Prilis pomaly notebook, velke vyuziti procesoru a disku

[Radek04]

DObrý den, prosil bych o kontrolu logu. MOc děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by kasa at 2019-07-05 21:28:17
Microsoft Windows 10 Home
System drive C: has 388 GB (84%) free of 461 GB
Total RAM: 3938 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:28:43, on 05.07.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
C:\Users\kasa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe
C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe
C:\Program Files\trend micro\kasa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [isa] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O4 - HKLM\..\Run: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\kasa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Startup: CMS.lnk = C:\Program Files (x86)\CMS\CMS.exe
O4 - Startup: Uninstall CMS.lnk = C:\Program Files (x86)\CMS\uninstall.exe
O4 - Global Startup: Select a coupon.lnk = ?
O4 - Global Startup: TM-T88V Utility(Automatic Restore).lnk = C:\Program Files (x86)\EPSON\TM-T88V Software\TM88VUTL\TMRestoreApp.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EPSON Device Control Log Service (EPSON_Device_Control_Log_Service) - SEIKO EPSON CORPORATION - C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
O23 - Service: EPSON Port Communication Service (EPSON_Port_Communication_Service) - SEIKO EPSON CORPORATION - C:\Program Files\epson\portcommunicationservice\PCSVC.exe
O23 - Service: @oem28.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Avast SecureLine (SecureLine) - Unknown owner - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 12247 bytes

======Listing Processes======








winlogon.exe

C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-25752f07-4e16-424c-ba7e-c7adc980785d -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cfdbaa4a-9a90-402f-9bf6-4880c185406d -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-68373045-bda2-4785-b8e0-3a7a468b4cb2 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-1d9dd659-6b1e-431a-8a1b-b350040a763d -LifetimeId:c308c39e-4804-496e-890b-6eeee07776df -DeviceGroupId:
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
dashost.exe {f5151e8c-2856-4b40-b3a3da159f3bcfdd}
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes

C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc

C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\system32\WLANExt.exe 1723811218368
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe"
C:\WINDOWS\SysWOW64\esif_uf.exe
"C:\Program Files\epson\portcommunicationservice\PCSVC.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe"
"C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService

c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
"C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
"C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
igfxEM.exe
igfxHK.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\kasa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"C:\Program Files\AVAST Software\SecureLine\SecureLine.exe" /nogui
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --capture-python --no-identify-client-via-url --database=C:\Users\kasa\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=host_int_account1_boot=37698606032 --annotation=machine_id=dc364a9b-a150-4b06-9d26-dc707e044a06 --annotation=platform=win "--annotation=platform_version=10 1803" --initial-client-data=0x230,0x234,0x238,0x22c,0x23c,0x724c1560,0x724c1588,0x724c1570
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -method:collectupload -session-token:30db9acb-07f0-47ea-89af-1274713fab21 -target-handle:544 -target-shutdown-event:572 -target-restart-event:556 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:3.7.2 -handler-pipe:\\.\pipe\crashpad_2704_VVTHRZYFYJXZTTDV
c:\windows\system32\svchost.exe -k netsvcs -p
"c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=3504601928755264113 --lang=cs --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=3504601928755264113 --renderer-client-id=2 --mojo-platform-channel-handle=3756 /prefetch:1
"C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=4617670046365891003 --lang=cs --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4617670046365891003 --renderer-client-id=3 --mojo-platform-channel-handle=5492 /prefetch:1
"C:\Program Files\rempl\sedsvc.exe"

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\kasa\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\kasa\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\kasa\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x1bc,0x1c0,0x1c4,0x1b8,0x1c8,0x7fffa1663ef8,0x7fffa1663f08,0x7fffa1663f18
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1296 --on-initialized-event-handle=636 --parent-handle=640 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1652,1595613606605375508,3599874674706678397,131072 --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13923251059967823896 --mojo-platform-channel-handle=1660 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1652,1595613606605375508,3599874674706678397,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=14872661275160375303 --mojo-platform-channel-handle=1928 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,1595613606605375508,3599874674706678397,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16125434043234714344 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,1595613606605375508,3599874674706678397,131072 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14567168113259865933 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
"C:\Users\kasa\AppData\Local\Google\Chrome\User Data\SwReporter\42.206.200.3\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=eQLKBPiruBHjgJJzK/PpRpTth2sMNqHIrnNOUOeP --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment
"c:\users\kasa\appdata\local\google\chrome\user data\swreporter\42.206.200.3\software_reporter_tool.exe" --crash-handler "--database=c:\users\kasa\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=42.206.200 --initial-client-data=0x220,0x230,0x1e4,0x228,0x238,0x7ff7e347b710,0x7ff7e347b720,0x7ff7e347b730
"c:\users\kasa\appdata\local\google\chrome\user data\swreporter\42.206.200.3\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_10816_VZBWPTXTSFSAYEBE" --sandboxed-process-id=2 --init-done-notifier=724 --sandbox-mojo-pipe-token=540234891386298725 --mojo-platform-channel-handle=660 --engine=2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,1595613606605375508,3599874674706678397,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=17900219345433426642 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,1595613606605375508,3599874674706678397,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4577615122768579940 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
"c:\program files\avast software\secureline\vpnupdate.exe"
"c:\users\kasa\appdata\local\google\chrome\user data\swreporter\42.206.200.3\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_10816_VZBWPTXTSFSAYEBE" --sandboxed-process-id=3 --init-done-notifier=964 --sandbox-mojo-pipe-token=10723087839954457157 --mojo-platform-channel-handle=960
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1502263035-232619104-3836862182-10024_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1502263035-232619104-3836862182-10024 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
dummy /emupdater
VpnUpdate.exe /emupdater /applyupdate "C:\Program Files\AVAST Software\SecureLine\Setup\1c211877-538f-4b3a-83d0-52cea3d52388\update.xml"
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
taskhostw.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x580
"C:\WINDOWS\system32\notepad.exe"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 744 748 756 8192 752
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
C:\WINDOWS\system32\wbem\wmiprvse.exe

"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\kasa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-10-15 8911872]
"BtServer"=C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [2015-07-09 229592]
"DeliveryAndStatusCheck"=C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [2015-11-10 301832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\kasa\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2019-07-05 1589368]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2015-02-17 654088]
"isa"=C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-02-26 330240]
"PowerDVD14Agent"=C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [2015-10-29 795336]
"IndexSearch"=C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [2013-08-15 47432]
"PaperPort PTD"=C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [2013-08-15 31048]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2019-06-24 5580608]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Select a coupon.lnk - C:\Program Files\EPSON\TMCommandEmulator\PopupWindow.exe
TM-T88V Utility(Automatic Restore).lnk - C:\Program Files (x86)\EPSON\TM-T88V Software\TM88VUTL\TMRestoreApp.exe

C:\Users\kasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CMS.lnk - C:\Program Files (x86)\CMS\CMS.exe
Uninstall CMS.lnk - C:\Program Files (x86)\CMS\uninstall.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-07-05 21:28:19 ----D---- C:\Program Files\trend micro
2019-07-05 21:28:17 ----D---- C:\rsit
2019-07-05 20:30:40 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2019-06-24 14:12:04 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2019-06-24 14:12:04 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2019-06-24 14:12:04 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2019-06-24 14:12:04 ----A---- C:\WINDOWS\system32\DbxSvc.exe
2019-06-16 20:45:34 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-16 20:45:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-16 20:45:32 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-06-16 20:45:30 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-06-16 20:45:22 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2019-06-16 20:45:22 ----A---- C:\WINDOWS\system32\wininet.dll
2019-06-16 20:45:22 ----A---- C:\WINDOWS\system32\shell32.dll
2019-06-16 20:45:19 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-06-16 20:45:17 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-06-16 20:45:15 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-06-16 20:45:13 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-06-16 20:45:11 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-06-16 20:45:09 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-06-16 20:45:09 ----A---- C:\WINDOWS\system32\cdp.dll
2019-06-16 20:45:08 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-16 20:45:06 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-06-16 20:45:05 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-06-16 20:45:04 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-06-16 20:45:02 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-06-16 20:45:02 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-06-16 20:45:01 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-16 20:45:00 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-06-16 20:44:59 ----A---- C:\WINDOWS\system32\twinui.dll
2019-06-16 20:44:59 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-06-16 20:44:58 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-06-16 20:44:58 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2019-06-16 20:44:56 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-16 20:44:55 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2019-06-16 20:44:54 ----A---- C:\WINDOWS\system32\diagtrack.dll
2019-06-16 20:44:53 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-16 20:44:53 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-06-16 20:44:52 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-16 20:44:51 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2019-06-16 20:44:51 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-16 20:44:50 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2019-06-16 20:44:50 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-06-16 20:44:50 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-06-16 20:44:49 ----A---- C:\WINDOWS\system32\msxml6.dll
2019-06-16 20:44:49 ----A---- C:\WINDOWS\system32\mfcore.dll
2019-06-16 20:44:49 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-16 20:44:48 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-06-16 20:44:48 ----A---- C:\WINDOWS\system32\wpncore.dll
2019-06-16 20:44:48 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-06-16 20:44:47 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2019-06-16 20:44:47 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-16 20:44:46 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-06-16 20:44:46 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-06-16 20:44:46 ----A---- C:\WINDOWS\system32\DWrite.dll
2019-06-16 20:44:45 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2019-06-16 20:44:45 ----A---- C:\WINDOWS\system32\wuaueng.dll
2019-06-16 20:44:44 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2019-06-16 20:44:44 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-06-16 20:44:44 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-06-16 20:44:43 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2019-06-16 20:44:43 ----A---- C:\WINDOWS\system32\urlmon.dll
2019-06-16 20:44:42 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-06-16 20:44:42 ----A---- C:\WINDOWS\system32\NotificationController.dll
2019-06-16 20:44:41 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2019-06-16 20:44:41 ----A---- C:\WINDOWS\system32\esent.dll
2019-06-16 20:44:40 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2019-06-16 20:44:40 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-06-16 20:44:40 ----A---- C:\WINDOWS\system32\usocore.dll
2019-06-16 20:44:40 ----A---- C:\WINDOWS\system32\ntdll.dll
2019-06-16 20:44:39 ----A---- C:\WINDOWS\system32\InstallService.dll
2019-06-16 20:44:39 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-06-16 20:44:39 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2019-06-16 20:44:38 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2019-06-16 20:44:38 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-06-16 20:44:38 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-06-16 20:44:37 ----A---- C:\WINDOWS\system32\wpnapps.dll
2019-06-16 20:44:36 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2019-06-16 20:44:36 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2019-06-16 20:44:36 ----A---- C:\WINDOWS\system32\FntCache.dll
2019-06-16 20:44:36 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-16 20:44:35 ----A---- C:\WINDOWS\system32\StorSvc.dll
2019-06-16 20:44:35 ----A---- C:\WINDOWS\system32\localspl.dll
2019-06-16 20:44:35 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-16 20:44:35 ----A---- C:\WINDOWS\system32\AudioSes.dll
2019-06-16 20:44:34 ----A---- C:\WINDOWS\SYSWOW64\msrd3x40.dll
2019-06-16 20:44:34 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2019-06-16 20:44:34 ----A---- C:\WINDOWS\system32\AudioEng.dll
2019-06-16 20:44:33 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-06-16 20:44:33 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-16 20:44:33 ----A---- C:\WINDOWS\system32\mf.dll
2019-06-16 20:44:33 ----A---- C:\WINDOWS\system32\lsasrv.dll
2019-06-16 20:44:33 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-06-16 20:44:33 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-16 20:44:32 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2019-06-16 20:44:32 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2019-06-16 20:44:32 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-16 20:44:31 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-06-16 20:44:31 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2019-06-16 20:44:31 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-16 20:44:30 ----A---- C:\WINDOWS\system32\wuapi.dll
2019-06-16 20:44:30 ----A---- C:\WINDOWS\system32\schedsvc.dll
2019-06-16 20:44:30 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2019-06-16 20:44:30 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-16 20:44:29 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2019-06-16 20:44:29 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2019-06-16 20:44:29 ----A---- C:\WINDOWS\system32\winload.exe
2019-06-16 20:44:29 ----A---- C:\WINDOWS\system32\usermgr.dll
2019-06-16 20:44:29 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-16 20:44:28 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2019-06-16 20:44:28 ----A---- C:\WINDOWS\system32\msi.dll
2019-06-16 20:44:28 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-06-16 20:44:28 ----A---- C:\WINDOWS\system32\CPFilters.dll
2019-06-16 20:44:27 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2019-06-16 20:44:27 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-06-16 20:44:26 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2019-06-16 20:44:26 ----A---- C:\WINDOWS\system32\WWAHost.exe
2019-06-16 20:44:26 ----A---- C:\WINDOWS\system32\winresume.exe
2019-06-16 20:44:26 ----A---- C:\WINDOWS\system32\browserbroker.dll
2019-06-16 20:44:26 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2019-06-16 20:44:25 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-16 20:44:25 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-06-16 20:44:24 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2019-06-16 20:44:24 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-06-16 20:44:24 ----A---- C:\WINDOWS\system32\msv1_0.dll
2019-06-16 20:44:24 ----A---- C:\WINDOWS\system32\audiodg.exe
2019-06-16 20:44:23 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2019-06-16 20:44:23 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-06-16 20:44:23 ----A---- C:\WINDOWS\system32\ieproxy.dll
2019-06-16 20:44:23 ----A---- C:\WINDOWS\system32\ci.dll
2019-06-16 20:44:22 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-06-16 20:44:21 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2019-06-16 20:44:21 ----A---- C:\WINDOWS\system32\schannel.dll
2019-06-16 20:44:21 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2019-06-16 20:44:20 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2019-06-16 20:44:20 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2019-06-16 20:44:20 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-06-16 20:44:20 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-16 20:44:20 ----A---- C:\WINDOWS\system32\kerberos.dll
2019-06-16 20:44:20 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2019-06-16 20:44:19 ----A---- C:\WINDOWS\system32\srvsvc.dll
2019-06-16 20:44:19 ----A---- C:\WINDOWS\system32\msfeeds.dll
2019-06-16 20:44:18 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-06-16 20:44:18 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2019-06-16 20:44:18 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-06-16 20:44:18 ----A---- C:\WINDOWS\system32\taskcomp.dll
2019-06-16 20:44:18 ----A---- C:\WINDOWS\system32\mfps.dll
2019-06-16 20:44:18 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2019-06-16 20:44:17 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-16 20:44:17 ----A---- C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-16 20:44:17 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2019-06-16 20:44:17 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2019-06-16 20:44:16 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2019-06-16 20:44:16 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2019-06-16 20:44:16 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2019-06-16 20:44:16 ----A---- C:\WINDOWS\system32\dot3gpui.dll
2019-06-16 20:44:15 ----A---- C:\WINDOWS\SYSWOW64\userenv.dll
2019-06-16 20:44:15 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2019-06-16 20:44:15 ----A---- C:\WINDOWS\system32\userenv.dll
2019-06-16 20:44:15 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2019-06-16 20:44:15 ----A---- C:\WINDOWS\system32\mf3216.dll
2019-06-16 20:44:15 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-06-16 20:44:14 ----A---- C:\WINDOWS\system32\rdpcore.dll
2019-06-16 20:44:14 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-06-16 20:44:13 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2019-06-16 20:44:13 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2019-06-16 20:44:13 ----A---- C:\WINDOWS\system32\wuuhext.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\SYSWOW64\wevtapi.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\wevtapi.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\usoapi.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\KerbClientShared.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\esentutl.exe
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2019-06-16 20:44:12 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2019-06-16 20:44:11 ----A---- C:\WINDOWS\SYSWOW64\WMVCORE.DLL
2019-06-16 20:44:11 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-16 20:44:11 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2019-06-16 20:44:11 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-16 20:44:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2019-06-16 20:44:10 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-06-16 20:44:10 ----A---- C:\WINDOWS\SYSWOW64\taskcomp.dll
2019-06-16 20:44:10 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2019-06-16 20:44:10 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2019-06-16 20:44:10 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2019-06-16 20:44:10 ----A---- C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-16 20:44:09 ----A---- C:\WINDOWS\SYSWOW64\KerbClientShared.dll
2019-06-16 20:44:09 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2019-06-16 20:44:09 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2019-06-16 20:44:09 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2019-06-16 20:44:08 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2019-06-16 20:44:08 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-16 20:44:08 ----A---- C:\WINDOWS\system32\bcrypt.dll
2019-06-16 20:44:07 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2019-06-16 20:44:07 ----A---- C:\WINDOWS\SYSWOW64\msjet40.dll
2019-06-16 20:44:07 ----A---- C:\WINDOWS\SYSWOW64\esentutl.exe
2019-06-16 20:44:07 ----A---- C:\WINDOWS\SYSWOW64\dot3gpui.dll
2019-06-16 20:44:07 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2019-06-16 20:44:07 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-16 20:44:06 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2019-06-16 20:44:06 ----A---- C:\WINDOWS\SYSWOW64\msltus40.dll
2019-06-16 20:44:06 ----A---- C:\WINDOWS\system32\updatecsp.dll
2019-06-16 20:44:06 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-16 20:44:06 ----A---- C:\WINDOWS\system32\DuCsps.dll
2019-06-16 20:44:05 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-16 20:44:05 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-06-16 20:44:05 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2019-06-16 20:44:05 ----A---- C:\WINDOWS\SYSWOW64\credprovhost.dll
2019-06-16 20:44:05 ----A---- C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-16 20:44:05 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-16 20:44:04 ----A---- C:\WINDOWS\SYSWOW64\TSWorkspace.dll
2019-06-16 20:44:04 ----A---- C:\WINDOWS\system32\UsoClient.exe
2019-06-16 20:44:04 ----A---- C:\WINDOWS\system32\TSWorkspace.dll
2019-06-16 20:44:04 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2019-06-16 20:44:04 ----A---- C:\WINDOWS\system32\credprovhost.dll
2019-06-16 20:44:03 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2019-06-16 20:44:03 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2019-06-16 20:44:03 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2019-06-16 20:44:03 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-16 20:44:02 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2019-06-16 20:44:02 ----A---- C:\WINDOWS\system32\wdigest.dll
2019-06-16 20:44:02 ----A---- C:\WINDOWS\system32\SIHClient.exe
2019-06-16 20:44:02 ----A---- C:\WINDOWS\system32\pku2u.dll
2019-06-16 20:44:02 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2019-06-16 20:44:02 ----A---- C:\WINDOWS\system32\AxInstSv.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\system32\wups2.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\system32\wups.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\system32\tzres.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\system32\storewuauth.dll
2019-06-16 20:44:01 ----A---- C:\WINDOWS\system32\sscore.dll

======List of files/folders modified in the last 1 month======

2019-07-05 21:28:41 ----D---- C:\WINDOWS\Temp
2019-07-05 21:28:36 ----D---- C:\WINDOWS\AppReadiness
2019-07-05 21:28:24 ----D---- C:\WINDOWS\Prefetch
2019-07-05 21:28:19 ----RD---- C:\Program Files
2019-07-05 21:26:08 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-07-05 21:13:47 ----D---- C:\WINDOWS\system32\WDI
2019-07-05 21:12:28 ----D---- C:\WINDOWS\INF
2019-07-05 21:10:28 ----D---- C:\WINDOWS\System32
2019-07-05 21:10:28 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-05 21:09:32 ----D---- C:\WINDOWS\system32\sru
2019-07-05 21:04:13 ----RD---- C:\WINDOWS\assembly
2019-07-05 21:01:08 ----RD---- C:\WINDOWS\Microsoft.NET
2019-07-05 20:58:41 ----D---- C:\WINDOWS\system32\Tasks
2019-07-05 20:56:51 ----D---- C:\WINDOWS\system32\config
2019-07-05 20:37:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-05 20:36:34 ----D---- C:\Program Files (x86)\Dropbox
2019-07-05 20:35:07 ----D---- C:\WINDOWS\system32\drivers
2019-07-05 20:30:43 ----D---- C:\WINDOWS\WinSxS
2019-07-05 20:30:40 ----D---- C:\WINDOWS\SysWOW64
2019-07-05 20:29:37 ----D---- C:\WINDOWS\system32\DriverStore
2019-07-05 20:24:52 ----D---- C:\WINDOWS\TextInput
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-07-05 20:24:52 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\zu-ZA
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\yo-NG
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\xh-ZA
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\wo-SN
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\tn-ZA
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\ti-ET
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\rw-RW
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-07-05 20:24:46 ----D---- C:\WINDOWS\system32\nso-ZA
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\migration
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\ig-NG
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\cs-CZ
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\Boot
2019-07-05 20:24:45 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-07-05 20:24:33 ----D---- C:\WINDOWS\ShellExperiences
2019-07-05 20:24:33 ----D---- C:\WINDOWS\Provisioning
2019-07-05 20:24:32 ----D---- C:\WINDOWS\bcastdvr
2019-07-05 20:24:32 ----D---- C:\WINDOWS\apppatch
2019-07-05 20:24:32 ----D---- C:\Program Files\internet explorer
2019-07-05 20:24:32 ----D---- C:\Program Files (x86)\Internet Explorer
2019-07-05 20:23:56 ----D---- C:\WINDOWS\SYSWOW64\en-US
2019-07-05 20:23:35 ----D---- C:\WINDOWS\system32\en-US
2019-07-05 20:23:34 ----SD---- C:\WINDOWS\system32\DiagSvcs
2019-07-05 20:23:09 ----RSD---- C:\WINDOWS\Fonts
2019-07-05 20:23:08 ----RD---- C:\Program Files\Windows Defender
2019-07-05 20:23:08 ----D---- C:\Windows
2019-07-05 20:21:52 ----D---- C:\WINDOWS\system32\SleepStudy
2019-06-24 22:20:26 ----SHD---- C:\WINDOWS\Installer
2019-06-24 22:20:26 ----SHD---- C:\Config.Msi
2019-06-24 22:20:18 ----AD---- C:\Program Files\rempl
2019-06-24 22:15:57 ----D---- C:\WINDOWS\system32\catroot2
2019-06-24 22:15:53 ----SHD---- C:\System Volume Information
2019-06-24 22:14:54 ----HD---- C:\Program Files\WindowsApps
2019-06-24 22:08:54 ----AD---- C:\Program Files\UNP
2019-06-20 12:00:00 ----D---- C:\WINDOWS\system32\LogFiles
2019-06-20 11:12:25 ----D---- C:\WINDOWS\Logs
2019-06-16 21:11:53 ----D---- C:\WINDOWS\CbsTemp
2019-06-14 11:26:12 ----D---- C:\WINDOWS\system32\MRT
2019-06-14 08:35:56 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-06-07 03:13:17 ----D---- C:\WINDOWS\system32\drivers\wd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-03-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 clwvd6;@oem19.inf,%clwvd.DeviceDesc% Service;CyberLink WebCam Virtual Driver 6.0 Service; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [2015-08-31 41400]
R3 dptf_acpi;dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [2015-08-18 55816]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-08-18 53752]
R3 esif_lf;esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [2015-08-18 261624]
R3 igfxLP;igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [2015-07-13 5744568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-10-15 5346312]
R3 IntcDAud;@oem7.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-07-13 464144]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem5.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-06-18 895256]
R3 RtkBtFilter;@oem37.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [2018-05-31 784264]
R3 RTWlanE;@oem33.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\WINDOWS\System32\drivers\rtwlane.sys [2018-04-20 7904088]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2017-08-18 55384]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S2 EPSON_PCS_Parallel_Port_Driver;EPSON PCS Parallel Port Driver; \??\C:\windows\system32\DRIVERS\pcslpt.sys [2014-07-10 21640]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2019-06-07 1102336]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-06-07 76304]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 RTSUER;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-05-21 411712]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 Ser2pl;Prolific Serial port WDF driver; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [2016-10-06 199960]
S3 SIUSBXP;SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [2009-11-03 19456]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2015-07-13 33448]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-12-16 83984]
R2 BTDevManager;BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [2015-11-19 127192]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_4588b;Uživatelská služba platformy připojených zařízení_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2019-06-24 51024]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 EPSON_Device_Control_Log_Service;EPSON Device Control Log Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [2014-07-10 398848]
R2 EPSON_Port_Communication_Service;EPSON Port Communication Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [2014-07-10 553984]
R2 esifsvc;@oem28.inf,%ServiceDisplayName%;ESIF Upper Framework Service; C:\WINDOWS\SysWOW64\esif_uf.exe [2015-08-18 1385640]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2019-06-12 356728]
R2 HPWMISVC;HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2015-02-17 608520]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-07-13 350312]
R2 isaHelperSvc;Intel(R) Security Assist Helper; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-02-26 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2015-04-21 174368]
R2 OneSyncSvc_4588b;Hostitel synchronizace_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2013-08-15 145736]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-10-15 326656]
R2 SecureLine;Avast SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [2016-05-24 592392]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-06-11 363016]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-29 43648]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-04-22 143144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_4588b;Uživatelská služba pro GameDVR a vysílání her_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_4588b;Služba pro podporu uživatelů Bluetooth_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-07-13 282216]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-04-22 143144]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_4588b;DevicePicker_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_4588b;Tok zařízení_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\elevation_service.exe [2019-06-18 1098224]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2015-05-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-02-26 330240]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_4588b;Služba zasílání zpráv_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc_4588b;Data kontaktů_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_4588b;PrintWorkflow_4588b; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Radek04]

Zasílám log, psalo to jen jednu "hrozbu".

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-06-2019
# Duration: 00:00:11
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1325 octets] - [06/07/2019 12:52:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

OK. Teď dejte logy FRST+Adiition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .