prosim o preventivni kontrolu

Zpráva

Tintin · #1 Příspěvek od **Tintin** » 09 říj 2017 22:50

Logfile of random's system information tool 1.16 (written by random/random)
Run by TOM at 2017-10-09 23:45:32
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 117 GB (52%) free of 223 GB
Total RAM: 8101 MB (51% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:45:37, on 9.10.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18792)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
C:\Program Files\trend micro\TOM_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TEJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [DTS Studio Sound] "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-402 403 405 406 Series"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\TOM\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [XperiaCompanionAgent] "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\windows\system32\DbxSvc.exe (file missing)
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\windows\system32\EscSvc64.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Biometric and Context Agent Service (IntelBCAsvc) - Intel(R) Corporation - C:\Program Files\Intel\BCA\pabeSvc64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: postgresql-x64-9.3 - PostgreSQL Server 9.3 (postgresql-x64-9.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Služba Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 16318 bytes

====== Enumerating Processes ======

C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a6f19ab9-a3b1-4a4a-9b15-164e47612f05 -SystemEventPortName:HostProcess-d366bc62-d6b3-4dd9-a9a8-dd59b2a44c31 -IoCancelEventPortName:HostProcess-78a6a75b-2fda-4e39-ae77-c246ebf77a50 -NonStateChangingEventPortName:HostProcess-86427517-06a8-4ded-af6a-fba53c09f557 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c5e8e3da-2766-47ae-a701-3181dc485b45 -DeviceGroupId:
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 3255440
\??\C:\windows\system32\conhost.exe "430360881-4813429981475065371-1872899822756937902974073542-7450227761135223367
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe"
"C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe" EXPRESS
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files\Intel\BCA\pabeSvc64.exe"
C:\windows\SysWOW64\irstrtsv.exe
"C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\PostgreSQL\9.3\bin\postgres.exe" -D "C:/Program Files/PostgreSQL/9.3/data"
C:\Windows\system32\TODDSrv.exe
\??\C:\windows\system32\conhost.exe "-579357658678185441-17905753981622017759320578829-11980130991872740912-1210679090
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe"
"C:\Program Files\TrueKey\McTkSchedulerService.exe"
C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
C:\windows\system32\valWBFPolicyService.exe
"C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\DbxSvc.exe
C:\windows\TEMP\AdAppMgrUpdater.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\taskhost.exe
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\windows\TEMP\irstrtsv\scrncap.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Apoint2K\Apoint.exe"
"C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe" /start
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe"
"C:\windows\system32\igfxsrvc.exe" -Embedding
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Program Files\SmartTechnology\Software\ProfilerU.exe"
"C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe"
"C:\Program Files\SmartTechnology\Software\SaiMfd.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE" /EPT "EPLTarget\P0000000000000000" /M "XP-402 403 405 406 Series"
"C:\Program Files\Apoint2K\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
"C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe"
"C:\Program Files\Apoint2K\HidFind.exe"
C:\Program Files\Apoint2K\Apntex.exe
"C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE" /tsr
\??\C:\windows\system32\conhost.exe "14814821871997077056-276535982084267071249433766700944103-1975989169201228822
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --database=C:\Users\TOM\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-win-36.4.22 --annotation=client_session_id=29cf7644-a927-4702-91e2-e23e20ce3862 --annotation=host_int_account1_boot=5262503004 --annotation=machine_id=3d9ff7cc-1cbc-41ad-86eb-55e6e5e6db9e --annotation=platform=win --annotation=platform_version=7 --initial-client-data=0xbc,0xcc,0xd0,0xc8,0xd4,0x5da25810,0x5da25820,0x5da25830
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:29cf7644-a927-4702-91e2-e23e20ce3862 -target-handle:200 -target-shutdown-event:212 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -method:collectupload -handler-pipe:\\.\pipe\crashpad_8936_NVNAVWTWQQJHROQL
"C:\Program Files\TOSHIBA\TECO\TecoHook.exe"
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe" --approot=SOFTWARE\Autodesk --appAgent=/AUTODESKDESKTOPAPP/6.2.0.174/cs-CZ/0001 --lang=cs-CZ --cache-path="C:\Users\TOM\AppData\Local\Autodesk\Autodesk Desktop App\BrowserCache" --peerPid=4480
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe" -Embedding
"C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe"
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe" --type=gpu-process --channel="8100.0.1486253414\1200224068" --no-sandbox --lang=cs-CZ --log-severity=disable --peerpid=4480 --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,27 --gpu-vendor-id=0x8086 --gpu-device-id=0x0a16 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.18.10.3293 --lang=cs-CZ --log-severity=disable --peerpid=4480 /prefetch:822062411
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe"
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
"C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe" --type=renderer --no-sandbox --lang=en-US --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --lang=cs-CZ --log-severity=disable --peerpid=4480 --enable-software-compositing --channel="8100.1.892853352\612582204" /prefetch:673131151
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\windows\system32\wuauclt.exe"
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe" "C:\Users\TOM\Desktop\Doc Tab.pdf"
C:\windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
"C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE" -Embedding
"C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE" /dde
C:\windows\splwow64.exe 8192
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-26521b85-a4e7-4685-802d-b29c3fcd5c4b -SystemEventPortName:HostProcess-5d7c96f0-29dd-4527-9215-e857725e505c -IoCancelEventPortName:HostProcess-9dac541d-de66-44c4-b1fd-cae2228ddeb9 -NonStateChangingEventPortName:HostProcess-11721eb7-40ed-4a60-9847-4445ad6bbc83 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ac90942e-b005-41e6-a1cc-f73952a06ddb -DeviceGroupId:
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe30_ Global\UsGthrCtrlFltPipeMssGthrPipe30 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\TOM\Downloads\RSITx64.exe"
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

====== Scheduled tasks folder ======

C:\windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\windows\tasks\TrackerAutoUpdate.job - C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
C:\windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\windows\system32\tasks\DropboxUpdateTaskMachineCore - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\windows\system32\tasks\DropboxUpdateTaskMachineUA - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\windows\system32\tasks\GarminUpdaterTask - C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
C:\windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\system32\tasks\klcp_update - "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\windows\system32\tasks\McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
C:\windows\system32\tasks\OneDrive Standalone Update Task-S-1-5-21-2316920125-2615241526-2178040063-1000 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\windows\system32\tasks\TrackerAutoUpdate - C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
C:\windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2316920125-2615241526-2178040063-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2316920125-2615241526-2178040063-1002 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\windows\System32\lpksetup.exe -v
C:\windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\windows\System32\mcbuilder.exe
C:\windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService

=========Mozilla firefox=========

ProfilePath - C:\Users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\cft62gum.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.130 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@dymo.com/DymoLabelFramework]
"Description"=DYMO Label Framework Plugin
"Path"=C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.130 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

C:\Program Files\Mozilla Firefox\plugins\
npPDFXCviewNPPlugin.dll

C:\Users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\cft62gum.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Google Translator for Firefox - extension - translator@zoli.bod

C:\Users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\cft62gum.default\extensions.json
Google Translator for Firefox - extension - translator@zoli.bod -
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -
Application Update Service Helper - extension - aushelper@mozilla.org -
Multi-process staged rollout - extension - e10srollout@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Firefox Screenshots - extension - screenshots@mozilla.org -
Web Compat - extension - webcompat@mozilla.org -
Click-to-Play staged rollout - extension - clicktoplay-rollout@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -

C:\Users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\cft62gum.default\pluginreg.dat
Plugin - Shockwave Flash - 27.0.0.130 - C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll

=========Google Chrome=========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iniieblifogecdlkejbmonblijmdaiog]
"Path"=C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx

======Registry dump ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={8831F54E-C0E1-4CC5-9B4E-BA2D80EA2C51}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8831F54E-C0E1-4CC5-9B4E-BA2D80EA2C51}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=TEJB;

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={8831F54E-C0E1-4CC5-9B4E-BA2D80EA2C51}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{8831F54E-C0E1-4CC5-9B4E-BA2D80EA2C51}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=TEJB;

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9}]
TOSHIBA Fingerprint Utility Web Site Passwords - C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26 87904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-15 229072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14 896288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9}]
TOSHIBA Fingerprint Utility Web Site Passwords - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26 76640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09 996080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14 720160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09 996080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-11-26 165872]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-11-26 407536]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-11-26 444400]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-13 13653208]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2013-11-14 381784]
"TFPUService"=C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [2013-08-26 230752]
"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2013-05-20 996192]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2012-03-02 595840]
"BatteryManager"=C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [2013-11-05 287104]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2013-11-25 1604168]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2013-08-21 711040]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2013-04-16 1500240]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720]
"Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2014-01-10 150992]
"ProfilerU"=C:\Program Files\SmartTechnology\Software\ProfilerU.exe [2015-10-01 454144]
"SaiMfd"=C:\Program Files\SmartTechnology\Software\SaiMfd.exe [2015-10-01 157696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2017-01-19 176440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"=C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [2012-02-29 283232]
"Spotify Web Helper"=C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [2014-01-10 1199576]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2017-03-28 1421736]
"DymoQuickPrint"=C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [2014-03-20 1867056]
"OneDrive"=C:\Users\TOM\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-10-02 1686736]
"XperiaCompanionAgent"=C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2016-12-22 2088832]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20 9856176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify Hotspot]
C:\Program Files (x86)\Connectify\Connectify.exe autorun []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-04-26 292848]
"ITSecMng"=C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2011-04-01 80840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816]
"DTS Studio Sound"=C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [2013-10-04 1500992]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-10-03 3481912]
"Autodesk Desktop App"=C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [2016-07-01 721856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

====== List of files/folders created in the last 1 month ======

2017-10-09 23:45:32 ----D---- C:\rsit
2017-10-09 23:45:32 ----D---- C:\Program Files\trend micro
2017-10-06 22:34:35 ----D---- C:\windows\rescache
2017-10-06 16:02:51 ----D---- C:\Program Files\CCleaner
2017-10-03 12:21:10 ----A---- C:\windows\system32\drivers\dbx-stable.sys
2017-10-03 12:21:10 ----A---- C:\windows\system32\drivers\dbx-dev.sys
2017-10-03 12:21:10 ----A---- C:\windows\system32\drivers\dbx-canary.sys
2017-10-03 12:21:10 ----A---- C:\windows\system32\DbxSvc.exe
2017-09-24 21:27:22 ----A---- C:\windows\system32\mshtml.dll
2017-09-24 21:27:21 ----A---- C:\windows\SYSWOW64\mshtml.dll
2017-09-24 21:27:21 ----A---- C:\windows\system32\ieframe.dll
2017-09-24 21:27:20 ----A---- C:\windows\SYSWOW64\ieframe.dll
2017-09-24 21:27:20 ----A---- C:\windows\system32\jscript9.dll
2017-09-24 21:27:19 ----A---- C:\windows\SYSWOW64\wininet.dll
2017-09-24 21:27:19 ----A---- C:\windows\SYSWOW64\jscript9.dll
2017-09-24 21:27:19 ----A---- C:\windows\SYSWOW64\iertutil.dll
2017-09-24 21:27:19 ----A---- C:\windows\SYSWOW64\DXPTaskRingtone.dll
2017-09-24 21:27:19 ----A---- C:\windows\system32\wininet.dll
2017-09-24 21:27:19 ----A---- C:\windows\system32\win32k.sys
2017-09-24 21:27:19 ----A---- C:\windows\system32\shell32.dll
2017-09-24 21:27:19 ----A---- C:\windows\system32\mmcndmgr.dll
2017-09-24 21:27:19 ----A---- C:\windows\system32\iertutil.dll
2017-09-24 21:27:19 ----A---- C:\windows\system32\DXPTaskRingtone.dll
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\vbscript.dll
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\urlmon.dll
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\shell32.dll
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2017-09-24 21:27:18 ----A---- C:\windows\SYSWOW64\mmcndmgr.dll
2017-09-24 21:27:18 ----A---- C:\windows\system32\urlmon.dll
2017-09-24 21:27:18 ----A---- C:\windows\system32\ntoskrnl.exe
2017-09-24 21:27:18 ----A---- C:\windows\system32\msfeeds.dll
2017-09-24 21:27:18 ----A---- C:\windows\system32\mmc.exe
2017-09-24 21:27:18 ----A---- C:\windows\system32\localspl.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\Wldap32.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\win32spl.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\usp10.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\ntprint.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\ntdll.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\mmc.exe
2017-09-24 21:27:17 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\Wldap32.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\win32spl.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\webcheck.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\usp10.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\ntprint.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\ntdll.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\nsisvc.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2017-09-24 21:27:17 ----A---- C:\windows\system32\mmcshext.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\mmcbase.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\iedkcs32.dll
2017-09-24 21:27:17 ----A---- C:\windows\system32\ie4uinit.exe
2017-09-24 21:27:17 ----A---- C:\windows\system32\drivers\srvnet.sys
2017-09-24 21:27:17 ----A---- C:\windows\system32\drivers\nsiproxy.sys
2017-09-24 21:27:17 ----A---- C:\windows\system32\drivers\netbt.sys
2017-09-24 21:27:17 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2017-09-24 21:27:17 ----A---- C:\windows\system32\drivers\ksecdd.sys
2017-09-24 21:27:17 ----A---- C:\windows\system32\cic.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\winnsi.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\webcheck.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\shdocvw.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\occache.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\nsi.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\msrating.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\mmcshext.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\mmcbase.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\inseng.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\ieui.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\iesetup.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\iernonce.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\cic.dll
2017-09-24 21:27:16 ----A---- C:\windows\SYSWOW64\certcli.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\winnsi.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\shdocvw.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\occache.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\nsi.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\msrating.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\mshtmlmedia.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\mshtmled.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\jsproxy.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\jscript9diag.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\inseng.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\ieUnatt.exe
2017-09-24 21:27:16 ----A---- C:\windows\system32\ieui.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\iesetup.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\iernonce.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\ieetwproxystub.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\ieetwcollector.exe
2017-09-24 21:27:16 ----A---- C:\windows\system32\dxtrans.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\dxtmsft.dll
2017-09-24 21:27:16 ----A---- C:\windows\system32\certcli.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\sspicli.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\ole32.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\ntprint.exe
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\netbtugc.exe
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\kerberos.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\jscript.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2017-09-24 21:27:15 ----A---- C:\windows\SYSWOW64\advapi32.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\wow64win.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\wow64.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\winsrv.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\wdigest.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\vbscript.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\TSpkg.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\sspicli.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\srcore.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\smss.exe
2017-09-24 21:27:15 ----A---- C:\windows\system32\schannel.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\rpcss.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\rpcrt4.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\ole32.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\ntprint.exe
2017-09-24 21:27:15 ----A---- C:\windows\system32\netbtugc.exe
2017-09-24 21:27:15 ----A---- C:\windows\system32\ncrypt.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\msv1_0.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\MshtmlDac.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\lsasrv.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\KernelBase.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\kernel32.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\kerberos.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\jscript.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\inetpp.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\ieapfltr.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\ExplorerFrame.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\drivers\srv2.sys
2017-09-24 21:27:15 ----A---- C:\windows\system32\drivers\srv.sys
2017-09-24 21:27:15 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2017-09-24 21:27:15 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2017-09-24 21:27:15 ----A---- C:\windows\system32\conhost.exe
2017-09-24 21:27:15 ----A---- C:\windows\system32\bcrypt.dll
2017-09-24 21:27:15 ----A---- C:\windows\system32\advapi32.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-24 21:27:14 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\wow32.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\wdigest.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\user.exe
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\srclient.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\schannel.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\setup16.exe
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\secur32.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\rpchttp.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\kernel32.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\instnm.exe
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\ExplorerFrame.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\cryptbase.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\credssp.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\comcat.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\bcrypt.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\auditpol.exe
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\appidapi.dll
2017-09-24 21:27:14 ----A---- C:\windows\SYSWOW64\apisetschema.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\wpnpinst.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\wow64cpu.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\sspisrv.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\srclient.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\setbcdlocale.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\secur32.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\rstrui.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\rpchttp.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\PrintBrmUi.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\ntvdm64.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\lsass.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\inetppui.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\ieetwcollectorres.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2017-09-24 21:27:14 ----A---- C:\windows\system32\drivers\appid.sys
2017-09-24 21:27:14 ----A---- C:\windows\system32\csrsrv.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\cryptbase.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\credssp.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\comcat.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\auditpol.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\appidsvc.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\appidpolicyconverter.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\appidcertstorecheck.exe
2017-09-24 21:27:14 ----A---- C:\windows\system32\appidapi.dll
2017-09-24 21:27:14 ----A---- C:\windows\system32\apisetschema.dll
2017-09-24 21:27:13 ----A---- C:\windows\SYSWOW64\oleres.dll
2017-09-24 21:27:13 ----A---- C:\windows\SYSWOW64\msobjs.dll
2017-09-24 21:27:13 ----A---- C:\windows\SYSWOW64\msaudite.dll
2017-09-24 21:27:13 ----A---- C:\windows\SYSWOW64\adtschema.dll
2017-09-24 21:27:13 ----A---- C:\windows\system32\oleres.dll
2017-09-24 21:27:13 ----A---- C:\windows\system32\msobjs.dll
2017-09-24 21:27:13 ----A---- C:\windows\system32\msaudite.dll
2017-09-24 21:27:13 ----A---- C:\windows\system32\adtschema.dll
2017-09-15 14:51:05 ----A---- C:\windows\SYSWOW64\FlashPlayerInstaller.exe

====== List of files/folders modified in the last 1 month ======

2017-10-09 23:45:37 ----D---- C:\windows\Prefetch
2017-10-09 23:45:33 ----D---- C:\windows\Temp
2017-10-09 23:45:32 ----RD---- C:\Program Files
2017-10-09 12:26:21 ----D---- C:\windows\system32\config
2017-10-06 22:34:41 ----SHD---- C:\System Volume Information
2017-10-06 22:34:35 ----AD---- C:\Windows
2017-10-06 22:16:55 ----D---- C:\windows\Microsoft.NET
2017-10-06 20:54:30 ----D---- C:\windows\system32\drivers
2017-10-06 20:54:30 ----D---- C:\Program Files (x86)\Dropbox
2017-10-06 20:54:30 ----AD---- C:\windows\System32
2017-10-06 20:13:15 ----RSD---- C:\windows\assembly
2017-10-06 19:11:57 ----D---- C:\Program Files\Mozilla Firefox
2017-10-06 16:52:40 ----SHD---- C:\windows\Installer
2017-10-06 16:52:40 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-10-06 16:51:33 ----D---- C:\windows\inf
2017-10-06 16:51:22 ----D---- C:\Program Files\Microsoft Office 15
2017-10-06 16:38:11 ----A---- C:\windows\system32\PerfStringBackup.INI
2017-10-06 16:34:04 ----HD---- C:\ProgramData
2017-10-06 16:33:36 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-06 16:29:51 ----D---- C:\Program Files (x86)\Autodesk
2017-10-06 16:27:56 ----D---- C:\ProgramData\Autodesk
2017-10-06 16:27:51 ----D---- C:\Program Files\Common Files\Autodesk Shared
2017-10-06 16:27:39 ----RSD---- C:\windows\Fonts
2017-10-06 16:27:39 ----D---- C:\Users\TOM\AppData\Roaming\Autodesk
2017-10-06 16:27:33 ----D---- C:\windows\Downloaded Program Files
2017-10-06 16:08:00 ----RD---- C:\Program Files (x86)
2017-10-06 16:04:53 ----D---- C:\windows\Panther
2017-10-06 16:04:53 ----D---- C:\windows\Minidump
2017-10-06 16:04:53 ----D---- C:\windows\Logs
2017-10-06 16:04:53 ----D---- C:\windows\debug
2017-10-06 16:02:52 ----D---- C:\windows\system32\Tasks
2017-10-06 16:02:51 ----D---- C:\Program Files (x86)\Google
2017-10-06 15:18:29 ----D---- C:\windows\winsxs
2017-10-06 08:55:46 ----D---- C:\windows\SYSWOW64\sk-SK
2017-10-06 08:55:46 ----D---- C:\windows\SYSWOW64\pl-PL
2017-10-06 08:55:46 ----D---- C:\windows\SYSWOW64\hu-HU
2017-10-06 08:55:46 ----D---- C:\windows\SYSWOW64\en-US
2017-10-06 08:55:46 ----D---- C:\windows\SYSWOW64\el-GR
2017-10-06 08:55:46 ----D---- C:\windows\SYSWOW64\cs-CZ
2017-10-06 08:55:46 ----D---- C:\windows\SysWOW64
2017-10-06 08:55:46 ----D---- C:\Program Files\Internet Explorer
2017-10-06 08:55:46 ----D---- C:\Program Files (x86)\Internet Explorer
2017-10-06 08:55:45 ----D---- C:\windows\system32\sk-SK
2017-10-06 08:55:45 ----D---- C:\windows\system32\pl-PL
2017-10-06 08:55:45 ----D---- C:\windows\system32\hu-HU
2017-10-06 08:55:45 ----D---- C:\windows\system32\en-US
2017-10-06 08:55:45 ----D---- C:\windows\system32\el-GR
2017-10-06 08:55:45 ----D---- C:\windows\system32\cs-CZ
2017-10-06 08:55:45 ----D---- C:\windows\system32\Boot
2017-10-06 08:55:45 ----D---- C:\windows\AppPatch
2017-10-06 08:30:07 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2017-09-18 18:29:03 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2017-09-18 18:29:01 ----D---- C:\windows\system32\Macromed
2017-09-18 18:28:36 ----D---- C:\windows\SYSWOW64\Macromed
2017-09-18 18:23:18 ----D---- C:\windows\system32\catroot2

File C:\windows\system32\winlogon.exe is digitally signed
File C:\windows\system32\wininit.exe is digitally signed
File C:\windows\explorer.exe is digitally signed
File C:\windows\SysWOW64\explorer.exe is digitally signed
File C:\windows\system32\svchost.exe is digitally signed
File C:\windows\SysWOW64\svchost.exe is digitally signed
File C:\windows\system32\services.exe is digitally signed
File C:\windows\system32\User32.dll is digitally signed
File C:\windows\SysWOW64\User32.dll is digitally signed
File C:\windows\system32\userinit.exe is digitally signed
File C:\windows\SysWOW64\userinit.exe is digitally signed
File C:\windows\system32\rpcss.dll is digitally signed
File C:\windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2016-12-04 84616]
R0 iaStorA;iaStorA; C:\windows\system32\DRIVERS\iaStorA.sys [2013-07-30 666984]
R0 iaStorF;iaStorF; C:\windows\system32\DRIVERS\iaStorF.sys [2013-07-30 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hcs.sys [2013-04-26 20464]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2011-05-23 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ.SYS [2009-07-14 26840]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2016-12-04 262792]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2016-12-04 197248]
R1 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2016-12-04 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\windows\system32\DRIVERS\EpfwLWF.sys [2016-12-04 61568]
R1 Tosrfcom;Bluetooth RFCOMM; C:\windows\System32\Drivers\tosrfcom.sys [2012-06-12 83032]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 config;config; C:\windows\system32\DRIVERS\ibtfudrv.sys [2013-07-01 70088]
R2 ekbdflt;ekbdflt; C:\windows\system32\DRIVERS\ekbdflt.sys [2016-12-04 153216]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2013-06-07 16696]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\windows\system32\DRIVERS\Apfiltr.sys [2013-10-17 497968]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\windows\system32\DRIVERS\e1d62x64.sys [2013-05-30 495376]
R3 guardian2;guardian2; C:\windows\System32\Drivers\oz776x64.sys [2013-01-11 87696]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2013-09-03 4445536]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-09-16 3662424]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver; C:\windows\system32\DRIVERS\irstrtdv.sys [2013-10-15 20192]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 786416]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NETwNs64;___ Ovladač adaptéru Intel(R) Wireless pro systém Windows 7 64 Bit; C:\windows\system32\DRIVERS\NETwsw02.sys [2013-10-14 3599840]
R3 RTSPER;Realtek PCIE Card Reader - PER; C:\windows\system32\DRIVERS\RtsPer.sys [2013-06-06 411208]
R3 SaiMini;SaiMini; C:\windows\system32\DRIVERS\SaiMini.sys [2015-12-09 23968]
R3 SaiNtBus;SaiNtBus; C:\windows\system32\drivers\SaiBus.sys [2015-12-09 51488]
R3 tosporte;Bluetooth COM Port; C:\windows\system32\DRIVERS\tosporte.sys [2012-07-27 55288]
R3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2013-11-16 306320]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]
R3 Tosrfhid;Bluetooth RFHID; C:\windows\system32\DRIVERS\Tosrfhid.sys [2012-08-01 95088]
R3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2013-07-09 94008]
R3 TPM;Čip TPM; C:\windows\system32\drivers\tpm.sys [2016-02-05 147904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 dbx;dbx; C:\windows\system32\DRIVERS\dbx.sys []
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2016-03-16 108352]
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys [2016-03-16 95168]
S3 ggflt;SOMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2016-10-24 16088]
S3 ggsomc;SOMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsomc.sys [2016-10-24 30424]
S3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2013-09-03 452088]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\windows\system32\DRIVERS\netaapl64.sys [2016-03-28 23040]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\windows\system32\DRIVERS\silabenm.sys [2014-04-11 23552]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\windows\system32\DRIVERS\silabser.sys [2014-04-11 79360]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 TosRfSnd;Bluetooth Audio; C:\windows\system32\drivers\tosrfsnd.sys [2012-05-10 69568]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2016-03-28 54784]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AdAppMgrSvc;Autodesk Desktop App Service; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2016-07-01 1295376]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2017-07-18 3059440]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
R2 DbxSvc;DbxSvc; C:\windows\system32\DbxSvc.exe [2017-10-03 51016]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 dts_apo_service;DTS APO Service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-10-04 19792]
R2 DymoPnpService;DYMO PnP Service; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2014-03-20 33072]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-12-04 2771848]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-10-11 631024]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2017-03-28 1099280]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-09-16 131544]
R2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service; C:\Program Files\Intel\BCA\pabeSvc64.exe [2016-07-28 3036312]
R2 irstrtsv;Intel(R) Rapid Start Technology Service; C:\windows\SysWOW64\irstrtsv.exe [2013-10-15 784288]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 postgresql-x64-9.3;postgresql-x64-9.3 - PostgreSQL Server 9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [2015-07-13 90624]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-10-11 154864]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2012-09-24 589224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2013-09-12 356192]
R2 TrueKey;Intel Security True Key; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2016-08-08 920616]
R2 TrueKeyScheduler;Intel Security True Key Scheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-08-08 16248]
R2 valWBFPolicyService;Validity WBF Policy Service; C:\windows\system32\valWBFPolicyService.exe [2013-08-27 33280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-01-19 651576]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2012-07-26 179168]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2013-08-21 138624]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2013-05-28 786272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-25 143144]
S2 EpsonScanSvc;Epson Scanner Service; C:\windows\system32\EscSvc64.exe [2011-12-12 135824]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-18 272384]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2013-11-26 279024]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-25 143144]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2016-02-19 1357104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2017-08-13 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-10-06 194000]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-10-11 284912]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-01 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-02-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2016-08-08 86864]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2016-02-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

#2 Příspěvek od **JaRon** » 10 říj 2017 11:16

ahoj,
preventivne doporucujem - citat:
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Tintin · #3 Příspěvek od **Tintin** » 10 říj 2017 11:44

Ahoj...

Tady pozadovany log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by TOM (Administrator) on Łt 10.10.2017 at 12:37:02,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 17

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71FXFUYD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9QWW4A8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4SHT0RV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNVNLI70 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71FXFUYD (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9QWW4A8 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4SHT0RV (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNVNLI70 (Temporary Internet Files Folder)

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8831F54E-C0E1-4CC5-9B4E-BA2D80EA2C51} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 10.10.2017 at 12:37:58,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4 Příspěvek od **JaRon** » 10 říj 2017 12:06

OK, ak nie su problemy, tak hotovo

Tintin · #5 Příspěvek od **Tintin** » 10 říj 2017 13:21

super dik...
jeden malý problem tu mam, snazim se uklidit a v knihovny/obrazky mam dve slozky s fokama, ktere at delam co delam nejdou odstranit ani prejmenovat...
pruzkumnik hlasi nebyla nalezena neni mozne vyhledat atp..
TC odstranil soubory ale slozku taky ne

Itunes zase odmita synchronizovat fotky z telefonu...

#6 Příspěvek od **JaRon** » 10 říj 2017 13:56

adresar mozes zmazat avengerom
potom vycisti registre CCleanerom
a ak bude po restarte problem s iTunes, tak ho preinstaluj

Tintin · #7 Příspěvek od **Tintin** » 10 říj 2017 22:39

ahoj...

nedari se mi to...

zadam skript:

Folders to delete:
c:\Users\TOM\Desktop\bububu...

win startuje o neco dele nez normalne a pak avenger zdeli:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7601, Service Pack 1)
Tue Oct 10 21:56:37 2017

21:52:03: Warning: Trying to solve a NULL hostname: giving up
21:52:06: Error: Could not open input stream to URL:
http:// (error 6: neplatný popisova?.)

//////////////////////////////////////////

#8 Příspěvek od **JaRon** » 11 říj 2017 06:11

hm, netusim, davno som avenger nepouzil, no vzdy zmazal co mal ,,,
skus v núdzovom rezime PC zmazat cez TC

VIRY.CZ

prosim o preventivni kontrolu

prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu

Re: prosim o preventivni kontrolu