Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podezření na keylogger (log rozdělený do 2 příspěvků)

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
ivankrato
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 77
Registrován: 13 bře 2009 14:08

Podezření na keylogger (log rozdělený do 2 příspěvků)

#1 Příspěvek od ivankrato »

Zdravím,
mám podezření, že se v mém PC nachází keylogger. Nedávno se totiž někdo dostal k heslu k jedné počítačové hře. MBAM nic nenašel. Spíše si myslím, že jsem někde na něco skočil, nebo se k mému heslu dostal jinak (podle https://haveibeenpwned.com/ bylo mé heslo kompromitováno již 6x), ale pro jistotu píši sem, prosím o kontrolu :)

RSIT log:

Logfile of random's system information tool 1.14 (written by random/random)
Run by ivank at 2017-01-23 12:16:28
Microsoft Windows 10 Pro
System drive C: has 44 GB (26%) free of 171 GB
Total RAM: 8175 MB (46% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:30, on 23.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\ivank\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\ivank\AppData\Roaming\Spotify\SpotifyWebHelper.exe
K:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
K:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Users\ivank\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
C:\Program Files\trend micro\ivank_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] E:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [OneDrive] "C:\Users\ivank\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\ivank\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Steam] "K:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] C:\Users\ivank\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVerRECentral - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - J:\Program Files\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - J:\Program Files\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: wampapache64 - Apache Software Foundation - E:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe
O23 - Service: wampmysqld64 - Unknown owner - E:\wamp64\bin\mysql\mysql5.7.9\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 13884 bytes

