Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zablokovaný přístup

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Wepa
Návštěvník
Návštěvník
Příspěvky: 47
Registrován: 12 úno 2009 14:31

Zablokovaný přístup

#1 Příspěvek od Wepa »

Při otevírání webových stránek eset hlásí zablokovaný přístup.
Adresa byla zablokována. URL adresa: https://s3.amazonaws.com/cashe-js/1c31e14cd0e143b215.js

Log RSIT:
Logfile of random's system information tool 1.16 (written by random/random)
Run by Roman at 2018-08-05 14:03:31
Microsoft Windows 10 Home
System drive C: has 156 GB (33%) free of 476 GB
Total RAM: 6108 MB (62% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:34, on 5. 8. 2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera_crashreporter.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
C:\Program Files\trend micro\Roman_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\[ProductDir]\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDF Architect 2 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\ws.exe
O23 - Service: PDF Architect 2 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: pdfforge CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 12557 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files (x86)\PDF Architect 2\ws.exe"
"C:\Program Files (x86)\PDF Architect 2\creator-ws.exe"
"C:\Program Files (x86)\PDF Architect 3\ws.exe"
"C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe"
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe"
"C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Program Files\Classic Shell\ClassicStartMenu.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe" -ServerName:App.AppX495fygk72hjw82j58ny5h3nr8hpsd8vs.mca
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\SysWOW64\rundll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
"C:\Program Files\ESET\[ProductDir]\egui.exe" /hide
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --ran-launcher --started-from-shortcut
"C:\Program Files (x86)\Opera\54.0.2952.64\opera_crashreporter.exe" --ran-launcher --started-from-shortcut --crash-reporter-parent-id=7200
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=gpu-process --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --service-request-channel-token=4740E4872BA1E8DAF676540A0E14E05C --mojo-platform-channel-handle=1912 --ignored=" --type=renderer " /prefetch:2
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=CC79D8A4FF951726FCBBF9A0DB78D569 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=CC79D8A4FF951726FCBBF9A0DB78D569 --renderer-client-id=3 --mojo-platform-channel-handle=2844 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=805088E5E080AAFDE86D150BE1CE6140 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=805088E5E080AAFDE86D150BE1CE6140 --renderer-client-id=4 --mojo-platform-channel-handle=2504 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=10ACC36F50D6BD0A08435117982CC771 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=10ACC36F50D6BD0A08435117982CC771 --renderer-client-id=5 --mojo-platform-channel-handle=2912 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=EB128DE21E5B4B41B896CC143EB589A5 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=EB128DE21E5B4B41B896CC143EB589A5 --renderer-client-id=6 --mojo-platform-channel-handle=2920 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=8B0EFE9CDCC87604D5B2A8D66CCA0057 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=8B0EFE9CDCC87604D5B2A8D66CCA0057 --renderer-client-id=7 --mojo-platform-channel-handle=2928 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=BB069DDABF2027B256C45ACD1E55D5BF --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=BB069DDABF2027B256C45ACD1E55D5BF --renderer-client-id=8 --mojo-platform-channel-handle=2936 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=E519D23082A81F24A2FF5D60EB71C3EB --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=E519D23082A81F24A2FF5D60EB71C3EB --renderer-client-id=18 --mojo-platform-channel-handle=5416 /prefetch:1
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=25104CBD6D033ECF3502F3FA6D3F8D35 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=25104CBD6D033ECF3502F3FA6D3F8D35 --renderer-client-id=23 --mojo-platform-channel-handle=5676 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=57D596446C084EA3EDC0A7FA0C7E25C7 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=57D596446C084EA3EDC0A7FA0C7E25C7 --renderer-client-id=24 --mojo-platform-channel-handle=6340 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=C536D80CF3B4F047785EB18146C8DC72 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=C536D80CF3B4F047785EB18146C8DC72 --renderer-client-id=13 --mojo-platform-channel-handle=6592 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=C374B6A2606934F8E5803F8939FA67A8 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=C374B6A2606934F8E5803F8939FA67A8 --renderer-client-id=16 --mojo-platform-channel-handle=6192 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=1FA9B12AFAAA0E0F2EC5DABD1DCAFCA1 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=1FA9B12AFAAA0E0F2EC5DABD1DCAFCA1 --renderer-client-id=21 --mojo-platform-channel-handle=7480 /prefetch:1
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=1F20980A3D01954F03F8BEB49EE5BBD8 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=1F20980A3D01954F03F8BEB49EE5BBD8 --renderer-client-id=20 --mojo-platform-channel-handle=7968 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=C196A0A16F565E292BD5B0FDA20C29F2 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=C196A0A16F565E292BD5B0FDA20C29F2 --renderer-client-id=11 --mojo-platform-channel-handle=9292 /prefetch:1
"C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe" --type=renderer --field-trial-handle=1896,18295799241690313716,13641522600244557125,131072 --disable-features=SharedArrayBuffer --service-pipe-token=17D921B786C3E823BB58338EC569D95A --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --crash-reporter-pid=7300 --device-scale-factor=1.25 --num-raster-threads=1 --service-request-channel-token=17D921B786C3E823BB58338EC569D95A --renderer-client-id=19 --mojo-platform-channel-handle=6028 /prefetch:1
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Program Files\CCleaner\CCleaner64.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\AUDIODG.EXE 0x494
"C:\Users\Roman\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
C:\WINDOWS\system32\tasks\AceUtilsSkipUAC - C:\Program Files\Ace Utilities\au.exe $(Arg0)
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe -check plugin
C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AVGPCTuneUp_Task_BkGndMaintenance - C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe $(Arg0)
C:\WINDOWS\system32\tasks\CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\CreateChoiceProcessTask - C:\Windows\BrowserChoice\browserchoice.exe /launch
C:\WINDOWS\system32\tasks\GMHSkipUAC - C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe $(Arg0)
C:\WINDOWS\system32\tasks\GU5SkipUAC - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe $(Arg0)
C:\WINDOWS\system32\tasks\Java Platform SE Auto Updater - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task-S-1-5-21-828468138-3933834695-3482244090-1003 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1414339856 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\Program k provádění aktualizací online Adobe - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013 - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe $(Arg0)
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{3EC875A3-6FDE-4D94-B13E-E0D15B0C448F} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{C00F2A41-2233-4EAF-AEDF-CA156C0EFD9F} - C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Roman\Desktop\Stara kalkulacka pro Windows 10.exe" -d C:\Users\Roman\Desktop
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Recovery-Check - %SystemRoot%\System32\dsregcmd.exe /checkrecovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Retry Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr - %windir%\System32\UNP\UpdateNotificationMgr.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\HeadsetButtonPress - %windir%\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\WINDOWS\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\LoginCheck - %windir%\system32\sc.exe start pushtoinstall login
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\Registration - %windir%\system32\sc.exe start pushtoinstall registration
C:\WINDOWS\system32\tasks\Microsoft\Windows\Printing\EduPrintProv - %windir%\system32\eduprintprov.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\HelloFace\FODCleanupTask - %WinDir%\System32\WinBioPlugIns\FaceFodUninstaller.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\DirectX\DXGIAdapterCache - %windir%\system32\dxgiadaptercache.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Chkdsk\SyspartRepair - %windir%\system32\bcdboot.exe %windir% /sysrepair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Google Chrome=========

C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30 883160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30 550360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-09-17 38112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2013-10-21 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30 759768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-25 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-25 194424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30 505816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30 883160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2013-10-21 520192]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-09-17 517344]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30 759768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11 13776088]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2016-07-30 163800]
"egui"=C:\Program Files\ESET\[ProductDir]\ecmds.exe [2018-07-28 178504]
"Cm108Sound"=C:\WINDOWS\syswow64\RunDll32.exe [2018-04-12 61952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"=C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [2018-07-23 43984]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-07-20 18534016]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-08-05 12:39:52 ----A---- C:\WINDOWS\ntbtlog.txt
2018-08-05 10:33:03 ----D---- C:\ProgramData\Start Menu
2018-07-26 18:26:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2018-07-12 07:57:26 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2018-07-11 08:51:27 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2018-07-10 22:43:29 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:43:28 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-10 22:43:25 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-07-10 22:43:21 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-07-10 22:43:18 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 22:43:09 ----A---- C:\WINDOWS\system32\shell32.dll
2018-07-10 22:43:07 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-07-10 22:43:06 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 22:43:04 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-07-10 22:43:04 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-07-10 22:43:01 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-07-10 22:42:58 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-07-10 22:42:58 ----A---- C:\WINDOWS\system32\cdp.dll
2018-07-10 22:42:58 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 22:42:57 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-07-10 22:42:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 22:42:53 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-10 22:42:53 ----A---- C:\WINDOWS\system32\mos.dll
2018-07-10 22:42:53 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-07-10 22:42:52 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-07-10 22:42:50 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-07-10 22:42:50 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 22:42:49 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-07-10 22:42:49 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 22:42:49 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2018-07-10 22:42:48 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2018-07-10 22:42:48 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-07-10 22:42:48 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2018-07-10 22:42:47 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-10 22:42:47 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-10 22:42:46 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-07-10 22:42:46 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-07-10 22:42:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-07-10 22:42:45 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2018-07-10 22:42:45 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-07-10 22:42:43 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-07-10 22:42:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-07-10 22:42:40 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-10 22:42:40 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-10 22:42:39 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2018-07-10 22:42:39 ----A---- C:\WINDOWS\system32\wininet.dll
2018-07-10 22:42:39 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-07-10 22:42:39 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-07-10 22:42:39 ----A---- C:\WINDOWS\system32\aepic.dll
2018-07-10 22:42:39 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-07-10 22:42:38 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-07-10 22:42:38 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-07-10 22:42:38 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-10 22:42:38 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-07-10 22:42:37 ----A---- C:\WINDOWS\system32\smartscreen.exe
2018-07-10 22:42:37 ----A---- C:\WINDOWS\explorer.exe
2018-07-10 22:42:36 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-07-10 22:42:36 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-07-10 22:42:35 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-07-10 22:42:35 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-07-10 22:42:35 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-07-10 22:42:34 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2018-07-10 22:42:34 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-07-10 22:42:34 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-07-10 22:42:33 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-07-10 22:42:33 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-07-10 22:42:33 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-10 22:42:32 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-07-10 22:42:32 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-07-10 22:42:31 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-07-10 22:42:30 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-07-10 22:42:30 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-07-10 22:42:30 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2018-07-10 22:42:30 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-07-10 22:42:29 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-07-10 22:42:29 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-07-10 22:42:28 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-07-10 22:42:28 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-07-10 22:42:28 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 22:42:28 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-10 22:42:28 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-07-10 22:42:28 ----A---- C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-10 22:42:27 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-07-10 22:42:27 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-07-10 22:42:27 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-07-10 22:42:26 ----A---- C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 22:42:26 ----A---- C:\WINDOWS\system32\usocore.dll
2018-07-10 22:42:26 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 22:42:25 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 22:42:25 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-07-10 22:42:25 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-07-10 22:42:24 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-07-10 22:42:24 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 22:42:24 ----A---- C:\WINDOWS\system32\ole32.dll
2018-07-10 22:42:24 ----A---- C:\WINDOWS\system32\mfplat.dll
2018-07-10 22:42:24 ----A---- C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 22:42:23 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2018-07-10 22:42:23 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2018-07-10 22:42:23 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 22:42:23 ----A---- C:\WINDOWS\system32\invagent.dll
2018-07-10 22:42:23 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-07-10 22:42:22 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-07-10 22:42:22 ----A---- C:\WINDOWS\system32\NotificationController.dll
2018-07-10 22:42:22 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-07-10 22:42:21 ----A---- C:\WINDOWS\system32\wsp_health.dll
2018-07-10 22:42:21 ----A---- C:\WINDOWS\system32\devinv.dll
2018-07-10 22:42:21 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 22:42:21 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-07-10 22:42:20 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2018-07-10 22:42:20 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-10 22:42:18 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-07-10 22:42:18 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-07-10 22:42:17 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 22:42:17 ----A---- C:\WINDOWS\system32\mf.dll
2018-07-10 22:42:16 ----A---- C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-10 22:42:16 ----A---- C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 22:42:16 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-07-10 22:42:16 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-07-10 22:42:16 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-07-10 22:42:15 ----A---- C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 22:42:15 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 22:42:14 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 22:42:12 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-07-10 22:42:12 ----A---- C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-10 22:42:11 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-07-10 22:42:10 ----A---- C:\WINDOWS\system32\edgeangle.dll
2018-07-10 22:42:10 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-07-10 22:42:09 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-10 22:42:09 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 22:42:08 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-07-10 22:42:08 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2018-07-10 22:42:08 ----A---- C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 22:42:07 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-07-10 22:42:06 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2018-07-10 22:42:06 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-07-10 22:42:06 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-07-10 22:42:06 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-10 22:42:06 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-07-10 22:42:05 ----A---- C:\WINDOWS\system32\winmde.dll
2018-07-10 22:42:05 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-07-10 22:42:05 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-10 22:42:05 ----A---- C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-10 22:42:05 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-07-10 22:42:05 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 22:42:04 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-07-10 22:42:04 ----A---- C:\WINDOWS\system32\wuapi.dll
2018-07-10 22:42:04 ----A---- C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-10 22:42:04 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-10 22:42:03 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2018-07-10 22:42:03 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-07-10 22:42:03 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-07-10 22:42:03 ----A---- C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:42:02 ----A---- C:\WINDOWS\SYSWOW64\ContentDeliveryManager.Utilities.dll
2018-07-10 22:42:02 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-07-10 22:42:02 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-10 22:42:02 ----A---- C:\WINDOWS\system32\mfds.dll
2018-07-10 22:42:02 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-07-10 22:42:01 ----A---- C:\WINDOWS\SYSWOW64\WMVCORE.DLL
2018-07-10 22:42:01 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-07-10 22:42:01 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-07-10 22:42:01 ----A---- C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-10 22:42:01 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-10 22:42:01 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-07-10 22:42:00 ----RSH---- C:\WINDOWS\fonts\StaticCache.dat
2018-07-10 22:42:00 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-10 22:42:00 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-07-10 22:42:00 ----A---- C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 22:41:59 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-07-10 22:41:59 ----A---- C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-10 22:41:59 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 22:41:59 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\SYSWOW64\mfds.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\system32\Windows.Networking.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-07-10 22:41:58 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 22:41:57 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 22:41:57 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-07-10 22:41:57 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 22:41:57 ----A---- C:\WINDOWS\system32\provengine.dll
2018-07-10 22:41:57 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-07-10 22:41:56 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-07-10 22:41:56 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-07-10 22:41:56 ----A---- C:\WINDOWS\system32\schannel.dll
2018-07-10 22:41:56 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-07-10 22:41:55 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-07-10 22:41:55 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Audio.dll
2018-07-10 22:41:55 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 22:41:55 ----A---- C:\WINDOWS\system32\winload.exe
2018-07-10 22:41:55 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-07-10 22:41:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Input.Inking.dll
2018-07-10 22:41:54 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-07-10 22:41:54 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-07-10 22:41:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2018-07-10 22:41:53 ----A---- C:\WINDOWS\SYSWOW64\evr.dll
2018-07-10 22:41:53 ----A---- C:\WINDOWS\system32\evr.dll
2018-07-10 22:41:52 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-07-10 22:41:51 ----A---- C:\WINDOWS\SYSWOW64\wsp_health.dll
2018-07-10 22:41:51 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-07-10 22:41:51 ----A---- C:\WINDOWS\system32\drivers\storport.sys
2018-07-10 22:41:51 ----A---- C:\WINDOWS\system32\clusapi.dll
2018-07-10 22:41:51 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-07-10 22:41:50 ----A---- C:\WINDOWS\system32\winresume.exe
2018-07-10 22:41:50 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-07-10 22:41:50 ----A---- C:\WINDOWS\system32\kerberos.dll
2018-07-10 22:41:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.PointOfService.dll
2018-07-10 22:41:49 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-07-10 22:41:49 ----A---- C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\mfps.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-07-10 22:41:48 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-07-10 22:41:47 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-10 22:41:46 ----A---- C:\WINDOWS\SYSWOW64\wsp_fs.dll
2018-07-10 22:41:46 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 22:41:46 ----A---- C:\WINDOWS\system32\ExecModelClient.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\SYSWOW64\ncryptsslp.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\wow64.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-07-10 22:41:45 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-07-10 22:41:44 ----A---- C:\WINDOWS\SYSWOW64\MFCaptureEngine.dll
2018-07-10 22:41:44 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2018-07-10 22:41:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-07-10 22:41:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.dll
2018-07-10 22:41:43 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2018-07-10 22:41:43 ----A---- C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 22:41:43 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 22:41:43 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2018-07-10 22:41:43 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-07-10 22:41:43 ----A---- C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-10 22:41:42 ----A---- C:\WINDOWS\SYSWOW64\BioCredProv.dll
2018-07-10 22:41:42 ----A---- C:\WINDOWS\system32\wpdbusenum.dll
2018-07-10 22:41:42 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-07-10 22:41:42 ----A---- C:\WINDOWS\system32\resutils.dll
2018-07-10 22:41:42 ----A---- C:\WINDOWS\system32\drivers\xboxgip.sys
2018-07-10 22:41:42 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2018-07-10 22:41:42 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-07-10 22:41:42 ----A---- C:\WINDOWS\HelpPane.exe
2018-07-10 22:41:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-07-10 22:41:41 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-07-10 22:41:41 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-07-10 22:41:41 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-07-10 22:41:41 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-07-10 22:41:41 ----A---- C:\WINDOWS\system32\dsreg.dll
2018-07-10 22:41:41 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2018-07-10 22:41:41 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2018-07-10 22:41:41 ----A---- C:\WINDOWS\system32\cloudAP.dll
2018-07-10 22:41:40 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2018-07-10 22:41:40 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-07-10 22:41:40 ----A---- C:\WINDOWS\system32\VideoHandlers.dll
2018-07-10 22:41:40 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-10 22:41:40 ----A---- C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-10 22:41:40 ----A---- C:\WINDOWS\system32\ncryptsslp.dll
2018-07-10 22:41:40 ----A---- C:\WINDOWS\system32\AcLayers.dll
2018-07-10 22:41:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Gaming.Input.dll
2018-07-10 22:41:39 ----A---- C:\WINDOWS\SYSWOW64\RESAMPLEDMO.DLL
2018-07-10 22:41:39 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-07-10 22:41:39 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-07-10 22:41:39 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-07-10 22:41:38 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2018-07-10 22:41:38 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-07-10 22:41:38 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-07-10 22:41:38 ----A---- C:\WINDOWS\system32\drivers\volmgr.sys
2018-07-10 22:41:37 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-07-10 22:41:37 ----A---- C:\WINDOWS\system32\provhandlers.dll
2018-07-10 22:41:37 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 22:41:37 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-10 22:41:37 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 22:41:37 ----A---- C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-10 22:41:37 ----A---- C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 22:41:36 ----A---- C:\WINDOWS\system32\dmcertinst.exe
2018-07-10 22:41:35 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-07-10 22:41:35 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-10 22:41:35 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 22:41:35 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 22:41:34 ----A---- C:\WINDOWS\SYSWOW64\ExecModelClient.dll
2018-07-10 22:41:34 ----A---- C:\WINDOWS\system32\DTUHandler.exe
2018-07-10 22:41:34 ----A---- C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
2018-07-10 22:41:34 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-10 22:41:32 ----A---- C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 22:41:32 ----A---- C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 22:41:32 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-07-10 22:41:32 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-10 22:41:31 ----A---- C:\WINDOWS\system32\psmsrv.dll
2018-07-10 22:41:31 ----A---- C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-10 22:41:30 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 22:41:29 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-07-10 22:41:29 ----A---- C:\WINDOWS\SYSWOW64\AcLayers.dll
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\drivers\storufs.sys
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-07-10 22:41:29 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 22:41:28 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-07-10 22:41:28 ----A---- C:\WINDOWS\SYSWOW64\fwpolicyiomgr.dll
2018-07-10 22:41:28 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2018-07-10 22:41:28 ----A---- C:\WINDOWS\system32\provisioningcsp.dll
2018-07-10 22:41:28 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 22:41:28 ----A---- C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-10 22:41:28 ----A---- C:\WINDOWS\system32\drivers\dfsc.sys
2018-07-10 22:41:27 ----A---- C:\WINDOWS\SYSWOW64\tokenbinding.dll
2018-07-10 22:41:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Sensors.dll
2018-07-10 22:41:26 ----A---- C:\WINDOWS\SYSWOW64\clusapi.dll
2018-07-10 22:41:26 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-07-10 22:41:25 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-07-10 22:41:25 ----A---- C:\WINDOWS\SYSWOW64\CredProv2faHelper.dll
2018-07-10 22:41:25 ----A---- C:\WINDOWS\system32\smartscreenps.dll
2018-07-10 22:41:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:41:24 ----A---- C:\WINDOWS\SYSWOW64\resutils.dll
2018-07-10 22:41:24 ----A---- C:\WINDOWS\SYSWOW64\perfnet.dll
2018-07-10 22:41:24 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-07-10 22:41:24 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 22:41:24 ----A---- C:\WINDOWS\system32\shdocvw.dll
2018-07-10 22:41:23 ----A---- C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 22:41:23 ----A---- C:\WINDOWS\system32\perfnet.dll
2018-07-10 22:41:23 ----A---- C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 22:41:23 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-10 22:41:23 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2018-07-10 22:41:22 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-07-10 22:41:22 ----A---- C:\WINDOWS\system32\untfs.dll
2018-07-10 22:41:21 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys
2018-07-10 22:41:20 ----A---- C:\WINDOWS\SYSWOW64\untfs.dll
2018-07-10 22:41:20 ----A---- C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 22:41:19 ----A---- C:\WINDOWS\SYSWOW64\FirewallAPI.dll
2018-07-10 22:41:19 ----A---- C:\WINDOWS\system32\DsmUserTask.exe
2018-07-10 22:41:19 ----A---- C:\WINDOWS\system32\autochk.exe
2018-07-10 22:41:19 ----A---- C:\WINDOWS\system32\autofmt.exe
2018-07-10 22:41:18 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-07-10 22:41:18 ----A---- C:\WINDOWS\SYSWOW64\autochk.exe
2018-07-10 22:41:18 ----A---- C:\WINDOWS\SYSWOW64\autofmt.exe
2018-07-10 22:41:17 ----A---- C:\WINDOWS\system32\QuietHours.dll
2018-07-10 22:41:16 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-10 22:41:16 ----A---- C:\WINDOWS\system32\autoconv.exe
2018-07-10 22:41:15 ----A---- C:\WINDOWS\system32\updatecsp.dll
2018-07-10 22:41:14 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-07-10 22:41:14 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2018-07-10 22:41:14 ----A---- C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-10 22:41:13 ----A---- C:\WINDOWS\SYSWOW64\autoconv.exe
2018-07-10 22:41:12 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2018-07-10 22:41:11 ----A---- C:\WINDOWS\SYSWOW64\mcbuilder.exe
2018-07-10 22:41:11 ----A---- C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 22:41:11 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-10 22:41:10 ----A---- C:\WINDOWS\SYSWOW64\shdocvw.dll
2018-07-10 22:41:10 ----A---- C:\WINDOWS\system32\drivers\mpsdrv.sys
2018-07-10 22:41:10 ----A---- C:\WINDOWS\system32\credprovhost.dll
2018-07-10 22:41:10 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-10 22:41:09 ----A---- C:\WINDOWS\SYSWOW64\credprovhost.dll
2018-07-10 22:41:08 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-07-10 22:41:08 ----A---- C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 22:41:07 ----A---- C:\WINDOWS\SYSWOW64\dsreg.dll
2018-07-10 22:41:07 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 22:41:07 ----A---- C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-10 22:41:07 ----A---- C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-10 22:41:06 ----A---- C:\WINDOWS\SYSWOW64\smartscreenps.dll
2018-07-10 22:41:06 ----A---- C:\WINDOWS\system32\wlansvcpal.dll
2018-07-10 22:41:05 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-07-10 22:41:05 ----A---- C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 22:41:05 ----A---- C:\WINDOWS\system32\MosStorage.dll
2018-07-10 22:41:05 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-07-10 22:41:05 ----A---- C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-10 22:41:05 ----A---- C:\WINDOWS\system32\autopilot.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\nativemap.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\moshost.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 22:41:04 ----A---- C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-10 22:41:03 ----A---- C:\WINDOWS\SYSWOW64\NmaDirect.dll
2018-07-10 22:41:03 ----A---- C:\WINDOWS\system32\winlogon.exe
2018-07-10 22:41:03 ----A---- C:\WINDOWS\system32\ubpm.dll
2018-07-10 22:41:03 ----A---- C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 22:41:03 ----A---- C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 22:41:02 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 22:41:02 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 22:40:58 ----A---- C:\WINDOWS\system32\srms.dat

====== List of files/folders modified in the last 1 month ======

2018-08-05 14:03:33 ----D---- C:\Program Files\trend micro
2018-08-05 14:01:48 ----D---- C:\WINDOWS\Temp
2018-08-05 13:58:22 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-08-05 13:58:00 ----D---- C:\WINDOWS\Prefetch
2018-08-05 13:56:38 ----D---- C:\WINDOWS\system32\wbem
2018-08-05 13:56:38 ----D---- C:\Windows
2018-08-05 13:32:43 ----D---- C:\WINDOWS\registration
2018-08-05 13:27:29 ----D---- C:\WINDOWS\system32\sru
2018-08-05 13:25:19 ----SHD---- C:\System Volume Information
2018-08-05 13:22:37 ----D---- C:\WINDOWS\Logs
2018-08-05 13:06:07 ----D---- C:\Users\Roman\AppData\Roaming\XnView
2018-08-05 12:42:42 ----D---- C:\AdwCleaner
2018-08-05 12:40:02 ----D---- C:\WINDOWS\Tasks
2018-08-05 12:15:03 ----D---- C:\WINDOWS\AppReadiness
2018-08-05 12:12:38 ----HD---- C:\ProgramData
2018-08-05 12:12:33 ----RD---- C:\Program Files
2018-08-05 11:35:01 ----D---- C:\WINDOWS\system32\drivers
2018-08-05 11:32:03 ----D---- C:\WINDOWS\system32\Tasks
2018-08-05 11:31:58 ----D---- C:\WINDOWS\System32
2018-08-05 10:57:25 ----D---- C:\WINDOWS\system32\SleepStudy
2018-08-05 09:28:57 ----D---- C:\WINDOWS\SoftwareDistribution
2018-08-05 09:14:36 ----D---- C:\Program Files (x86)\Glary Utilities 5
2018-08-05 09:14:25 ----AD---- C:\ProgramData\TEMP
2018-08-05 09:10:59 ----D---- C:\WINDOWS\debug
2018-08-05 08:50:19 ----HD---- C:\Program Files\WindowsApps
2018-08-05 08:47:55 ----D---- C:\WINDOWS\system32\LogFiles
2018-08-05 01:41:30 ----RD---- C:\WINDOWS\Microsoft.NET
2018-08-04 13:57:29 ----D---- C:\Users\Roman\AppData\Roaming\vlc
2018-07-31 09:03:36 ----AD---- C:\Program Files (x86)\Opera
2018-07-29 23:20:25 ----D---- C:\WINDOWS\INF
2018-07-28 09:25:31 ----D---- C:\WINDOWS\system32\catroot2
2018-07-28 09:23:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-07-27 21:10:18 ----D---- C:\Users\Roman\AppData\Roaming\MyPhoneExplorer
2018-07-25 21:06:08 ----D---- C:\WINDOWS\LiveKernelReports
2018-07-25 21:03:19 ----SHD---- C:\WINDOWS\Installer
2018-07-25 21:03:17 ----D---- C:\Program Files (x86)\Java
2018-07-25 21:03:16 ----D---- C:\WINDOWS\SysWOW64
2018-07-25 21:03:16 ----D---- C:\Program Files (x86)\Common Files
2018-07-25 21:01:29 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2018-07-18 19:39:33 ----AD---- C:\Program Files (x86)\Mp3tag
2018-07-18 19:38:12 ----D---- C:\Users\Roman\AppData\Roaming\Mp3tag
2018-07-18 08:52:42 ----D---- C:\WINDOWS\system32\config
2018-07-17 21:51:24 ----D---- C:\ProgramData\Packages
2018-07-17 19:44:30 ----D---- C:\WINDOWS\WinSxS
2018-07-12 07:57:33 ----D---- C:\WINDOWS\system32\Macromed
2018-07-12 07:57:27 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-07-11 09:26:09 ----RD---- C:\WINDOWS\assembly
2018-07-11 08:55:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 08:49:52 ----AD---- C:\Program Files\SUPERAntiSpyware
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-07-11 00:58:48 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-07-11 00:58:47 ----D---- C:\WINDOWS\system32\zu-ZA
2018-07-11 00:58:47 ----D---- C:\WINDOWS\system32\yo-NG
2018-07-11 00:58:47 ----D---- C:\WINDOWS\system32\xh-ZA
2018-07-11 00:58:47 ----D---- C:\WINDOWS\system32\wo-SN
2018-07-11 00:58:47 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\tn-ZA
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\ti-ET
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 00:58:46 ----D---- C:\WINDOWS\system32\rw-RW
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\nso-ZA
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\migration
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\ig-NG
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\cs-CZ
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 00:58:36 ----D---- C:\WINDOWS\system32\appraiser
2018-07-11 00:58:35 ----D---- C:\WINDOWS\ShellExperiences
2018-07-11 00:58:34 ----RSD---- C:\WINDOWS\Fonts
2018-07-11 00:58:34 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-07-11 00:58:34 ----D---- C:\WINDOWS\bcastdvr
2018-07-11 00:58:34 ----D---- C:\WINDOWS\apppatch
2018-07-11 00:58:32 ----D---- C:\WINDOWS\system32\Boot
2018-07-10 23:01:33 ----D---- C:\WINDOWS\CbsTemp
2018-07-10 23:00:32 ----D---- C:\WINDOWS\system32\MRT
2018-07-10 22:57:51 ----AC---- C:\WINDOWS\system32\MRT.exe

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2018-07-28 109920]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-04-12 58272]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-07-28 143624]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-07-28 196112]
R1 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2018-07-28 82816]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-07-28 110376]
R1 GUBootStartup;GUBootStartup; \??\C:\WINDOWS\System32\drivers\GUBootStartup.sys [2018-07-10 28936]
R1 GUSBootStartup;GUSBootStartup; \??\C:\WINDOWS\System32\drivers\GUSBootStartup.sys [2017-06-20 20160]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-04-12 414208]
R2 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [2018-07-28 50144]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
R3 AtiHDAudioService;@oem128.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2015-05-28 102912]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2018-04-12 604160]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-02-19 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-04-12 128416]
S1 EpfwLWF;ESET Personal Firewall; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2016-11-15 61568]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-04-12 92056]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
S3 dg_ssudbus;@oem139.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 GUMHFilters;GUMHFilters; \??\C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [2017-05-19 41272]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-04-12 73632]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 HyperVideo;HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [2018-04-12 28672]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [2018-08-02 253664]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2018-04-12 197632]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys [2013-12-06 18456]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2018-06-15 1921944]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;@oem73.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2017-02-11 173472]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-16 255472]
R2 CDPUserSvc_403d7;Uživatelská služba platformy připojených zařízení_403d7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\[ProductDir]\ekrn.exe [2018-07-28 2330224]
R2 NAUpdate;Nero Update; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
R2 OneSyncSvc_403d7;Hostitel synchronizace_403d7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 PDF Architect 2 Creator;PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [2014-10-10 738856]
R2 PDF Architect 2;PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [2014-10-10 1771560]
R2 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-09-17 964832]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-09-17 767712]
R2 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-09-17 2244832]
R2 pdfforge CrashHandler;pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [2014-10-10 861736]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-06 662232]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-06-15 761440]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; %SystemRoot%\system32\svchost.exe -k appmodel -p;"ServiceDll" = %SystemRoot%\system32\CapabilityAccessManager.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; %SystemRoot%\system32\svchost.exe -k BcastDVRUserService;"ServiceDll" = %SystemRoot%\System32\BcastDVRUserService.dll
S3 BcastDVRUserService_403d7;Uživatelská služba pro GameDVR a vysílání her_403d7; C:\WINDOWS\system32\svchost.exe -k BcastDVRUserService;"ServiceDll" =
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; %SystemRoot%\system32\svchost.exe -k BthAppGroup;"ServiceDll" = %SystemRoot%\System32\Microsoft.Bluetooth.UserService.dll
S3 BluetoothUserService_403d7;Služba pro podporu uživatelů Bluetooth_403d7; C:\WINDOWS\system32\svchost.exe -k BthAppGroup;"ServiceDll" =
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\BTAGService.dll
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\System32\BthAvctpSvc.dll
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\Windows.Devices.Picker.dll
S3 DevicePickerUserSvc_403d7;DevicePicker_403d7; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_403d7;Tok zařízení_403d7; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k diagnostics;"ServiceDll" = %systemroot%\system32\DiagSvc.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-14 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup;"ServiceDll" = %SystemRoot%\System32\GraphicsPerfSvc.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\InstallService.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\LanguageOverlayServer.dll
S3 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-05-09 6541008]
S3 MessagingService_403d7;Služba zasílání zpráv_403d7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PimIndexMaintenanceSvc_403d7;Data kontaktů_403d7; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; %SystemRoot%\system32\svchost.exe -k PrintWorkflow;"ServiceDll" = %SystemRoot%\System32\PrintWorkflowService.dll
S3 PrintWorkflowUserSvc_403d7;PrintWorkflow_403d7; C:\WINDOWS\system32\svchost.exe -k PrintWorkflow;"ServiceDll" =
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\PushToInstall.dll
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\System32\SharedRealitySvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zablokovaný přístup

#2 Příspěvek od Rudy »

Zdravím!
ESET tuto stránku blokuje patrně pro škodlivý Javascript. Takže je to OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět