOWS\SYSWOW64\DafPrintProvider.dll
2018-04-17 10:34:03 ----A---- C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-17 10:34:03 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-17 10:34:03 ----A---- C:\WINDOWS\system32\dsreg.dll
2018-04-17 10:34:03 ----A---- C:\WINDOWS\system32\drivers\rasacd.sys
2018-04-17 10:34:02 ----A---- C:\WINDOWS\SYSWOW64\srchadmin.dll
2018-04-17 10:34:02 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2018-04-17 10:34:02 ----A---- C:\WINDOWS\system32\UsoClient.exe
2018-04-17 10:34:02 ----A---- C:\WINDOWS\system32\drivers\beep.sys
2018-04-17 10:34:02 ----A---- C:\WINDOWS\system32\appidtel.exe
2018-04-17 10:34:01 ----A---- C:\WINDOWS\SYSWOW64\virtdisk.dll
2018-04-17 10:34:01 ----A---- C:\WINDOWS\system32\winsku.dll
2018-04-17 10:34:01 ----A---- C:\WINDOWS\system32\virtdisk.dll
2018-04-17 10:34:01 ----A---- C:\WINDOWS\system32\drivers\vmgencounter.sys
2018-04-17 10:34:01 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2018-04-17 10:34:00 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2018-04-17 10:34:00 ----A---- C:\WINDOWS\system32\url.dll
2018-04-17 10:33:59 ----A---- C:\WINDOWS\SYSWOW64\url.dll
2018-04-17 10:33:59 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2018-04-17 10:33:59 ----A---- C:\WINDOWS\SYSWOW64\IEAdvpack.dll
2018-04-17 10:33:59 ----A---- C:\WINDOWS\system32\wups2.dll
2018-04-17 10:33:59 ----A---- C:\WINDOWS\system32\jsproxy.dll
2018-04-17 10:33:58 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeHelper.dll
2018-04-17 10:33:58 ----A---- C:\WINDOWS\system32\IEAdvpack.dll
2018-04-17 10:33:58 ----A---- C:\WINDOWS\system32\drivers\vmgid.sys
2018-04-17 10:33:58 ----A---- C:\WINDOWS\system32\drivers\VMBusHID.sys
2018-04-17 10:33:57 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-04-17 10:33:57 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2018-04-17 10:33:56 ----A---- C:\WINDOWS\SYSWOW64\iesysprep.dll
2018-04-17 10:33:55 ----A---- C:\WINDOWS\SYSWOW64\msfeedsbs.dll
2018-04-17 10:33:55 ----A---- C:\WINDOWS\SYSWOW64\inseng.dll
2018-04-17 10:33:55 ----A---- C:\WINDOWS\SYSWOW64\imgutil.dll
2018-04-17 10:33:55 ----A---- C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-17 10:33:55 ----A---- C:\WINDOWS\system32\drivers\vms3cap.sys
2018-04-17 10:33:54 ----A---- C:\WINDOWS\SYSWOW64\pngfilt.dll
2018-04-17 10:33:53 ----A---- C:\WINDOWS\SYSWOW64\iesetup.dll
2018-04-17 10:33:53 ----A---- C:\WINDOWS\system32\iesysprep.dll
2018-04-17 10:33:53 ----A---- C:\WINDOWS\system32\drivers\null.sys
2018-04-17 10:33:51 ----A---- C:\WINDOWS\system32\drivers\gpuenergydrv.sys
2018-04-17 10:33:50 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2018-04-17 10:33:50 ----A---- C:\WINDOWS\SYSWOW64\iexpress.exe
2018-04-17 10:33:49 ----A---- C:\WINDOWS\SYSWOW64\wextract.exe
2018-04-17 10:33:49 ----A---- C:\WINDOWS\system32\wextract.exe
2018-04-17 10:33:49 ----A---- C:\WINDOWS\system32\inseng.dll
2018-04-17 10:33:48 ----A---- C:\WINDOWS\SYSWOW64\JavaScriptCollectionAgent.dll
2018-04-17 10:33:48 ----A---- C:\WINDOWS\system32\tzres.dll
2018-04-17 10:33:48 ----A---- C:\WINDOWS\system32\pngfilt.dll
2018-04-17 10:33:48 ----A---- C:\WINDOWS\system32\iesetup.dll
2018-04-17 10:33:47 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-04-17 10:33:47 ----A---- C:\WINDOWS\SYSWOW64\licmgr10.dll
2018-04-17 10:33:47 ----A---- C:\WINDOWS\SYSWOW64\iernonce.dll
2018-04-17 10:33:47 ----A---- C:\WINDOWS\system32\licmgr10.dll
2018-04-17 10:33:47 ----A---- C:\WINDOWS\system32\iexpress.exe
2018-04-17 10:33:46 ----A---- C:\WINDOWS\SYSWOW64\UIRibbonRes.dll
2018-04-17 10:33:46 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-17 10:33:46 ----A---- C:\WINDOWS\system32\iernonce.dll
2018-04-17 10:33:45 ----A---- C:\WINDOWS\SYSWOW64\mshta.exe
2018-04-17 10:33:44 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2018-04-17 10:33:43 ----A---- C:\WINDOWS\SYSWOW64\msfeedssync.exe
2018-04-17 10:33:43 ----A---- C:\WINDOWS\system32\mshta.exe
2018-04-17 10:33:41 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2018-04-17 10:33:40 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-04-17 10:33:40 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2018-04-17 10:33:40 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-04-17 10:33:39 ----A---- C:\WINDOWS\system32\WSDMon.dll
2018-04-17 10:33:39 ----A---- C:\WINDOWS\system32\kerberos.dll
2018-04-17 10:33:39 ----A---- C:\WINDOWS\system32\BFE.DLL
2018-04-17 10:33:38 ----A---- C:\WINDOWS\SYSWOW64\taskcomp.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\SYSWOW64\SessEnv.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore6.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\usbmon.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\srvsvc.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\SessEnv.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\icsvcext.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\dhcpcore6.dll
2018-04-17 10:33:38 ----A---- C:\WINDOWS\system32\dhcpcore.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\SYSWOW64\BrowserSettingSync.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\wkssvc.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\psmsrv.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\icsvc.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\dssvc.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\dot3svc.dll
2018-04-17 10:33:37 ----A---- C:\WINDOWS\system32\BrokerLib.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\SYSWOW64\PimIndexMaintenanceClient.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\SYSWOW64\fdPnp.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\SYSWOW64\credssp.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\sysntfy.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\offreg.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\keyiso.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\httpprxm.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\hlink.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\fdPnp.dll
2018-04-17 10:33:36 ----A---- C:\WINDOWS\system32\efslsaext.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\SYSWOW64\wmiprop.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\SYSWOW64\perfhost.exe
2018-04-17 10:33:35 ----A---- C:\WINDOWS\SYSWOW64\msrating.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\SYSWOW64\msdtcprx.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\SYSWOW64\keyiso.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\SYSWOW64\fdWNet.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\wmiprop.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\nsisvc.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\nrpsrv.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\fdWNet.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\efssvc.dll
2018-04-17 10:33:35 ----A---- C:\WINDOWS\system32\credssp.dll
2018-04-17 10:33:34 ----A---- C:\WINDOWS\SYSWOW64\user.exe
2018-04-17 10:33:34 ----A---- C:\WINDOWS\SYSWOW64\msisip.dll
2018-04-17 10:33:34 ----A---- C:\WINDOWS\system32\msrating.dll
2018-04-17 10:33:34 ----A---- C:\WINDOWS\system32\msisip.dll
2018-04-17 10:11:02 ----D---- C:\Program Files\Common Files\DESIGNER
2018-04-14 13:54:52 ----D---- C:\Program Files\iPod
2018-04-14 13:53:19 ----D---- C:\Program Files\iTunes
2018-04-14 13:44:53 ----D---- C:\Program Files (x86)\Apple Software Update
2018-04-10 17:30:12 ----A---- C:\WINDOWS\system32\drivers\lpsport.sys
2018-04-10 17:28:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2018-04-08 16:41:47 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2018-04-08 16:41:39 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2018-04-08 16:41:39 ----A---- C:\WINDOWS\system32\drivers\MbamChameleon.sys
2018-04-08 16:41:39 ----A---- C:\WINDOWS\system32\drivers\farflt.sys
2018-04-08 16:41:31 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2018-04-01 19:26:54 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 month======

2018-04-28 14:13:11 ----D---- C:\WINDOWS\Prefetch
2018-04-28 14:13:05 ----D---- C:\Program Files
2018-04-28 14:11:44 ----D---- C:\WINDOWS\Temp
2018-04-28 14:07:20 ----D---- C:\Users\Markét\AppData\Roaming\Spotify
2018-04-28 13:57:30 ----D---- C:\WINDOWS\system32\drivers
2018-04-28 13:57:17 ----HD---- C:\ProgramData
2018-04-28 13:47:21 ----SHD---- C:\WINDOWS\Installer
2018-04-28 13:46:54 ----SHD---- C:\Config.Msi
2018-04-28 13:46:16 ----D---- C:\WINDOWS\system32\DriverStore
2018-04-28 13:46:16 ----D---- C:\WINDOWS\INF
2018-04-28 13:46:12 ----D---- C:\WINDOWS\system32\catroot2
2018-04-28 13:26:02 ----D---- C:\WINDOWS\system32\sru
2018-04-28 12:28:34 ----D---- C:\WINDOWS\system32\SleepStudy
2018-04-28 09:36:47 ----HD---- C:\Program Files\WindowsApps
2018-04-28 09:36:26 ----D---- C:\WINDOWS\AppReadiness
2018-04-28 09:30:48 ----D---- C:\WINDOWS\DeliveryOptimization
2018-04-28 09:21:57 ----D---- C:\WINDOWS\System32
2018-04-28 09:21:27 ----D---- C:\Windows
2018-04-27 22:53:00 ----D---- C:\WINDOWS\system32\config
2018-04-27 22:51:50 ----RD---- C:\WINDOWS\Microsoft.NET
2018-04-27 14:02:18 ----D---- C:\WINDOWS\system32\NDF
2018-04-27 13:30:39 ----D---- C:\Program Files\Opera
2018-04-27 13:30:38 ----D---- C:\WINDOWS\system32\Tasks
2018-04-27 13:12:29 ----D---- C:\WINDOWS\system32\LogFiles
2018-04-27 11:43:53 ----D---- C:\WINDOWS\LiveKernelReports
2018-04-26 18:35:42 ----D---- C:\WINDOWS\Logs
2018-04-22 14:02:31 ----SHD---- C:\System Volume Information
2018-04-22 13:00:07 ----D---- C:\WINDOWS\rescache
2018-04-20 21:20:46 ----D---- C:\WINDOWS\WinSxS
2018-04-19 18:11:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-17 22:35:02 ----SD---- C:\WINDOWS\SYSWOW64\F12
2018-04-17 22:35:02 ----D---- C:\WINDOWS\TextInput
2018-04-17 22:35:02 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-04-17 22:35:02 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-04-17 22:35:02 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-04-17 22:35:02 ----D---- C:\WINDOWS\SysWOW64
2018-04-17 22:34:52 ----SD---- C:\WINDOWS\system32\F12
2018-04-17 22:34:52 ----D---- C:\WINDOWS\system32\wbem
2018-04-17 22:34:52 ----D---- C:\WINDOWS\system32\oobe
2018-04-17 22:34:52 ----D---- C:\WINDOWS\system32\migration
2018-04-17 22:34:52 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-04-17 22:34:51 ----D---- C:\WINDOWS\system32\cs-CZ
2018-04-17 22:34:51 ----D---- C:\WINDOWS\system32\Boot
2018-04-17 22:34:51 ----D---- C:\WINDOWS\system32\appraiser
2018-04-17 22:34:32 ----D---- C:\WINDOWS\ShellExperiences
2018-04-17 22:34:28 ----D---- C:\WINDOWS\bcastdvr
2018-04-17 22:34:28 ----D---- C:\WINDOWS\apppatch
2018-04-17 22:34:28 ----D---- C:\Program Files (x86)\Internet Explorer
2018-04-17 22:34:27 ----D---- C:\Program Files\internet explorer
2018-04-17 22:34:18 ----D---- C:\WINDOWS\system32\CodeIntegrity
2018-04-17 10:48:26 ----D---- C:\WINDOWS\CbsTemp
2018-04-17 10:11:46 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-04-17 10:11:02 ----D---- C:\Program Files\Common Files\microsoft shared
2018-04-17 10:11:02 ----D---- C:\Program Files\Common Files
2018-04-17 10:09:14 ----AD---- C:\Program Files\Microsoft Office
2018-04-14 13:44:53 ----RD---- C:\Program Files (x86)
2018-04-13 16:12:55 ----D---- C:\WINDOWS\system32\MRT
2018-04-13 15:54:51 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-13 15:54:09 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-04-03 21:37:46 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2018-03-16 199440]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2018-03-16 343752]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2018-03-16 57680]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2018-04-10 84368]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2018-04-10 380528]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2016-07-29 1469952]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2015-06-26 88256]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2018-04-10 196640]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2018-03-16 227504]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2018-04-10 227784]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2018-04-10 111352]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2018-04-10 1026696]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2018-04-10 460520]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2015-05-08 20096]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-03-30 59808]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\WINDOWS\system32\drivers\mbae64.sys [2018-03-19 76192]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-03-30 8192]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2015-05-08 18048]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2018-04-13 147224]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2018-04-10 205976]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R2 MBAMChameleon;MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [2018-04-08 193768]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-09-29 43520]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2015-05-25 21816]
R3 AsusSGDrv;@oem53.inf,%AsusSGDrv.SvcDesc%;ASUS Touch Service; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [2015-12-18 141304]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw8x.sys [2017-09-29 4233728]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2015-07-29 601624]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2017-09-29 105472]
R3 bthl2cap;@bthl2cap.inf,%bthl2cap_desc%;Ovladač podpory protokolu Microsoft Bluetooth; C:\WINDOWS\system32\DRIVERS\bthl2cap.sys [2017-09-29 83968]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-09-29 78848]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2017-09-29 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2017-09-29 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-08-17 53752]
R3 dptf_pch;dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [2015-08-17 50696]
R3 esif_lf;esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [2015-08-17 261624]
R3 HIDSwitch;@oem26.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-08-19 27872]
R3 iaLPSS_GPIO;@oem61.inf,%iaLPSS_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Driver; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [2015-06-15 46856]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-11-30 7969760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-11-16 4655872]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [2018-04-28 253664]
R3 MEIx64;@oem46.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2015-07-28 184608]
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2017-02-14 111608]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [2016-09-12 13754936]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2017-09-29 189440]
R3 RSBASTOR;@oem33.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys [2015-06-03 313048]
R3 rt640x64;@oem55.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-15 887552]
R4 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys []
R4 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys []
R4 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
R4 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys []
R4 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys []
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2018-04-10 46968]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-03-13 1015296]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-09-29 122368]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-03-30 73120]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 IntcDAud;@oem60.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-05-12 481768]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-03-30 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 MBAMFarflt;MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [2018-04-22 112864]
S3 MBAMProtection;MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [2018-04-22 44768]
S3 MBAMWebProtection;MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [2018-04-22 102112]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-03-14 83768]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2015-12-14 126616]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe [2015-10-22 75264]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2015-07-29 323152]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2015-04-01 107320]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-04-10 313640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_348de;CDPUserSvc_348de; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-04-06 8522416]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 esifsvc;@oem57.inf,%ServiceDisplayName%;ESIF Upper Framework Service; C:\WINDOWS\SysWOW64\esif_uf.exe [2015-08-17 1385640]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-04-14 373312]
R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2017-08-27 135488]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-11-30 373728]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-08-07 207648]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-08-07 415520]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-03-27 6479136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2018-03-19 604312]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-08-01 1365048]
R2 OneSyncSvc_348de;OneSyncSvc_348de; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-03-01 519152]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-04-10 7603408]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-11-03 43648]
R3 Intel(R) Security Assist;Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-05-19 335872]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2018-03-25 673592]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 PimIndexMaintenanceSvc_348de;PimIndexMaintenanceSvc_348de; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-31 143144]
S2 isaHelperSvc;Intel(R) Security Assist Helper; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-05-19 7680]
S2 Kingsoft_WPS_UpdateService;WPS Office Update Service; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [2015-11-30 133480]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-11-30 301536]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-31 143144]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_348de;DevicesFlowUserSvc_348de; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-12-17 265808]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_348de;MessagingService_348de; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-04-06 262832]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_348de;PrintWorkflowUserSvc_348de; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu- Nimda

#2 Příspěvek od Conder »

Ahoj :)

:arrow: V akom umiestneni Avast hlasi tento malware?

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118271
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu logu- Nimda

#3 Příspěvek od Rudy »

Omluva za vstup. Prosím dávejte sem příspěvky z vašimi problémy pouze 1x. Nám to bohatě stačí. Kdo to má pak mazat?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Re: Prosím o kontrolu logu- Nimda

#4 Příspěvek od noora12 »

Omlouvám se za vložení problému víckrát. Stále se nic nedělo, tak jsem klikala a potom to tady bylo 4x. :D

Vždycky jsem malware vymazala, znovu jsem několikrát skenovala a až za nějakou dobu byl zpátky. Asi před hodinou jsem skenovala zase a zrovna teď avast nic nehlásil. Akorát v počítači jsem měla eset, neodinstalovala jsem ho před instalací avastu. A umístění Win32/Nimda bylo: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw
Eset jsem poté odinstalovala.

Přikládám log z adwcleaneru,ale po restartu se sám nespustil, takže posílám oba logy, které jsem našla v "soubory protokolu".



# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-11.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-28-2018
# Duration: 00:00:23
# OS: Windows 10 Home
# Scanned: 40609
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Program Files\WinZip\WinZip Smart Monitor

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-11.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-28-2018
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Not Deleted C:\Program Files\WinZip\WinZip Smart Monitor

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118271
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu logu- Nimda

#5 Příspěvek od Rudy »

OK. Někdy je třeba počkat, až se uvolní přístup. Stává se to tehdy, když je mnoho přístupů na server. Pro příště. :) Pokračovat bude pan kolega Conder, je to jeho thread.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu- Nimda

#6 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Re: Prosím o kontrolu logu- Nimda

#7 Příspěvek od noora12 »

V příloze jsou oba logy
Přílohy
logy.rar
(29.68 KiB) Staženo 53 x
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu- Nimda

#8 Příspěvek od Conder »

:arrow: Odinstaluj tieto programy:
  • HitmanPro 3.7
  • McAfee WebAdvisor
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw
File: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw
Folder: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-27] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2018-04-29 20:36 - 2018-04-29 20:36 - 000112640 _____ (forum.viry.cz) C:\Users\Markét\Downloads\Nepotvrzeno 799189.crdownload
2018-04-29 20:57 - 2018-03-09 16:08 - 000200477 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {D5D4C342-9C1E-4CDC-88E0-7EEF728B8E6C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Re: Prosím o kontrolu logu- Nimda

#9 Příspěvek od noora12 »

Po odkliknutí povolení aplikaci, aby prováděla změny, se v případě HitmanPro 3.7 nic neděje a odinstalace nejspíše neproběhla.

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Markét (02-05-2018 14:36:03) Run:1
Running from C:\Users\Markét\Desktop
Loaded Profiles: Markét (Available Profiles: Markét)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw
File: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw
Folder: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-27] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2018-04-29 20:36 - 2018-04-29 20:36 - 000112640 _____ (forum.viry.cz) C:\Users\Markét\Downloads\Nepotvrzeno 799189.crdownload
2018-04-29 20:57 - 2018-03-09 16:08 - 000200477 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {D5D4C342-9C1E-4CDC-88E0-7EEF728B8E6C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"VirusTotal: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw" => not found

========================= File: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw ========================

"C:\Program Files\ESET\ESET Security\Modules\em002_64\37197\em002_64.dll.raw" => not found
====== End of File: ======


========================= Folder: C:\Program Files\ESET\ESET Security\Modules\em002_64\37197 ========================

not found.

====== End of Folder: ======

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0" => removed successfully
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
ZAM_Guard => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
C:\Users\Markét\Downloads\Nepotvrzeno 799189.crdownload => moved successfully
C:\WINDOWS\ZAM_Guard.krnl.trace => moved successfully
"HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5D4C342-9C1E-4CDC-88E0-7EEF728B8E6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5D4C342-9C1E-4CDC-88E0-7EEF728B8E6C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 172923436 B
Java, Flash, Steam htmlcache => 1246 B
Windows/system/drivers => 293751644 B
Edge => 956194 B
Chrome => 784186351 B
Firefox => 0 B
Opera => 41116094 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 419840 B
NetworkService => 143636 B
Markét => 113727550 B

RecycleBin => 12316042 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-05-2018 14:40:13)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 14:40:13 ====
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu- Nimda

#10 Příspěvek od Conder »

:arrow: OK, vytvor a posli nove logy z FRST, docistime to este.

:arrow: Avast stale hlasi ten virus? Umiestnenie je stale rovnake alebo ine?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Re: Prosím o kontrolu logu- Nimda

#11 Příspěvek od noora12 »

Při poslední kontrole avast nic nehlásil.
Přílohy
logy.rar
(30.38 KiB) Staženo 51 x
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu- Nimda

#12 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

2018-04-28 13:57 - 2018-04-28 13:57 - 000000000 ____D C:\ProgramData\Norton
2018-05-02 14:37 - 2018-03-09 16:08 - 000001720 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-05-02 14:23 - 2017-07-26 17:49 - 000000000 ____D C:\ProgramData\McAfee
2018-05-02 14:16 - 2017-08-27 23:34 - 000000000 ____D C:\Program Files\HitmanPro
C:\ProgramData\HitmanPro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro37

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Re: Prosím o kontrolu logu- Nimda

#13 Příspěvek od noora12 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Markét (07-05-2018 13:58:48) Run:2
Running from C:\Users\Markét\Desktop
Loaded Profiles: Markét (Available Profiles: Markét)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

2018-04-28 13:57 - 2018-04-28 13:57 - 000000000 ____D C:\ProgramData\Norton
2018-05-02 14:37 - 2018-03-09 16:08 - 000001720 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-05-02 14:23 - 2017-07-26 17:49 - 000000000 ____D C:\ProgramData\McAfee
2018-05-02 14:16 - 2017-08-27 23:34 - 000000000 ____D C:\Program Files\HitmanPro
C:\ProgramData\HitmanPro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro37

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
C:\ProgramData\Norton => moved successfully
C:\WINDOWS\ZAM_Guard.krnl.trace => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Program Files\HitmanPro => moved successfully
C:\ProgramData\HitmanPro => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro37" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu- Nimda

#14 Příspěvek od Conder »

Vyzera to OK. Su este problemy s PC?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
noora12
Návštěvník
Návštěvník
Příspěvky: 23
Registrován: 28 dub 2018 13:06

Re: Prosím o kontrolu logu- Nimda

#15 Příspěvek od noora12 »

Avast už nic nehlásí.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“