======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4b9f5da6-4e4f-47fe-87a1-ea80e1570974 -SystemEventPortName:HostProcess-50516b01-9f5e-4fa1-85bd-1689da9a8edb -IoCancelEventPortName:HostProcess-09b7b5d4-df30-4e55-b93a-a7863e9e95df -NonStateChangingEventPortName:HostProcess-720f7744-3cce-490b-96f9-8dfed5f9dee6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a6aee474-f673-4020-ba6e-51275344aff0 -DeviceGroupId:WudfDefaultDevicePool
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dashost.exe
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe"
"C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe"
"C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"J:\Program Files\Origin\OriginWebHelperService.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077}
C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\vmms.exe
C:\WINDOWS\system32\vmcompute.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\System32\taskhostw.exe
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\System32\taskhostw.exe
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"C:\Program Files\Mad Catz\M.M.O.TE\MMO_TE_Profiler.exe"
"C:\Users\ivank\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Users\ivank\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"K:\Program Files\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe" -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true
"C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\main.js"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"K:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-cachedir=C:\Users\ivank\AppData\Local\Steam\htmlcache" "-steampid=8720" "-buildid=1484790260" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\WINDOWS\System32\fontdrvhost.exe
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\server.js"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
"C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE" -Embedding
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe"
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\ivank\AppData\Local\Chromium\User Data\Crashpad" --annotation=channel=unknown --annotation=plat=Win32 --annotation=prod=Chromodo --annotation=ver=52.15.25.665-devel --handshake-handle=0x38c
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=gpu-process --channel="6892.0.241540768\1937233872" --mojo-application-channel-token=4E9DAEEE0E2665F70D9E127B3C2DB275 --force-fieldtrials=*UMA_CheckStates/NoChecks/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,27,55,71 --gpu-vendor-id=0x10de --gpu-device-id=0x1187 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.6909 --gpu-driver-date=8-1-2016 --mojo-platform-channel-handle=1584 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=EA836D04EF2BDD296EF42F2A62B2041B --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=27F889D1ACFEFFB7848EF9BD0FC1B5AA --mojo-application-channel-token=C86328A301344B19570D2F7013591DD4 --channel="6892.1.2078664944\1827022242" --mojo-platform-channel-handle=2528 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=9231BF2689946FEFEF4341E836697F3C --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=C28C1220F457A71275249F083660C56B --mojo-application-channel-token=3DD41BDB52C31670813A000920CB6743 --channel="6892.2.94017398\1507806620" --mojo-platform-channel-handle=2812 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=8242A53526B4B18B616BA3885A6E6BF7 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=1BBF53832B606319507EA7425D73DE96 --mojo-application-channel-token=6B5E4D2E9F108990B3F160B79891D629 --channel="6892.3.1080171712\2012018919" --mojo-platform-channel-handle=3220 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=519211F99419810EB8919F9F488C104B --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=5721BBAF858CE8B83E7E0C2715FCF158 --mojo-application-channel-token=ECFF306FDEA31C291D84E8EF921130A0 --channel="6892.4.1371805646\1456153315" --mojo-platform-channel-handle=3232 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=2A0AAEFF879B9F2A84E4E4358CB2356C --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=E7AA262301D5BF7125F677E597FFBB95 --mojo-application-channel-token=9E4A21CC531CCF784167052D831F7DC7 --channel="6892.6.1788540505\2753697" --mojo-platform-channel-handle=3272 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=C5C2FD293A91BC9C05859929FC8427BB --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=5D5E77AC5AB3831FC2F7DCE7930CFAB9 --mojo-application-channel-token=0A95D8DEE96D1BF626406B7EBA5202B3 --channel="6892.8.410514198\1451504093" --mojo-platform-channel-handle=3308 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=6A95C6D4C697F298EF61D92324FEDA39 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=E3BE919B68E51A9745F04927600EF0F8 --mojo-application-channel-token=A8ADFE8CA02651521B956DEDF8FA57AF --channel="6892.9.768092690\1922587294" --mojo-platform-channel-handle=3316 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=EFF0842C38BA24F4DD3E103B138241E7 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=7225E079D44C856DE980303CA07915B2 --mojo-application-channel-token=C7FBFCB8E847D74005CD211F6BD9C248 --channel="6892.10.990355213\1200477208" --mojo-platform-channel-handle=3324 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=9AEF5A17910399C6A571E75AD1A589E3 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=3D9BDD658531A85B62306C834F84005F --mojo-application-channel-token=2FD8EF7E73CF2ADB6907C0142E40D320 --channel="6892.12.1143022564\54823155" --mojo-platform-channel-handle=3344 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=021375F79F9EC8B04FEF23C59E60B070 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=CEF8C86A7A2695F62D18C931C90AA101 --mojo-application-channel-token=3038B948251811DC7A5B1169F85BA2A2 --channel="6892.13.187807028\893345655" --mojo-platform-channel-handle=3432 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=DFC5177433333EE44469AC1B3828FC9A --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=BC56B80076A83E0120E204AD9B7044E0 --mojo-application-channel-token=5F962AEBD20179B64C3B3AADD87FF999 --channel="6892.14.448066326\1667069686" --mojo-platform-channel-handle=3448 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=06491E71062105B30CB1C211E164FD12 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=60D3527D6127E048573858CAF8BC534C --mojo-application-channel-token=D4AF94A01D3E96B936F869E1C3ED5A00 --channel="6892.16.2078069357\260181485" --mojo-platform-channel-handle=3468 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=65FC923BEA2D718960BA427387D32C92 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=81476347CD541C1C77AB0375A67000E4 --mojo-application-channel-token=CB9C43EF39CC8EF2A4A879ACED0F24D0 --channel="6892.18.763728720\304221093" --mojo-platform-channel-handle=3512 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=7DDB31E035A8224AD11790E3373F25A7 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=ACE4F37B7327F967FACF22FC1A607183 --mojo-application-channel-token=BA5771DD3D416524502D0CAD754A0729 --channel="6892.20.1421016112\1224878164" --mojo-platform-channel-handle=3536 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=E9C1C44162A87FC84426EEA124DE5477 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=49B5878184A3823531A768E98897D43A --mojo-application-channel-token=8F06BCA0B8F9A05B917F1BBB94705086 --channel="6892.21.1567002485\211270219" --mojo-platform-channel-handle=3548 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=FAF45A497E9242CE46A86F08D5DD4D33 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=A4473021A8FC95D20921C4004DE0BFCF --mojo-application-channel-token=FD07CF2E618F224E9A073994BCC37446 --channel="6892.22.940579541\1154514058" --mojo-platform-channel-handle=3564 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=6A9FDD249ACADD440B54B74B8379747E --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=482E24A13C6AF9643FE9D664EB4B2E29 --mojo-application-channel-token=F2E7E82C59A1E0E89EAD8E0045020EEE --channel="6892.33.735572503\108416766" --mojo-platform-channel-handle=10972 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=F9A854EABAEE4343C8D5A5391212FF41 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=C46033A1E17CE277761C854609185F63 --mojo-application-channel-token=9E2BA257A7C43B469BF0C0B61B1FF7D2 --channel="6892.34.145839158\2078347493" --mojo-platform-channel-handle=11028 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=252013CD442B0AD3CE2B1476907CA97E --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=F8C2D13D6814245A28CE829B512A300E --mojo-application-channel-token=418B7F92FFE25E24BC78CDC0A5F5FD15 --channel="6892.36.1745150057\1460172234" --mojo-platform-channel-handle=10596 /prefetch:1
"C:\Users\ivank\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Users\ivank\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=B36E19CA14359868D906AD3E4E7AF9FC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=864072B2E9ED4C5633EAAD470017347D --mojo-application-channel-token=61FF00F96F5E9F8987CD87DE8E5EB135 --channel="6892.41.1706411357\195544583" --mojo-platform-channel-handle=10508 /prefetch:1
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\WINDOWS\System32\taskhostw.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:1220
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:756
\??\C:\WINDOWS\system32\conhost.exe 0x4
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" ExecuteQueuedItems /LegacyServiceBehavior
C:\WINDOWS\system32\AUDIODG.EXE 0x644
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=F2927C66A8D3A20554DE16961FA7FECC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=63EEDD497C765B00D49948F75454232C --mojo-application-channel-token=C886557B89561BFA18FFB913DD5C67B2 --channel="6892.58.1426822558\851442800" --mojo-platform-channel-handle=13152 /prefetch:1
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --type=renderer --force-fieldtrials=*UMA_CheckStates/NoChecks/ --primordial-pipe-token=86864E5FE43F218C7B6BEB867C909535 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --mojo-channel-token=B339154A4DD1A436EB5437160847E9B2 --mojo-application-channel-token=D5C44E119C1DE5B1E1D904B7B3A1D712 --channel="6892.60.582455797\740150706" --mojo-platform-channel-handle=13748 /prefetch:1
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "Microsoft.Windows.Diagnosis.SDHost, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\ivank\Desktop\RSITx64.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 570 -InterruptEvent 0 -NGENProcess 4a8 -Pipe 4f0 -Comment "NGen Worker Process"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe /NOUACCHECK
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ivankrato2@gmail.com - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-4036444824-1623848782-1115443384-1001Core - C:\Users\ivank\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-4036444824-1623848782-1115443384-1001UA - C:\Users\ivank\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{F713F49A-F9C4-4002-A8C6-C2C9D3123DD2} - C:\Windows\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - %systemroot%\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\VisualStudio\VSIX Auto Update 14 - E:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\WINDOWS\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
C:\WINDOWS\system32\tasks\Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - "C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\WINDOWS\system32\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} - "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --launchSchedule {0FB77674-7905-4F34-A362-C5A9A26F8CF9}
C:\WINDOWS\system32\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} - "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --launchSchedule {F140D794-60B6-4F00-9235-D6457AA25B22}
C:\WINDOWS\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} - "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --launchSchedule {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}
C:\WINDOWS\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} - "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85}

=========Mozilla firefox=========

ProfilePath - C:\Users\ivank\AppData\Roaming\Mozilla\Firefox\Profiles\bu12btmm.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\wacom.com/WacomTabletPlugin]
"Description"=
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll


C:\Users\ivank\AppData\Roaming\Mozilla\Firefox\Profiles\bu12btmm.default\addons.json
Export Cookies - extension - exportcookies@aag
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Firefox Hello Beta (discontinued) - extension - loop@mozilla.org

C:\Users\ivank\AppData\Roaming\Mozilla\Firefox\Profiles\bu12btmm.default\extensions.json
Export Cookies - extension - exportcookies@aag - C:\Users\ivank\AppData\Roaming\Mozilla\Firefox\Profiles\bu12btmm.default\extensions\exportcookies@aag.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\ivank\AppData\Roaming\Mozilla\Firefox\Profiles\bu12btmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - E:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - E:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - E:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - E:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\ivank\AppData\Roaming\Mozilla\Firefox\Profiles\bu12btmm.default\pluginreg.dat
Plugin - AdobeAAMDetect - 3.0.0.0 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.23.20053.15062 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - WacomTabletPlugin - 2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
Plugin - VLC Web Plugin - 2.2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - NVIDIA 3D Vision - 7.17.13.6822 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - NVIDIA 3D VISION - 7.17.13.6822 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - Microsoft Office 2016 - 16.0.7571.7095 - C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.50428.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll
Plugin - Java(TM) Platform SE 8 U66 - 11.66.2.18 - C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.660.18 - 11.66.2.18 - C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll
Plugin - Google Update - 1.3.32.7 - C:\Users\ivank\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28 214208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28 2888896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-11-21 631808]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-01-14 14021336]
"COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-10-31 1610936]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2016-01-14 7406392]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]
"M.M.O.TE"=C:\Program Files\Mad Catz\M.M.O.TE\MMO_TE_Profiler.exe [2016-09-19 129536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\ivank\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-22 1517280]
"Spotify Web Helper"=C:\Users\ivank\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-12-28 1444976]
"Steam"=K:\Program Files\Steam\steam.exe [2017-01-20 2881824]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20 27262432]
"Google Update"=C:\Users\ivank\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-17 601752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2016-01-12 43608]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-12 596528]
"EaseUS EPM tray"=E:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe []
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25 2383040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SteelSeries Engine 3.lnk - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

C:\Users\ivank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Poslat do aplikace OneNote.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit -
.js - open - E:\Program Files\JetBrains\PhpStorm 2016.1\bin\PhpStorm.exe "%1"
Naposledy upravil(a) ivankrato dne 23 led 2017 12:23, celkem upraveno 1 x.

ivankrato
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 77
Registrován: 13 bře 2009 14:08

Re: Podezření na keylogger (log rozdělený do 2 příspěvků)

#2 Příspěvek od ivankrato »

======List of files/folders created in the last 1 month======

2017-01-23 11:58:47 ----D---- C:\Program Files\trend micro
2017-01-23 11:58:46 ----D---- C:\rsit
2017-01-22 12:36:38 ----SHD---- C:\Recovery
2017-01-22 12:34:23 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2017-01-22 12:17:15 ----SD---- C:\Users\ivank\AppData\Roaming\Microsoft
2017-01-22 12:17:00 ----A---- C:\WINDOWS\SYSWOW64\PerfStringBackup.INI
2017-01-22 12:16:20 ----D---- C:\WINDOWS\system32\DAX2
2017-01-22 12:16:16 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2017-01-22 12:16:16 ----D---- C:\Program Files\Realtek
2017-01-22 12:16:15 ----D---- C:\ProgramData\NVIDIA
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nvvsvc.exe
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nvshext.dll
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nvmctray.dll
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nvcpl.dll
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2017-01-22 12:16:14 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2017-01-22 12:16:08 ----D---- C:\ProgramData\NVIDIA Corporation
2017-01-22 12:16:05 ----D---- C:\Program Files\NVIDIA Corporation
2017-01-22 12:16:05 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-01-22 12:15:55 ----D---- C:\WINDOWS\Prefetch
2017-01-22 12:14:43 ----DC---- C:\WINDOWS\Panther
2017-01-22 12:12:50 ----D---- C:\Windows.old
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsDesktopEngine.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\VSD3DWARPDebug.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\VSD3DWARP12Debug.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\SearchFolder.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\RTWorkQ.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\PlayToManager.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfmkvsrcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfaudiocnv.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\hevcdecoder.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\DXCpl.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\dmenrollengine.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\d3d12warp.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\d3d12SDKLayers.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\CloudStorageWizard.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\BcastDVRHelper.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\RTWorkQ.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\rdvgm.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfsvr.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfplat.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfaudiocnv.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\hevcdecoder.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\fveapi.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\DXCpl.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\drivers\mrxsmb10.sys
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\d3d12warp.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\CloudStorageWizard.exe
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-22 12:11:35 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\xolehlp.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\wsecedit.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\wscinterop.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\wscapi.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Shell.Search.UriHandler.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\setupugc.exe
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\sendmail.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ReAgentc.exe
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\netshell.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\mtxclu.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\msdtcuiu.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\msdtcprx.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\migisol.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\MFPlay.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\apprepsync.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\apprepapi.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\wpnprv.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\wpncore.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\sspicli.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\RDXService.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\ntdll.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\msctf.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\MFPlay.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\lsm.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\KernelBase.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\jscript9.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\ieproxy.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\ieframe.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\gdi32full.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\cscui.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-01-22 12:11:31 ----A---- C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\SYSWOW64\AppVEntSubsystems32.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\zipfldr.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wsecedit.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wscsvc.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wscinterop.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wscapi.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\winresume.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\winload.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\wininet.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\VPNv2CSP.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\vpnike.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\usercpl.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\urlmon.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\umpoext.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\TransportDSA.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\StorSvc.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\stobject.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\sppwinob.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\sppnp.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\services.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\sendmail.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\SearchFolder.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\RjvMDMConfig.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ReportingCSP.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ReAgentc.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\RDXTaskFactory.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\rasmans.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\rascustom.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\rasapi32.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ProvSysprep.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\policymanager.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ole32.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ntshrui.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\netshell.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\NetSetupShim.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\netplwiz.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\msi.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\msdtctm.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\migisol.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\lpremove.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\HttpsDataSource.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\gameux.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\efswrt.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\EDPCleanup.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\EAMProgressHandler.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\drivers\modem.sys
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\dmcertinst.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\comdlg32.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\browserbroker.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\BcastDVRHelper.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVShNotify.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVScripting.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVReporting.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVPolicy.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVManifest.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVClient.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\apprepsync.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\apprepapi.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\appraiser.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\AppCapture.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\aitstatic.exe
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\acmigration.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-22 12:11:29 ----A---- C:\WINDOWS\explorer.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\WsmSvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\WSManHTTPConfig.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\WordBreakers.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\ngccredprov.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\NetSetupShim.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\NetCfgNotifyObjectHost.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MosStorage.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MapsBtSvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\EditBufferTestHook.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\dxgi.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\DisplayManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\DeviceFlows.DataModel.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\cryptngc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\ActivationManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\WordBreakers.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\wkssvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\WinTypes.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\windows.storage.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\wincorlib.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\vmcompute.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\user32.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\ShareHost.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\setupugc.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\rdp4vs.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\PrivateCloudHNSPlugin.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\PlayToManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\NMAA.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\NgcCtnr.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\ngccredprov.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MosStorage.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\moshostcore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\moshost.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\mos.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MapsStore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MapRouter.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\InputService.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\hvloader.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\hvix64.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\hvax64.exe
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\HostNetSvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\EditBufferTestHook.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\dxgi.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\dwmcore.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\xboxgip.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\vmswitch.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\DisplayManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\dialserver.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\d3d11.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\CryptoWinRT.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\cryptngc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\combase.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\cdpusersvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\cdpsvc.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\cdp.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\cdd.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\BingMaps.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\bcrypt.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\AppReadiness.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\actxprxy.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-22 12:11:26 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-22 12:06:29 ----A---- C:\WINDOWS\SYSWOW64\NlsLexicons0009.dll
2017-01-22 12:06:29 ----A---- C:\WINDOWS\SYSWOW64\NlsData0009.dll
2017-01-22 12:06:29 ----A---- C:\WINDOWS\system32\prm0009.dll
2017-01-22 12:06:29 ----A---- C:\WINDOWS\system32\NlsLexicons0009.dll
2017-01-22 12:06:29 ----A---- C:\WINDOWS\system32\NlsData0009.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsRemoteEngine.exe
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsProxyStub.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsExperiment.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\VsGraphicsCapture.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\perf_gputiming.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DXToolsReporting.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DxToolsReportGenerator.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DXToolsOfflineAnalysis.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DXToolsMonitor.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DXGIDebug.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DXCaptureReplay.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\DXCap.exe
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\d3d11_3SDKLayers.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\SYSWOW64\d2d1debug3.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\DXToolsReporting.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\DXToolsMonitor.dll
2017-01-22 12:06:23 ----A---- C:\WINDOWS\system32\DXCap.exe
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\perf_gputiming.dll
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\DXGIDebug.dll
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\DXCaptureReplay.dll
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-01-22 12:06:22 ----A---- C:\WINDOWS\system32\d2d1debug3.dll
2017-01-22 12:04:56 ----SD---- C:\WINDOWS\system32\containers
2017-01-22 12:04:56 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2017-01-22 12:04:56 ----D---- C:\WINDOWS\system32\BestPractices
2017-01-22 12:04:56 ----D---- C:\Program Files\Reference Assemblies
2017-01-22 12:04:56 ----D---- C:\Program Files\MSBuild
2017-01-22 12:04:56 ----D---- C:\Program Files\Hyper-V
2017-01-22 12:04:56 ----D---- C:\Program Files (x86)\Reference Assemblies
2017-01-22 12:04:56 ----AD---- C:\Program Files (x86)\MSBuild
2017-01-22 12:04:35 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2017-01-22 12:04:35 ----A---- C:\WINDOWS\SYSWOW64\PresentationNative_v0300.dll
2017-01-22 12:04:35 ----A---- C:\WINDOWS\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-01-22 12:04:34 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2017-01-22 12:04:34 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-01-22 12:04:34 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-01-22 00:31:20 ----RASH---- C:\BOOTSECT.BAK
2016-12-30 00:19:46 ----D---- C:\Users\ivank\AppData\Roaming\GameRanger
2016-12-25 15:21:16 ----D---- C:\Program Files\Microsoft Analysis Services
2016-12-25 15:17:21 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-12-25 15:17:17 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 10.0

======List of files/folders modified in the last 1 month======

2017-01-23 12:16:30 ----RD---- C:\WINDOWS\assembly
2017-01-23 12:15:36 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-23 12:12:50 ----D---- C:\WINDOWS\Temp
2017-01-23 12:11:17 ----D---- C:\WINDOWS\system32\config
2017-01-23 11:58:47 ----RD---- C:\Program Files
2017-01-23 11:53:09 ----HD---- C:\Program Files\WindowsApps
2017-01-23 11:53:09 ----D---- C:\WINDOWS\AppReadiness
2017-01-23 11:50:36 ----D---- C:\WINDOWS\appcompat
2017-01-23 11:49:15 ----D---- C:\WINDOWS\system32\WDI
2017-01-23 11:48:51 ----D---- C:\Users\ivank\AppData\Roaming\Skype
2017-01-23 11:48:14 ----D---- C:\WINDOWS\system32\sru
2017-01-23 11:47:40 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-23 11:47:37 ----D---- C:\WINDOWS\INF
2017-01-23 01:40:14 ----D---- C:\WINDOWS\System32
2017-01-23 01:20:13 ----D---- C:\Users\ivank\AppData\Roaming\Spotify
2017-01-22 23:49:02 ----D---- C:\WINDOWS\rescache
2017-01-22 23:46:24 ----D---- C:\WINDOWS\Logs
2017-01-22 23:45:43 ----D---- C:\WINDOWS\debug
2017-01-22 21:08:37 ----D---- C:\Users\ivank\AppData\Roaming\steelseries-engine-3-client
2017-01-22 18:40:34 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-22 18:05:52 ----D---- C:\WINDOWS\system32\DriverStore
2017-01-22 17:00:08 ----D---- C:\Users\ivank\AppData\Roaming\vlc
2017-01-22 15:09:44 ----D---- C:\WINDOWS\WinSxS
2017-01-22 14:39:47 ----D---- C:\Users\ivank\AppData\Roaming\Atlassian
2017-01-22 12:39:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-22 12:38:59 ----D---- C:\WINDOWS\system32\drivers
2017-01-22 12:38:58 ----D---- C:\WINDOWS\system32\catroot2
2017-01-22 12:38:55 ----SD---- C:\ProgramData\Microsoft
2017-01-22 12:36:43 ----HD---- C:\ProgramData
2017-01-22 12:36:38 ----D---- C:\Program Files\Windows NT
2017-01-22 12:36:17 ----D---- C:\WINDOWS\SoftwareDistribution
2017-01-22 12:35:54 ----D---- C:\WINDOWS\Registration
2017-01-22 12:35:47 ----D---- C:\Windows
2017-01-22 12:35:39 ----RSD---- C:\WINDOWS\Fonts
2017-01-22 12:35:39 ----D---- C:\WINDOWS\system32\WinBioDatabase
2017-01-22 12:35:39 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2017-01-22 12:34:45 ----D---- C:\WINDOWS\system32\LogFiles
2017-01-22 12:34:44 ----D---- C:\WINDOWS\system32\Tasks
2017-01-22 12:34:12 ----D---- C:\WINDOWS\system32\drivers\etc
2017-01-22 12:31:29 ----D---- C:\WINDOWS\SYSWOW64\1033
2017-01-22 12:31:29 ----D---- C:\WINDOWS\SysWOW64
2017-01-22 12:31:29 ----D---- C:\WINDOWS\system32\CodeIntegrity
2017-01-22 12:31:29 ----D---- C:\WINDOWS\system32\1033
2017-01-22 12:31:28 ----HD---- C:\WINDOWS\Installer
2017-01-22 12:31:28 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2017-01-22 12:31:28 ----AD---- C:\ProgramData\regid.2008-09.org.wixtoolset
2017-01-22 12:31:28 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-22 12:31:27 ----D---- C:\WINDOWS\Tasks
2017-01-22 12:22:19 ----D---- C:\WINDOWS\SYSWOW64\migration
2017-01-22 12:22:19 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-01-22 12:22:19 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2017-01-22 12:22:19 ----D---- C:\WINDOWS\SYSWOW64\en-US
2017-01-22 12:22:19 ----D---- C:\WINDOWS\SYSWOW64\BestPractices
2017-01-22 12:22:17 ----D---- C:\WINDOWS\system32\MRT
2017-01-22 12:22:17 ----D---- C:\WINDOWS\system32\Macromed
2017-01-22 12:22:17 ----D---- C:\WINDOWS\system32\en-US
2017-01-22 12:22:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2017-01-22 12:22:16 ----D---- C:\WINDOWS\system32\drivers\cs-CZ
2017-01-22 12:22:16 ----D---- C:\WINDOWS\system32\cs-CZ
2017-01-22 12:22:08 ----D---- C:\WINDOWS\system32\appmgmt
2017-01-22 12:22:03 ----RD---- C:\Users
2017-01-22 12:21:58 ----RD---- C:\Program Files (x86)
2017-01-22 12:21:57 ----D---- C:\Program Files\Microsoft
2017-01-22 12:21:57 ----D---- C:\Program Files\Common Files
2017-01-22 12:21:57 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-01-22 12:21:57 ----D---- C:\Program Files (x86)\Common Files
2017-01-22 12:21:57 ----AD---- C:\Program Files\IIS
2017-01-22 12:21:57 ----AD---- C:\Program Files\Common Files\microsoft shared
2017-01-22 12:18:27 ----HD---- C:\WINDOWS\system32\GroupPolicy
2017-01-22 12:18:26 ----D---- C:\WINDOWS\system32\Recovery
2017-01-22 12:16:53 ----D---- C:\WINDOWS\system32\Sysprep
2017-01-22 12:16:25 ----D---- C:\WINDOWS\system32\drivers\UMDF
2017-01-22 12:16:14 ----D---- C:\WINDOWS\Help
2017-01-22 12:12:39 ----D---- C:\WINDOWS\CbsTemp
2017-01-22 12:12:23 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-22 12:12:23 ----D---- C:\WINDOWS\SYSWOW64\oobe
2017-01-22 12:12:23 ----D---- C:\WINDOWS\SYSWOW64\Dism
2017-01-22 12:12:23 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-22 12:12:23 ----D---- C:\WINDOWS\system32\wbem
2017-01-22 12:12:23 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2017-01-22 12:12:23 ----D---- C:\WINDOWS\system32\oobe
2017-01-22 12:12:23 ----D---- C:\WINDOWS\system32\Dism
2017-01-22 12:12:23 ----D---- C:\WINDOWS\system32\Boot
2017-01-22 12:12:23 ----D---- C:\WINDOWS\ShellExperiences
2017-01-22 12:12:23 ----D---- C:\WINDOWS\servicing
2017-01-22 12:12:23 ----D---- C:\WINDOWS\Provisioning
2017-01-22 12:12:23 ----D---- C:\WINDOWS\PolicyDefinitions
2017-01-22 12:12:23 ----D---- C:\WINDOWS\bcastdvr
2017-01-22 12:12:23 ----D---- C:\WINDOWS\AppPatch
2017-01-22 12:12:23 ----D---- C:\Program Files\Internet Explorer
2017-01-22 12:12:23 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-22 12:10:38 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2017-01-22 12:06:33 ----D---- C:\WINDOWS\OCR
2017-01-22 12:05:59 ----SD---- C:\WINDOWS\system32\Microsoft
2017-01-22 12:04:57 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2017-01-22 12:04:57 ----D---- C:\WINDOWS\system32\migration
2017-01-22 12:04:57 ----D---- C:\WINDOWS\system32\drivers\en-US
2017-01-22 12:04:56 ----D---- C:\WINDOWS\SYSWOW64\MUI
2017-01-22 12:04:56 ----D---- C:\WINDOWS\system32\MUI
2017-01-22 12:04:56 ----D---- C:\WINDOWS\schemas
2017-01-22 12:04:54 ----A---- C:\WINDOWS\system32\vmusrv.dll
2017-01-22 12:04:54 ----A---- C:\WINDOWS\system32\vmsynthfcvdev.dll
2017-01-22 12:04:54 ----A---- C:\WINDOWS\system32\vmsmb.dll
2017-01-22 12:04:54 ----A---- C:\WINDOWS\system32\vmserial.dll
2017-01-22 12:04:54 ----A---- C:\WINDOWS\system32\HgsClientWmi.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\SYSWOW64\dpwsockx.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\SYSWOW64\dpmodemx.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\SYSWOW64\dplayx.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\SYSWOW64\dplaysvr.exe
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\vmwp.exe
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\vmtpm.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\vmsynthstor.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\vmsp.exe
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\vmms.exe
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\VmEmulatedStorage.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\TpmEngUM.dll
2017-01-22 12:04:53 ----A---- C:\WINDOWS\system32\CCG.exe
2017-01-22 12:04:52 ----A---- C:\WINDOWS\SYSWOW64\RdvgmProxy.dll
2017-01-22 12:04:52 ----A---- C:\WINDOWS\system32\vmicvdev.dll
2017-01-22 12:04:52 ----A---- C:\WINDOWS\system32\vmconnect.exe
2017-01-22 12:04:52 ----A---- C:\WINDOWS\system32\vmbusvdev.dll
2017-01-22 12:04:52 ----A---- C:\WINDOWS\system32\RdvgmProxy.dll
2017-01-22 12:04:52 ----A---- C:\WINDOWS\system32\HostGuardianServiceClientResources.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnsvr.exe
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnlobby.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnhupnp.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnhpast.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnet.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnathlp.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\SYSWOW64\dpnaddr.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\wnvapi.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\vmuidevices.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\vmsifproxystub.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\vmsif.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\vmchipset.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\virtmgmt.msc
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\sbresources.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\RemoteFileBrowse.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\RdvGpuInfo.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\NetMgmtIF.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\HyperVSysprepProvider.dll
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\ContainerUpdater.exe
2017-01-22 12:04:51 ----A---- C:\WINDOWS\system32\ActivationVdev.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\vmwpctrl.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\vmsynth3dvideo.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\vmprox.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\vmcompute.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\vid.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\synth3dvideoproxy.dll
2017-01-22 12:04:50 ----A---- C:\WINDOWS\system32\rtpm.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\vsconfig.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\vmicrdv.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\VmEmulatedNic.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\vmemulateddevices.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\vmdynmem.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\vmdebug.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\vmbuspiper.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\telnet.exe
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnet.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnathlp.dll
2017-01-22 12:04:49 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2017-01-22 12:04:48 ----A---- C:\WINDOWS\system32\vpcievdev.dll
2017-01-22 12:04:48 ----A---- C:\WINDOWS\system32\VmSynthNic.dll
2017-01-22 12:04:48 ----A---- C:\WINDOWS\system32\gpupvdev.dll
2017-01-22 12:04:48 ----A---- C:\WINDOWS\system32\CCGLaunchPad.dll
2017-01-22 00:31:45 ----SHD---- C:\System Volume Information
2017-01-22 00:31:20 ----SHD---- C:\Boot
2017-01-22 00:25:18 ----HD---- C:\$WINDOWS.~BT
2017-01-21 18:29:17 ----AD---- C:\Program Files (x86)\TeamViewer
2017-01-20 12:41:35 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-01-20 12:41:35 ----AD---- C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-01-20 12:41:35 ----AD---- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-01-20 11:13:43 ----D---- C:\ProgramData\Skype
2017-01-17 19:47:40 ----D---- C:\Users\ivank\AppData\Roaming\TS3Client
2017-01-17 11:56:41 ----D---- C:\Users\ivank\AppData\Roaming\FileZilla
2017-01-13 10:26:59 ----AD---- C:\Program Files (x86)\Microsoft Office
2017-01-12 18:12:22 ----AD---- C:\Users\ivank\AppData\Roaming\Curse Client
2017-01-11 12:46:54 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-05 21:13:26 ----D---- C:\ProgramData\Origin
2017-01-05 21:13:16 ----D---- C:\Users\ivank\AppData\Roaming\Origin
2016-12-25 15:16:14 ----D---- C:\ProgramData\Package Cache
2016-12-25 14:56:38 ----AD---- C:\Program Files (x86)\Microsoft SQL Server
2016-12-25 14:56:14 ----AD---- C:\Program Files\Microsoft SQL Server

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-21 48992]
R0 JRAID;JRAID; C:\WINDOWS\System32\drivers\jraid.sys [2016-01-12 123704]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2016-09-08 40960]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2016-09-08 862648]
R1 cmdhlp;COMODO Internet Security Helper Driver; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2016-09-08 54336]
R1 inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\system32\DRIVERS\inspect.sys [2016-09-08 147304]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-11-21 73568]
R3 LGBusEnum;@oem62.inf,%LGBusEnum.SVCDESC%;Logitech GamePanel Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\LGBusEnum.sys [2016-01-14 22408]
R3 NVHDA;@oem88.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-08-27 240704]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys [2016-08-27 13754936]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 SaiMini;SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [2016-09-19 23968]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2016-09-19 51488]
R3 SensorsSimulatorDriver;@oem6.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-07-16 216064]
R3 ssdevfactory;@oem64.inf,%ssdevfactory.SVCDESC%;SteelSeries Device Factory Service; C:\WINDOWS\System32\drivers\ssdevfactory.sys [2016-09-21 40568]
R3 sshid;@oem91.inf,%sshid.SvcDesc%;SteelSeries HID Service; C:\WINDOWS\System32\drivers\sshid.sys [2017-01-22 45928]
R3 storvsp;storvsp; C:\WINDOWS\System32\drivers\storvsp.sys [2017-01-22 97792]
R3 Synth3dVsp;Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [2017-01-22 103424]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-21 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-11-21 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-11-21 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-11-21 141152]
S3 busenum;SteelBusSvc; C:\WINDOWS\System32\drivers\SteelBus64.sys [2016-01-12 146944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-04-08 122160]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-02-01 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-02-01 47672]
S3 hidkmdf;KMDF Driver; C:\WINDOWS\System32\drivers\hidkmdf.sys [2016-01-12 14016]
S3 HyperVideo;HyperVideo; C:\WINDOWS\system32\DRIVERS\HyperVideo.sys [2016-07-16 25088]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 ivusb;Initio Driver for USB Default Controller; C:\WINDOWS\System32\drivers\ivusb.sys [2016-02-10 29720]
S3 LADF_CaptureOnly;LADF Capture Filter Driver; C:\WINDOWS\system32\DRIVERS\ladfGSCamd64.sys [2016-01-14 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver; C:\WINDOWS\system32\DRIVERS\ladfGSRamd64.sys [2016-01-14 341832]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS); C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [2016-01-12 68384]
S3 lgLowAudio;Logitech USB Filter Driver (LGS); C:\WINDOWS\system32\drivers\lgLowAudio.sys [2016-01-12 26264]
S3 lunparser;@%systemroot%\system32\drivers\lunparser.sys,-10010; C:\WINDOWS\system32\drivers\lunparser.sys [2017-01-22 22528]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-11-21 179040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2016-11-21 113152]
S3 passthruparser;@%systemroot%\system32\drivers\passthruparser.sys,-10010; C:\WINDOWS\system32\drivers\passthruparser.sys [2017-01-22 24576]
S3 pcip;@wpcip.inf,%pcip.SVCDESC%;PCI Proxy driver; C:\WINDOWS\System32\drivers\pcip.sys [2017-01-22 46592]
S3 pvhdparser;@%systemroot%\system32\drivers\pvhdparser.sys,-10010; C:\WINDOWS\system32\drivers\pvhdparser.sys [2017-01-22 50176]
S3 ramparser;@%systemroot%\system32\drivers\ramparser.sys,-10010; C:\WINDOWS\system32\drivers\ramparser.sys [2017-01-22 30720]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-04-08 214832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-10-25 744640]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-09-26 2207960]
R2 AVerRECentral;AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [2016-05-24 1933000]
R2 Bonjour Service;Xamarin Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [2016-08-29 394752]
R2 CDPUserSvc_9e99b0b;CDPUserSvc_9e99b0b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-01-13 3699904]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2016-10-31 5817256]
R2 ChromodoUpdater;COMODO Chromodo Update Service; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2016-10-06 2273424]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc); C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-01-12 22744]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-08-01 1365048]
R2 OneSyncSvc_9e99b0b;Hostitel synchronizace_9e99b0b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 Origin Web Helper Service;Origin Web Helper Service; J:\Program Files\Origin\OriginWebHelperService.exe [2017-01-05 2180624]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2016-08-29 131776]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2016-04-08 743688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-09-19 426040]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-10-03 7500048]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
R3 PimIndexMaintenanceSvc_9e99b0b;Data kontaktů_9e99b0b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-01-20 1464096]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2016-10-31 2271928]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2016-01-12 142336]
S3 hns;@%systemroot%\system32\HostNetSvc.dll,-100; %systemroot%\system32\svchost.exe -k NetSvcs;"ServiceDll"=%SystemRoot%\System32\HostNetSvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_9e99b0b;Služba zasílání zpráv_9e99b0b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 Origin Client Service;Origin Client Service; J:\Program Files\Origin\OriginClientService.exe [2017-01-05 2119688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-01-13 209096]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-21 2889896]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2016-01-12 119808]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2017-01-22 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Podezření na keylogger (log rozdělený do 2 příspěvků)

#3 Příspěvek od Roli »

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Spusť skener Cure It

po skončení skenu mi sem nakopíruj výsledky - stačí konec logu se souhrnem.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

ivankrato
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 77
Registrován: 13 bře 2009 14:08

Re: Podezření na keylogger (log rozdělený do 2 příspěvků)

#4 Příspěvek od ivankrato »

# AdwCleaner v6.042 - Log vytvořen 23/01/2017 v 17:45:31
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-23.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : ivank - DESKTOP-1P6P1P2
# Spuštěno z : C:\Users\ivank\Downloads\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Prohlížeče ] *****

[-] [C:\Users\ivank\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Smazáno: trikanoid.en.softonic.com


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1333 Bajty] - [23/01/2017 17:45:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1746 Bajty] - [23/01/2017 17:44:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1479 Bajty] ##########

Cure It jsem spustil, ale sken trval pouze 5 minut, tak nevím, jestli něco dělám špatně. Nicméně zde je log:

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

C:\WINDOWS\system32\drivers\etc\hosts - cured

Total 10508797983 bytes in 33753 files scanned (43481 objects)
Total 33728 files (43442 objects) are clean
Total 1 file are suspicious
Total 1 file are neutralized
Total 38 files are raised error condition
Scan time is 00:05:39.731

Koukám, že akorát smazal moje záznamy v hosts :cry: - ale to není takový problém.

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Podezření na keylogger (log rozdělený do 2 příspěvků)

#5 Příspěvek od Roli »

ivankrato píše:Cure It jsem spustil, ale sken trval pouze 5 minut, tak nevím, jestli něco dělám špatně.
Když tak ZDE máme návod, ale myslím že to máš správně.
ivankrato píše:Koukám, že akorát smazal moje záznamy v hosts :cry: - ale to není takový problém.
Tak to mě mrzí.

Jinak by mělo být čisto :)
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

ivankrato
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 77
Registrován: 13 bře 2009 14:08

Re: Podezření na keylogger (log rozdělený do 2 příspěvků)

#6 Příspěvek od ivankrato »

Díky moc :) :closed:

Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: Podezření na keylogger (log rozdělený do 2 příspěvků)

#7 Příspěvek od Roli »

Není zač a :closed:
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:

Zamčeno