Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

je tam keylogger? klidně aj přejmenován start po startu..?

Moderátoři: Rudy, Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
originpoison
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 úno 2019 14:43

je tam keylogger? klidně aj přejmenován start po startu..?

#1 Příspěvek od originpoison »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Uživatel at 2019-03-13 14:25:40
Microsoft Windows 10 Home
System drive C: has 259 GB (54%) free of 476 GB
Total RAM: 3979 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:25:53, on 13.03.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Global Startup: NonSteam.bat
O4 - Global Startup: update.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service queencreek (ESRV_SVC_QUEENCREEK) - Unknown owner - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) SUR QC Software Asset Manager (Intel(R) SUR QC SAM) - Intel Corporation - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK (SystemUsageReportSvc_QUEENCREEK) - Unknown owner - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: User Energy Server Service queencreek (USER_ESRV_SVC_QUEENCREEK) - Unknown owner - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 10209 bytes

======Listing Processes======








winlogon.exe

C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS

C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s WebClient
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"

"C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
"C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s
dashost.exe {2025b958-8670-4072-aea13bdb5155040c}
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost

c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"ctfmon.exe"
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe" "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService -p
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" "--start" "--start_options_handle" "824"
"C:\Program Files\rempl\sedsvc.exe"

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19011.19410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
c:\windows\system32\svchost.exe -k localservice -s W32Time
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
C:\WINDOWS\system32\AUDIODG.EXE 0x570
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s XblAuthManager

C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=72.0.3626.121 --initial-client-data=0x1d4,0x1d8,0x1dc,0x1d0,0x1e0,0x7ffdd9b65510,0x7ffdd9b65520,0x7ffdd9b65530
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=10488 --on-initialized-event-handle=676 --parent-handle=680 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,13110128550188768323,3999155579319156449,131072 --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7106730666378187934 --mojo-platform-channel-handle=1668 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1524,13110128550188768323,3999155579319156449,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=8018029984199469699 --mojo-platform-channel-handle=2028 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,13110128550188768323,3999155579319156449,131072 --service-pipe-token=9765060808326575588 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9765060808326575588 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,13110128550188768323,3999155579319156449,131072 --service-pipe-token=1981034501109374345 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1981034501109374345 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,13110128550188768323,3999155579319156449,131072 --service-pipe-token=2414872462157885847 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2414872462157885847 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,13110128550188768323,3999155579319156449,131072 --service-pipe-token=10120070858237630651 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10120070858237630651 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 792 820 828 8192 824
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXemn3t55segp7q92mwd35v2a5rk5mvwyz.mca

C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Uživatel\Downloads\RSITx64 (2).exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-04 3944136]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2019-02-04 446400]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2019-03-02 1507144]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2018-10-19 731240]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"DSATray"=C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [2018-05-03 135928]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2019-02-11 5890504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NonSteam.bat
update.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2019-03-13 08:22:36 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2019-03-13 07:11:20 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-13 07:11:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-13 07:11:14 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-03-13 07:11:09 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-03-13 07:11:07 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2019-03-13 07:10:57 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2019-03-13 07:10:57 ----A---- C:\WINDOWS\system32\wininet.dll
2019-03-13 07:10:55 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-03-13 07:10:53 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2019-03-13 07:10:51 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-03-13 07:10:50 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-03-13 07:10:47 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-03-13 07:10:46 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-03-13 07:10:45 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-13 07:10:45 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-03-13 07:10:45 ----A---- C:\WINDOWS\system32\cdp.dll
2019-03-13 07:10:44 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-13 07:10:43 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2019-03-13 07:10:41 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-03-13 07:10:41 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-13 07:10:40 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-03-13 07:10:39 ----A---- C:\WINDOWS\system32\mos.dll
2019-03-13 07:10:38 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-03-13 07:10:38 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-03-13 07:10:37 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-03-13 07:10:36 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-03-13 07:10:36 ----A---- C:\WINDOWS\system32\combase.dll
2019-03-13 07:10:36 ----A---- C:\WINDOWS\system32\appraiser.dll
2019-03-13 07:10:34 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-13 07:10:33 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-13 07:10:33 ----A---- C:\WINDOWS\system32\aeinv.dll
2019-03-13 07:10:32 ----A---- C:\WINDOWS\system32\OpcServices.dll
2019-03-13 07:10:32 ----A---- C:\WINDOWS\system32\BingMaps.dll
2019-03-13 07:10:32 ----A---- C:\WINDOWS\system32\aepic.dll
2019-03-13 07:10:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2019-03-13 07:10:31 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2019-03-13 07:10:31 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-03-13 07:10:30 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2019-03-13 07:10:30 ----A---- C:\WINDOWS\system32\msxml6.dll
2019-03-13 07:10:29 ----A---- C:\WINDOWS\system32\generaltel.dll
2019-03-13 07:10:29 ----A---- C:\WINDOWS\system32\fcon.dll
2019-03-13 07:10:29 ----A---- C:\WINDOWS\system32\dosvc.dll
2019-03-13 07:10:28 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2019-03-13 07:10:28 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-03-13 07:10:27 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-03-13 07:10:27 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-03-13 07:10:26 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-03-13 07:10:26 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-03-13 07:10:26 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-13 07:10:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2019-03-13 07:10:25 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-03-13 07:10:25 ----A---- C:\WINDOWS\system32\aitstatic.exe
2019-03-13 07:10:24 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2019-03-13 07:10:24 ----A---- C:\WINDOWS\system32\urlmon.dll
2019-03-13 07:10:24 ----A---- C:\WINDOWS\system32\msctf.dll
2019-03-13 07:10:24 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-03-13 07:10:23 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2019-03-13 07:10:23 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-03-13 07:10:23 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2019-03-13 07:10:23 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-03-13 07:10:22 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2019-03-13 07:10:22 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2019-03-13 07:10:22 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2019-03-13 07:10:22 ----A---- C:\WINDOWS\system32\lpasvc.dll
2019-03-13 07:10:22 ----A---- C:\WINDOWS\system32\devinv.dll
2019-03-13 07:10:22 ----A---- C:\WINDOWS\system32\cdprt.dll
2019-03-13 07:10:21 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2019-03-13 07:10:21 ----A---- C:\WINDOWS\system32\invagent.dll
2019-03-13 07:10:21 ----A---- C:\WINDOWS\system32\gpsvc.dll
2019-03-13 07:10:20 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-03-13 07:10:20 ----A---- C:\WINDOWS\system32\wsp_fs.dll
2019-03-13 07:10:20 ----A---- C:\WINDOWS\system32\dcntel.dll
2019-03-13 07:10:20 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-13 07:10:19 ----A---- C:\WINDOWS\system32\wsp_health.dll
2019-03-13 07:10:19 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2019-03-13 07:10:19 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-03-13 07:10:18 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2019-03-13 07:10:18 ----A---- C:\WINDOWS\system32\MapRouter.dll
2019-03-13 07:10:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2019-03-13 07:10:17 ----A---- C:\WINDOWS\system32\AudioSes.dll
2019-03-13 07:10:17 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-13 07:10:17 ----A---- C:\WINDOWS\system32\acmigration.dll
2019-03-13 07:10:16 ----A---- C:\WINDOWS\system32\localspl.dll
2019-03-13 07:10:16 ----A---- C:\WINDOWS\system32\dpx.dll
2019-03-13 07:10:16 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-13 07:10:15 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2019-03-13 07:10:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-03-13 07:10:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-13 07:10:15 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-13 07:10:15 ----A---- C:\WINDOWS\system32\msxml3.dll
2019-03-13 07:10:15 ----A---- C:\WINDOWS\system32\AudioEng.dll
2019-03-13 07:10:14 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2019-03-13 07:10:14 ----A---- C:\WINDOWS\system32\NMAA.dll
2019-03-13 07:10:14 ----A---- C:\WINDOWS\system32\kernel32.dll
2019-03-13 07:10:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-03-13 07:10:13 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-03-13 07:10:13 ----A---- C:\WINDOWS\system32\propsys.dll
2019-03-13 07:10:13 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-13 07:10:12 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2019-03-13 07:10:12 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2019-03-13 07:10:12 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-13 07:10:12 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-13 07:10:11 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2019-03-13 07:10:11 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-13 07:10:11 ----A---- C:\WINDOWS\system32\policymanager.dll
2019-03-13 07:10:11 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-03-13 07:10:10 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-03-13 07:10:10 ----A---- C:\WINDOWS\SYSWOW64\dpx.dll
2019-03-13 07:10:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2019-03-13 07:10:10 ----A---- C:\WINDOWS\system32\msi.dll
2019-03-13 07:10:10 ----A---- C:\WINDOWS\system32\jscript.dll
2019-03-13 07:10:10 ----A---- C:\WINDOWS\system32\audiodg.exe
2019-03-13 07:10:09 ----A---- C:\WINDOWS\SYSWOW64\msrd2x40.dll
2019-03-13 07:10:09 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2019-03-13 07:10:09 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-13 07:10:09 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2019-03-13 07:10:09 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-13 07:10:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2019-03-13 07:10:08 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2019-03-13 07:10:08 ----A---- C:\WINDOWS\system32\winload.exe
2019-03-13 07:10:08 ----A---- C:\WINDOWS\system32\wer.dll
2019-03-13 07:10:08 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2019-03-13 07:10:08 ----A---- C:\WINDOWS\system32\MapsStore.dll
2019-03-13 07:10:07 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-03-13 07:10:07 ----A---- C:\WINDOWS\system32\AppResolver.dll
2019-03-13 07:10:06 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-03-13 07:10:06 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2019-03-13 07:10:06 ----A---- C:\WINDOWS\system32\winresume.exe
2019-03-13 07:10:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-03-13 07:10:06 ----A---- C:\WINDOWS\system32\resutils.dll
2019-03-13 07:10:06 ----A---- C:\WINDOWS\system32\ActivationManager.dll
2019-03-13 07:10:05 ----A---- C:\WINDOWS\SYSWOW64\wsp_health.dll
2019-03-13 07:10:05 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2019-03-13 07:10:05 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2019-03-13 07:10:05 ----A---- C:\WINDOWS\system32\drivers\http.sys
2019-03-13 07:10:05 ----A---- C:\WINDOWS\system32\clusapi.dll
2019-03-13 07:10:04 ----A---- C:\WINDOWS\SYSWOW64\wsp_fs.dll
2019-03-13 07:10:04 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2019-03-13 07:10:04 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2019-03-13 07:10:04 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2019-03-13 07:10:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2019-03-13 07:10:03 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2019-03-13 07:10:03 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2019-03-13 07:10:03 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-13 07:10:03 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-03-13 07:10:03 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2019-03-13 07:10:02 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\RTWorkQ.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\ReAgent.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\pcasvc.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2019-03-13 07:10:02 ----A---- C:\WINDOWS\system32\domgmt.dll
2019-03-13 07:10:01 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2019-03-13 07:10:01 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-03-13 07:10:01 ----A---- C:\WINDOWS\system32\msv1_0.dll
2019-03-13 07:10:01 ----A---- C:\WINDOWS\system32\mprddm.dll
2019-03-13 07:10:01 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2019-03-13 07:10:00 ----A---- C:\WINDOWS\SYSWOW64\RTWorkQ.dll
2019-03-13 07:10:00 ----A---- C:\WINDOWS\SYSWOW64\ReAgent.dll
2019-03-13 07:10:00 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2019-03-13 07:10:00 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2019-03-13 07:10:00 ----A---- C:\WINDOWS\system32\hal.dll
2019-03-13 07:10:00 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2019-03-13 07:09:59 ----A---- C:\WINDOWS\SYSWOW64\resutils.dll
2019-03-13 07:09:59 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2019-03-13 07:09:59 ----A---- C:\WINDOWS\SYSWOW64\ActivationManager.dll
2019-03-13 07:09:59 ----A---- C:\WINDOWS\system32\WerFault.exe
2019-03-13 07:09:59 ----A---- C:\WINDOWS\system32\systemreset.exe
2019-03-13 07:09:59 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2019-03-13 07:09:59 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2019-03-13 07:09:59 ----A---- C:\WINDOWS\system32\drivers\bridge.sys
2019-03-13 07:09:59 ----A---- C:\WINDOWS\system32\AcLayers.dll
2019-03-13 07:09:58 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2019-03-13 07:09:58 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2019-03-13 07:09:58 ----A---- C:\WINDOWS\system32\wimgapi.dll
2019-03-13 07:09:58 ----A---- C:\WINDOWS\system32\taskhostw.exe
2019-03-13 07:09:58 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2019-03-13 07:09:58 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-03-13 07:09:58 ----A---- C:\WINDOWS\system32\drivers\exfat.sys
2019-03-13 07:09:57 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe
2019-03-13 07:09:56 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\SYSWOW64\mprddm.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore6.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\SYSWOW64\clusapi.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\system32\wimserv.exe
2019-03-13 07:09:56 ----A---- C:\WINDOWS\system32\werui.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\system32\mf3216.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\system32\dhcpcore.dll
2019-03-13 07:09:56 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2019-03-13 07:09:55 ----A---- C:\WINDOWS\system32\Faultrep.dll
2019-03-13 07:09:53 ----A---- C:\WINDOWS\SYSWOW64\WerFaultSecure.exe
2019-03-13 07:09:53 ----A---- C:\WINDOWS\SYSWOW64\dhcpcore.dll
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\weretw.dll
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\reseteng.dll
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\dhcpcore6.dll
2019-03-13 07:09:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-13 07:09:52 ----A---- C:\WINDOWS\SYSWOW64\cdprt.dll
2019-03-13 07:09:52 ----A---- C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-13 07:09:52 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2019-03-13 07:09:51 ----A---- C:\WINDOWS\SYSWOW64\AcLayers.dll
2019-03-13 07:09:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2019-03-13 07:09:50 ----A---- C:\WINDOWS\SYSWOW64\werui.dll
2019-03-13 07:09:50 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-03-13 07:09:50 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-13 07:09:50 ----A---- C:\WINDOWS\system32\mcbuilder.exe
2019-03-13 07:09:50 ----A---- C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\SYSWOW64\srpapi.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\SYSWOW64\CredentialMigrationHandler.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\system32\srpapi.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-13 07:09:49 ----A---- C:\WINDOWS\system32\drivers\udfs.sys
2019-03-13 07:09:49 ----A---- C:\WINDOWS\system32\drivers\msfs.sys
2019-03-13 07:09:49 ----A---- C:\WINDOWS\system32\drivers\cdfs.sys
2019-03-13 07:09:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-13 07:09:48 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-03-13 07:09:48 ----A---- C:\WINDOWS\SYSWOW64\mcbuilder.exe
2019-03-13 07:09:48 ----A---- C:\WINDOWS\system32\rascustom.dll
2019-03-13 07:09:48 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2019-03-13 07:09:48 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2019-03-13 07:09:48 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-13 07:09:48 ----A---- C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\system32\tzres.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-13 07:09:47 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2019-03-13 07:09:47 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2019-02-19 08:04:11 ----A---- C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-13 18:21:23 ----A---- C:\WINDOWS\system32\sppsvc.exe
2019-02-13 18:21:15 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-02-13 18:21:08 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 18:21:05 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-02-13 18:21:00 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 18:20:56 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2019-02-13 18:20:52 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2019-02-13 18:20:52 ----A---- C:\WINDOWS\system32\mfcore.dll
2019-02-13 18:20:50 ----A---- C:\WINDOWS\system32\smartscreen.exe
2019-02-13 18:20:47 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-02-13 18:20:45 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-02-13 18:20:45 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 18:20:45 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 18:20:44 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2019-02-13 18:20:44 ----A---- C:\WINDOWS\system32\ntdll.dll
2019-02-13 18:20:43 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-02-13 18:20:43 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 18:20:42 ----A---- C:\WINDOWS\SYSWOW64\msrd3x40.dll
2019-02-13 18:20:42 ----A---- C:\WINDOWS\system32\winhttp.dll
2019-02-13 18:20:42 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 18:20:41 ----A---- C:\WINDOWS\system32\svchost.exe
2019-02-13 18:20:41 ----A---- C:\WINDOWS\system32\StorSvc.dll
2019-02-13 18:20:41 ----A---- C:\WINDOWS\system32\rmclient.dll
2019-02-13 18:20:41 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 18:20:40 ----A---- C:\WINDOWS\system32\oleaut32.dll
2019-02-13 18:20:39 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2019-02-13 18:20:39 ----A---- C:\WINDOWS\SYSWOW64\svchost.exe
2019-02-13 18:20:39 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2019-02-13 18:20:39 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-02-13 18:20:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2019-02-13 18:20:38 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2019-02-13 18:20:38 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2019-02-13 18:20:37 ----A---- C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 18:20:36 ----A---- C:\WINDOWS\system32\wldp.dll
2019-02-13 18:20:35 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2019-02-13 18:20:35 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2019-02-13 18:20:35 ----A---- C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 18:20:35 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 18:20:34 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2019-02-13 18:20:34 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 18:20:34 ----A---- C:\WINDOWS\system32\browserbroker.dll
2019-02-13 18:20:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 18:20:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 18:20:33 ----A---- C:\WINDOWS\system32\wintrust.dll
2019-02-13 18:20:32 ----A---- C:\WINDOWS\system32\mfps.dll
2019-02-13 18:20:31 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 18:20:30 ----A---- C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 18:20:29 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-02-13 18:20:28 ----A---- C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 18:20:28 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2019-02-13 18:20:28 ----A---- C:\WINDOWS\HelpPane.exe
2019-02-13 18:20:27 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2019-02-13 18:20:27 ----A---- C:\WINDOWS\system32\drivers\spacedump.sys
2019-02-13 18:20:26 ----A---- C:\WINDOWS\SYSWOW64\NtlmShared.dll
2019-02-13 18:20:26 ----A---- C:\WINDOWS\system32\wuuhext.dll
2019-02-13 18:20:26 ----A---- C:\WINDOWS\system32\smss.exe
2019-02-13 18:20:26 ----A---- C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 18:20:26 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 18:20:26 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2019-02-13 18:20:25 ----A---- C:\WINDOWS\SYSWOW64\spacebridge.dll
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\spacebridge.dll
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\npmproxy.dll
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 18:20:25 ----A---- C:\WINDOWS\system32\browser_broker.exe
2019-02-13 18:20:24 ----A---- C:\WINDOWS\SYSWOW64\npmproxy.dll
2019-02-13 18:20:24 ----A---- C:\WINDOWS\SYSWOW64\msjet40.dll
2019-02-13 18:20:24 ----A---- C:\WINDOWS\SYSWOW64\itss.dll
2019-02-13 18:20:24 ----A---- C:\WINDOWS\SYSWOW64\CapabilityAccessManagerClient.dll
2019-02-13 18:20:24 ----A---- C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 18:20:24 ----A---- C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 18:20:24 ----A---- C:\WINDOWS\system32\itss.dll
2019-02-13 18:20:23 ----A---- C:\WINDOWS\SYSWOW64\smartscreenps.dll
2019-02-13 18:20:23 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2019-02-13 18:20:22 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2019-02-13 18:20:22 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-12 13:37:56 ----D---- C:\Program Files (x86)\Metin2
2019-02-11 16:43:53 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2019-02-11 15:12:53 ----D---- C:\Users\Uživatel\AppData\Roaming\.mono
2019-02-11 15:12:53 ----D---- C:\ProgramData\.mono
2019-02-11 14:46:13 ----D---- C:\Program Files (x86)\Hearthstone
2019-02-06 18:56:06 ----D---- C:\Program Files (x86)\Valve
2019-02-04 14:32:21 ----D---- C:\Program Files\trend micro
2019-02-04 14:32:20 ----D---- C:\rsit
2019-01-21 16:01:52 ----D---- C:\Program Files (x86)\Aspyr Media, Inc
2019-01-10 16:50:29 ----D---- C:\Users\Uživatel\AppData\Roaming\Blizzard
2019-01-10 16:07:28 ----D---- C:\Program Files (x86)\StarCraft
2019-01-09 08:46:38 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 08:46:37 ----A---- C:\WINDOWS\system32\rpcss.dll
2019-01-09 08:46:35 ----A---- C:\WINDOWS\system32\aadtb.dll
2019-01-09 08:46:34 ----A---- C:\WINDOWS\system32\lsasrv.dll
2019-01-09 08:46:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 08:46:32 ----A---- C:\WINDOWS\system32\wlidprov.dll
2019-01-09 08:46:32 ----A---- C:\WINDOWS\system32\WinTypes.dll
2019-01-09 08:46:32 ----A---- C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 08:46:32 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-01-09 08:46:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Web.dll
2019-01-09 08:46:31 ----A---- C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 08:46:31 ----A---- C:\WINDOWS\system32\kerberos.dll
2019-01-09 08:46:30 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2019-01-09 08:46:30 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 08:46:30 ----A---- C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 08:46:30 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2019-01-09 08:46:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 08:46:29 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2019-01-09 08:46:29 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2019-01-09 08:46:29 ----A---- C:\WINDOWS\system32\dssvc.dll
2019-01-09 08:46:29 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2019-01-09 08:46:29 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2019-01-09 08:46:28 ----A---- C:\WINDOWS\SYSWOW64\wlidcredprov.dll
2019-01-09 08:46:28 ----A---- C:\WINDOWS\SYSWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 08:46:26 ----A---- C:\WINDOWS\SYSWOW64\wlidprov.dll
2019-01-09 08:46:26 ----A---- C:\WINDOWS\system32\wlidcli.dll
2019-01-09 08:46:26 ----A---- C:\WINDOWS\system32\drivers\wanarp.sys
2019-01-09 08:46:26 ----A---- C:\WINDOWS\system32\browserexport.exe
2019-01-09 08:46:25 ----A---- C:\WINDOWS\SYSWOW64\wlidcli.dll
2019-01-09 08:46:25 ----A---- C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 08:46:24 ----A---- C:\WINDOWS\SYSWOW64\windowslivelogin.dll
2019-01-09 08:46:24 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2019-01-09 08:46:24 ----A---- C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 08:46:24 ----A---- C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-04 13:32:57 ----D---- C:\Program Files\Dostihy 3000 Deluxe
2018-12-26 14:17:40 ----D---- C:\Program Files (x86)\Rockstar Games
2018-12-26 14:07:54 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2018-12-26 14:07:53 ----D---- C:\Program Files (x86)\OpenAL
2018-12-26 14:07:53 ----A---- C:\WINDOWS\SYSWOW64\wrap_oal.dll
2018-12-26 14:07:53 ----A---- C:\WINDOWS\SYSWOW64\OpenAL32.dll
2018-12-26 14:07:53 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2018-12-26 13:15:18 ----D---- C:\Program Files (x86)\DiRT 3 Complete Edition
2018-12-20 12:21:03 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-20 12:20:53 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-20 12:20:52 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-14 19:54:21 ----A---- C:\WINDOWS\system32\drivers\semav6msr64.sys

======List of files/folders modified in the last 3 months======

2019-03-13 14:25:46 ----D---- C:\WINDOWS\Temp
2019-03-13 14:25:45 ----D---- C:\WINDOWS\Prefetch
2019-03-13 14:25:29 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-03-13 13:32:02 ----D---- C:\WINDOWS\system32\sru
2019-03-13 12:39:13 ----RD---- C:\WINDOWS\Microsoft.NET
2019-03-13 11:34:36 ----HD---- C:\Program Files\WindowsApps
2019-03-13 11:34:28 ----D---- C:\WINDOWS\AppReadiness
2019-03-13 11:29:55 ----SHD---- C:\System Volume Information
2019-03-13 11:29:55 ----D---- C:\WINDOWS\system32\SleepStudy
2019-03-13 09:34:41 ----D---- C:\WINDOWS\system32\config
2019-03-13 09:33:13 ----D---- C:\WINDOWS\System32
2019-03-13 09:33:13 ----D---- C:\WINDOWS\INF
2019-03-13 09:33:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-13 09:27:45 ----D---- C:\WINDOWS\WinSxS
2019-03-13 09:26:57 ----D---- C:\WINDOWS\system32\DriverStore
2019-03-13 09:26:21 ----D---- C:\WINDOWS\system32\drivers
2019-03-13 09:26:09 ----D---- C:\WINDOWS\Logs
2019-03-13 08:37:07 ----D---- C:\WINDOWS\TextInput
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\migration
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\en-US
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-03-13 08:37:07 ----D---- C:\WINDOWS\SysWOW64
2019-03-13 08:37:06 ----SD---- C:\WINDOWS\system32\UNP
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\zu-ZA
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\yo-NG
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\xh-ZA
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\wo-SN
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\tn-ZA
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\ti-ET
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\rw-RW
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\oobe
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\nso-ZA
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\migration
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\ig-NG
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\en-US
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\cs-CZ
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-03-13 08:37:06 ----D---- C:\WINDOWS\system32\appraiser
2019-03-13 08:37:05 ----D---- C:\WINDOWS\ShellExperiences
2019-03-13 08:37:03 ----RSD---- C:\WINDOWS\Fonts
2019-03-13 08:37:03 ----RD---- C:\Program Files\Windows Defender
2019-03-13 08:37:03 ----D---- C:\WINDOWS\bcastdvr
2019-03-13 08:37:03 ----D---- C:\WINDOWS\apppatch
2019-03-13 08:37:03 ----D---- C:\Program Files (x86)\Windows Defender
2019-03-13 08:37:01 ----D---- C:\WINDOWS\system32\Boot
2019-03-13 08:22:47 ----D---- C:\WINDOWS\system32\Macromed
2019-03-13 08:22:40 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2019-03-13 07:23:52 ----D---- C:\WINDOWS\system32\catroot2
2019-03-13 07:08:45 ----D---- C:\WINDOWS\CbsTemp
2019-03-13 06:43:39 ----D---- C:\WINDOWS\system32\MRT
2019-03-13 06:43:31 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-03-13 06:43:10 ----SHD---- C:\WINDOWS\Installer
2019-03-13 06:42:51 ----D---- C:\ProgramData\Microsoft Help
2019-03-13 06:19:33 ----D---- C:\ProgramData\LogMeIn
2019-03-11 18:02:00 ----D---- C:\Program Files (x86)\Intel Driver and Support Assistant
2019-03-11 12:59:20 ----D---- C:\WINDOWS\system32\LogFiles
2019-03-11 12:13:55 ----D---- C:\Program Files (x86)\Heroes of the Storm
2019-03-08 19:26:16 ----D---- C:\ProgramData\Jagex
2019-03-05 13:25:42 ----D---- C:\Program Files (x86)\Battle.net
2019-03-03 17:54:40 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2019-03-02 20:01:35 ----D---- C:\WINDOWS\system32\Tasks
2019-03-01 19:01:27 ----D---- C:\Program Files\rempl
2019-02-22 18:17:56 ----D---- C:\WINDOWS\system32\drivers\wd
2019-02-20 16:28:10 ----RD---- C:\WINDOWS\assembly
2019-02-16 12:50:24 ----D---- C:\Windows
2019-02-13 22:55:03 ----SD---- C:\WINDOWS\SYSWOW64\F12
2019-02-13 22:55:02 ----SD---- C:\WINDOWS\system32\F12
2019-02-13 22:55:02 ----D---- C:\WINDOWS\system32\drivers\UMDF
2019-02-13 22:54:56 ----D---- C:\Program Files\internet explorer
2019-02-13 22:54:56 ----D---- C:\Program Files (x86)\Internet Explorer
2019-02-12 13:37:56 ----RD---- C:\Program Files (x86)
2019-02-11 15:12:53 ----HD---- C:\ProgramData
2019-02-07 20:13:46 ----D---- C:\Users\Uživatel\AppData\Roaming\vlc
2019-02-07 19:48:39 ----D---- C:\ProgramData\Packages
2019-02-06 18:56:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2019-02-04 18:11:39 ----D---- C:\Program Files (x86)\LogMeIn
2019-02-04 18:10:37 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2019-02-04 18:10:37 ----A---- C:\WINDOWS\system32\LMIinit.dll.000.bak
2019-02-04 18:10:37 ----A---- C:\WINDOWS\system32\LMIinit.dll
2019-02-04 14:32:21 ----RD---- C:\Program Files
2019-01-31 17:52:56 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2019-01-30 19:14:37 ----D---- C:\WINDOWS\Minidump
2019-01-25 17:33:44 ----D---- C:\WINDOWS\LiveKernelReports
2019-01-14 08:21:39 ----D---- C:\Users\Uživatel\AppData\Roaming\uTorrent
2019-01-11 23:01:55 ----D---- C:\Games
2018-12-26 14:12:49 ----SD---- C:\Users\Uživatel\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R1 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2017-01-11 23232]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\WINDOWS\system32\drivers\LMIInfo.sys [2017-01-11 30432]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2017-01-10 81088]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athw8x.sys [2018-04-12 4233728]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-07-13 610336]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 dtlitescsibus;@oem5.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-09-04 30264]
R3 dtliteusbbus;@oem1.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-09-04 47672]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-07 3797424]
R3 IntcDAud;@oem7.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem17.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2018-04-12 604160]
R3 semav6msr64;semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [2018-12-19 43008]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-06-04 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;@oem14.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\System32\drivers\ssudbus.sys [2016-07-22 130688]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 Hamachi;@oem20.inf,%Hamachi.Service.DispName%;LogMeIn Hamachi Virtual Miniport); C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [2018-05-23 45680]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-03-06 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 jrdusbser;Mobile Connector Device for Legacy Serial Communication2; C:\WINDOWS\System32\drivers\jrdusbser.sys [2013-06-18 123776]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2015-06-04 42184]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;@oem0.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-07-22 164992]
S3 ssudqcfilter;SAMSUNG Mobile USB QCRMNET Filter Driver; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [2016-07-22 64640]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_69aeb;Uživatelská služba platformy připojených zařízení_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DSAService;Intel(R) Driver & Support Assistant; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [2018-05-03 22776]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [2018-12-19 937208]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2019-02-11 3361736]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-07 328624]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-05-27 419248]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2019-02-04 588232]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2015-06-15 407424]
R2 OneSyncSvc_69aeb;Hostitel synchronizace_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-02-26 330040]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-02 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_69aeb;Data kontaktů_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-29 153168]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-03-13 335872]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_69aeb;Uživatelská služba pro GameDVR a vysílání her_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_69aeb;Služba pro podporu uživatelů Bluetooth_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-07 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_69aeb;DevicePicker_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_69aeb;Tok zařízení_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2018-10-19 3729512]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe [2019-03-01 1271280]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-29 153168]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 Intel(R) SUR QC SAM;Intel(R) SUR QC Software Asset Manager; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13 18168]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_69aeb;Služba zasílání zpráv_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 50942144]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 187072]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_69aeb;PrintWorkflow_69aeb; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: je tam keylogger? klidně aj přejmenován start po startu.

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dát log nám stačí pouze jednou. Kdo to pak má mazat. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

originpoison
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 úno 2019 14:43

Re: je tam keylogger? klidně aj přejmenován start po startu.

#3 Příspěvek od originpoison »

NEVÍM... # -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-13-2019
# Duration: 00:01:02
# OS: Windows 10 Home
# Scanned: 31892
# Detected: 10


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

originpoison
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 úno 2019 14:43

Re: je tam keylogger? klidně aj přejmenován start po startu.

#4 Příspěvek od originpoison »

nevím co to je, ale stačil by reinstal na xp?

originpoison
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 úno 2019 14:43

Re: je tam keylogger? klidně aj přejmenován start po startu.

#5 Příspěvek od originpoison »

co se tak dívám do toho regeditu tak to asi budou bloklý stránky který to obešli nebo tak... přes ie což nepoužívám.. mám totiž repas

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: je tam keylogger? klidně aj přejmenován start po startu.

#6 Příspěvek od Rudy »

Nějak nerozumím tomu, proč se chcete vrátit k WinXP?
originpoison píše:nevím co to je
Co co je?

Co má společného regedit s bloklými stránkami? Myslím, že si trochu pletete pojmy. V ADWcleaneru ještě klikněte na mazání, restratujte a pak dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět