Tretia strana v PC? - pravidelné otváranie neznámeho softu

[godfather13]

Dobrý deň

Pred pár dňami som si na základe vlastnej hlúposti inštaloval utilitky neovereného pôvodu. Pri inštalácii jednej ma našťastie zastavil ESET anti10, že nejaký program chce kontaktovať tretiu stranu. V panike som všetko pomazal, no obávam sa že nejaká háveď mi ostala v PC.
Teraz mi pravidelne asi v hodinových intervaloch vyskočí na sekundu nejaký program, čierny obrazovka s rýchlym sledom príkazov, stihol som si všimnúť akurát že je to umiestnené niekde v programFiles/microsoft office.
Taktiež mi "mrzne" pripojenie na sieť (len tento PC, ostatné zariadania šlapú).
Mohli by ste sa mi na to prosím pozrieť?
Ďakujem a prajem Vám pekný deň

Prikladám LOG Z RSIT:
Logfile of random's system information tool 1.16 (written by random/random)
Run by tomas at 2017-05-28 18:40:46
Microsoft Windows 10 Home
System drive C: has 28 GB (31%) free of 90 GB
Total RAM: 8060 MB (68% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:47, on 28.05.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
D:\ProgramFilesPersonal\STEAM\Steam.exe
D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\acrotray.exe
D:\ProgramFilesPersonal\STEAM\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Native.Host.exe
D:\ProgramFilesPersonal\STEAM\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\trend micro\tomas_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer17win10.msn.com/?pc=ACTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer17win10.msn.com/?pc=ACTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Steam] "D:\ProgramFilesPersonal\STEAM\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ProgramFilesPersonal\Office2010\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\ProgramFilesPersonal\Office2010\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\system32\AdminService.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
O23 - Service: Dashlane Upgrade Service - Dashlane, Inc. - C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel SST Parameter Service (IntelSSTSvc) - Unknown owner - C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe (file missing)
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KrosFireBird (KrosPlusFireBird) - Firebird Project - D:\ProgramFilesPersonal\CENKROS_DEMO\Firebird\FBbin\fbserver.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: Quick Access Local Service (QALSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
O23 - Service: Quick Access Service (QASvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13934 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\30200.13360\30200.13360.dll",PUIAPI_CreateInstance
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -s SENS
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SensorService
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\WINDOWS\system32\AdminService.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
"C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
D:\ProgramFilesPersonal\CENKROS_DEMO\Firebird\FBbin\fbserver.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k netsvcs -s Browser
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
"C:\Program Files\Acer\Acer Quick Access\QASvc.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Acer\Acer Quick Access\QALSvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
"C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe" -r "C:\Users\tomas\AppData\Local\AOP SDK\Acer Infra\acer\SyncAgent" -u S-1-5-21-1772258607-4237981511-2433331023-1001 -c 700 -s 804 -g "C:\ProgramData\acer\CCD"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -s NcdAutoSetup
C:\WINDOWS\system32\svchost.exe -k netsvcs -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -s NgcSvc
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe"
C:\WINDOWS\Explorer.EXE
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Program Files\Acer\Acer Quick Access\QAAgent.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe"
"C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe" -Embedding
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /TRUEHARMONY
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"D:\ProgramFilesPersonal\STEAM\Steam.exe" -silent
C:\Program Files\CCleaner\CCleaner64.exe
"D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\acrotray.exe"
D:\ProgramFilesPersonal\STEAM\bin\cef\cef.win7\steamwebhelper.exe "-cachedir=C:\Users\tomas\AppData\Local\Steam\htmlcache" "-steampid=5424" "-buildid=1493162727" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write "--log-file=D:\ProgramFilesPersonal\STEAM\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe" task
"C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe" task
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe" -s
"C:\Program Files (x86)\Acer\Care Center\ACCStd.exe"
"C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Native.Host.exe" -ServerName:Native.Host
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
"D:\ProgramFilesPersonal\STEAM\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --disable-smooth-scrolling --enable-pinch --primordial-pipe-token=F8F86461C6FFDEC1C388927FA290D001 --lang=en-US --lang=sk-SK --log-file="D:\ProgramFilesPersonal\STEAM\logs\cef_log.txt" --product-version="Valve Steam Client" --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=F8F86461C6FFDEC1C388927FA290D001 --renderer-client-id=2 --mojo-platform-channel-handle=2948 /prefetch:1
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
C:\WINDOWS\system32\AUDIODG.EXE 0x798
c:\windows\system32\svchost.exe -k netsvcs -s BITS
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe148_ Global\UsGthrCtrlFltPipeMssGthrPipe148 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 696 700 708 8192 704
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
"C:\Users\tomas\Desktop\RSITx64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\30200-13360 - C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\30200.13360\30200.13360.dll",PUIAPI_CreateInstance
C:\WINDOWS\system32\tasks\ACCAgent - C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
C:\WINDOWS\system32\tasks\ACCBackgroundApplication - C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
C:\WINDOWS\system32\tasks\AcerCloud - C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task
C:\WINDOWS\system32\tasks\AcerCMUpdateTask2.1.16258 - "C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe" /task
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-tomas.deak@hotmail.com - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\WINDOWS\system32\tasks\BacKGroundAgent - C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\DashlaneUpgradeCheck - net start "Dashlane Upgrade Service"
C:\WINDOWS\system32\tasks\FubToolByPLD - "C:\OEM\Preload\FubTool\FubTool.exe"
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\Intel PTT EK Recertification - "C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe"
C:\WINDOWS\system32\tasks\KMSAutoNet - "C:\ProgramData\KMSAutoS\KMSAuto Net.exe" /off=act
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Power Button - "C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe" -s
C:\WINDOWS\system32\tasks\Quick Access - "C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"
C:\WINDOWS\system32\tasks\UbtFrameworkService - "C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe"
C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - %systemroot%\system32\usoclient.exe ScanInstallWait
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunCampaignManager - %windir%\System32\UNP\UNPCampaignManager.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\WINDOWS\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload

=========Mozilla firefox=========

ProfilePath - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default

prefs.js - "browser.startup.homepage" - "https://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\extensions\
{55145B00-B917-07A5-0CF9-3B5B393758D2}

C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\addons.json
OmniSidebar - extension - osb@quicksaver
uBlock Origin - extension - uBlock0@raymondhill.net

C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\extensions.json
System.Runtime.Remoting.Contexts.SynchronizationAttribute - extension - {55145B00-B917-07A5-0CF9-3B5B393758D2} - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\extensions\{55145B00-B917-07A5-0CF9-3B5B393758D2}
OmniSidebar - extension - osb@quicksaver - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\extensions\osb@quicksaver.xpi
uBlock Origin - extension - uBlock0@raymondhill.net - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\extensions\uBlock0@raymondhill.net.xpi
Adobe Acrobat - Create PDF - extension - web2pdfextension.15@web2pdf.adobedotcom - D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\Browser\WCFirefoxExtn
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Shield Recipe Client - extension - shield-recipe-client@mozilla.org - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\features\{714acb7f-c522-4f41-abae-bca15c7fd2aa}\shield-recipe-client@mozilla.org.xpi
MEGA - extension - firefox@mega.co.nz - C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\extensions\firefox@mega.co.nz.xpi

C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\gs5q1l3p.default\pluginreg.dat
Plugin - Shockwave Flash - 24.0.0.186 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll

=========Google Chrome=========

C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.13.2
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 0 Adobe Acrobat 15.1.0.6
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension hehijbfgiekmjfkfjpbkbammjbdenadd 1 IE Tab 10.5.10.1
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.2
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5817.313.0.5
Homepage:
default_search_provider.search_url:
C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=ACTE


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=ACTE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-25 210120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-25 3078960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-25 149704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23 140512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-25 2075440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23 140512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23 140512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-03-18 629152]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-06-03 16475392]
"RtHDVBg_TrueHarmony"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-06-03 1454336]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2016-06-01 71168]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07 508128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-05-19 1504888]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-21 9292504]
"Steam"=D:\ProgramFilesPersonal\STEAM\steam.exe [2017-04-26 3019552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ADSKAppManager"=C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [2016-02-24 529480]
"Acrobat Assistant 8.0"=D:\ProgramFilesPersonal\Adobe_PRO\Program\Acrobat\Acrotray.exe [2017-03-28 3499640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open -
.scr - install -
.scr - config -

====== List of files/folders created in the last 1 month ======

2017-05-28 09:43:42 ----HD---- C:\OneDriveTemp
2017-05-25 12:48:32 ----SHD---- C:\Config.Msi
2017-05-24 13:52:02 ----D---- C:\Users\tomas\AppData\Roaming\SolidDocuments
2017-05-19 00:22:25 ----D---- C:\ProgramData\Microsoft OneDrive
2017-05-18 21:27:03 ----D---- C:\Windows.old
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\XpsPrint.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\XpsDocumentTargetPrint.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\WiFiDisplay.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\VEEventDispatcher.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\quartz.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\PackageStateRoaming.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\mfmjpegdec.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\system32\wmpps.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\system32\fveapi.dll
2017-05-18 21:26:23 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\UIRibbonRes.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\imagehlp.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\XpsPrint.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\wpx.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\wpnapps.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\wininet.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.UI.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\webcheck.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\wcmcsp.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\vbscript.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\usocore.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\urlmon.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\twinui.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\TSWorkspace.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\TDLMigration.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\StorSvc.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\StartTileData.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\shell32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\rpcss.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\reseteng.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\RDXService.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\quartz.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ole32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\odbcconf.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\NotificationController.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\mssprxy.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\msIso.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\mshtmled.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\msfeeds.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\mmgaserver.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\KernelBase.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\kernel32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\jscript9.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\imagehlp.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\iertutil.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ieproxy.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\iepeers.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\hvix64.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\hvax64.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\gdi32full.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\GamePanel.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\dxtrans.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\dwmcore.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\dbghelp.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\dbgeng.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\daxexec.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\crypt32.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\cldapi.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\ci.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\catsrvps.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\browserbroker.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\browser_broker.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\bcdedit.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\autochk.exe
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\atmlib.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\atmfd.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\asycfilt.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\system32\AppResolver.dll
2017-05-18 21:25:49 ----A---- C:\WINDOWS\explorer.exe
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\PlayToManager.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\odbcconf.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\mmgaserver.exe
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\dbghelp.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\autochk.exe
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\wc_storage.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\SpeechPal.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\oleaut32.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\offreg.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\drivers\netvsc.sys
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\drivers\BasicRender.sys
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\combase.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-05-18 21:25:46 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-05-18 21:20:17 ----D---- C:\WINDOWS\system32\Microsoft
2017-05-18 21:20:17 ----D---- C:\WINDOWS\ServiceProfiles
2017-05-18 21:18:23 ----D---- C:\Program Files\Reference Assemblies
2017-05-18 21:18:23 ----D---- C:\Program Files\MSBuild
2017-05-18 21:18:23 ----D---- C:\Program Files (x86)\Reference Assemblies
2017-05-18 21:18:23 ----D---- C:\Program Files (x86)\MSBuild
2017-05-18 21:17:57 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2017-05-18 21:17:57 ----A---- C:\WINDOWS\SYSWOW64\PresentationNative_v0300.dll
2017-05-18 21:17:57 ----A---- C:\WINDOWS\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-18 21:17:53 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-18 21:17:53 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-18 21:17:53 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-18 20:45:00 ----D---- C:\ProgramData\USOShared
2017-05-18 20:40:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-18 20:38:26 ----ASH---- C:\hiberfil.sys
2017-05-18 20:33:00 ----SD---- C:\Users\tomas\AppData\Roaming\Microsoft
2017-05-18 20:32:29 ----D---- C:\Program Files\Common Files\Atheros
2017-05-18 20:32:23 ----D---- C:\WINDOWS\SYSWOW64\sda
2017-05-18 20:32:16 ----D---- C:\WINDOWS\system32\IntelSSTAPO
2017-05-18 20:32:16 ----D---- C:\ProgramData\rtkSSTSetting
2017-05-18 20:32:03 ----D---- C:\WINDOWS\system32\DAX2
2017-05-18 20:31:50 ----D---- C:\Program Files\Realtek
2017-05-18 20:31:49 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2017-05-18 20:31:44 ----A---- C:\WINDOWS\SYSWOW64\PrintConfig.dll
2017-05-18 20:31:44 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.DLL
2017-05-18 20:31:44 ----A---- C:\WINDOWS\system32\OpenCL.DLL
2017-05-18 20:31:39 ----D---- C:\Program Files\Intel
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nvshext.dll
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nvmctray.dll
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nvcpl.dll
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-18 20:31:08 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2017-05-18 20:31:02 ----HD---- C:\Program Files (x86)\Uninstall Information
2017-05-18 20:30:53 ----D---- C:\ProgramData\NVIDIA Corporation
2017-05-18 20:30:50 ----AS---- C:\WINDOWS\bootstat.dat
2017-05-18 20:30:46 ----D---- C:\Program Files\NVIDIA Corporation
2017-05-18 20:30:04 ----D---- C:\WINDOWS\Prefetch
2017-05-18 20:29:56 ----D---- C:\WINDOWS\system32\SleepStudy
2017-05-18 20:29:56 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-18 19:21:28 ----DC---- C:\WINDOWS\Panther
2017-05-13 20:55:06 ----D---- C:\ProgramData\Steam
2017-05-13 12:06:58 ----A---- C:\WINDOWS\SYSWOW64\npptNT2.sys
2017-05-13 12:06:38 ----D---- C:\Program Files\Common Files\INCA Shared
2017-05-11 20:44:16 ----D---- C:\WINDOWS\system32\UNP
2017-05-11 20:44:16 ----AD---- C:\Program Files\UNP
2017-05-11 20:41:54 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-05-04 20:22:50 ----D---- C:\ProgramData\boost_interprocess
2017-04-30 19:55:55 ----D---- C:\Users\tomas\AppData\Roaming\Softland
2017-04-30 19:55:03 ----A---- C:\WINDOWS\SYSWOW64\cdintf400.dll
2017-04-30 19:54:59 ----D---- C:\Program Files (x86)\MSECache
2017-04-30 19:54:52 ----A---- C:\WINDOWS\system32\Ry4CoInst.dll
2017-04-30 19:54:52 ----A---- C:\WINDOWS\system32\drivers\Rockey4USB.sys
2017-04-30 19:54:52 ----A---- C:\WINDOWS\system32\drivers\Rockey4.sys
2017-04-30 19:52:48 ----D---- C:\WINDOWS\SYSWOW64\Binaries
2017-04-30 19:52:35 ----AD---- C:\CenkrosData
2017-04-30 19:48:25 ----D---- C:\ProgramData\Softland
2017-04-30 19:47:54 ----D---- C:\Program Files\Softland
2017-04-30 19:47:52 ----D---- C:\Program Files (x86)\Softland

====== List of files/folders modified in the last 1 month ======

2017-05-28 18:40:47 ----D---- C:\Program Files\trend micro
2017-05-28 18:40:00 ----D---- C:\WINDOWS\system32\sru
2017-05-28 18:38:36 ----D---- C:\WINDOWS\Temp
2017-05-28 16:34:31 ----D---- C:\WINDOWS\system32\Tasks
2017-05-28 09:49:18 ----D---- C:\WINDOWS\system32\drivers
2017-05-28 09:45:03 ----RD---- C:\WINDOWS\Microsoft.NET
2017-05-27 13:17:39 ----HD---- C:\Program Files\WindowsApps
2017-05-26 11:22:01 ----D---- C:\WINDOWS\AppReadiness
2017-05-26 03:18:29 ----D---- C:\WINDOWS\system32\config
2017-05-26 01:10:12 ----D---- C:\WINDOWS\SysWOW64
2017-05-26 01:10:12 ----D---- C:\WINDOWS\System32
2017-05-26 01:10:10 ----D---- C:\WINDOWS\CbsTemp
2017-05-25 21:28:53 ----D---- C:\WINDOWS\INF
2017-05-25 21:28:45 ----D---- C:\WINDOWS\LiveKernelReports
2017-05-25 12:48:38 ----SHDC---- C:\WINDOWS\Installer
2017-05-25 12:48:38 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2017-05-25 12:48:15 ----D---- C:\Program Files (x86)\Common Files
2017-05-25 12:47:32 ----AD---- C:\Program Files (x86)\Microsoft Office
2017-05-23 16:57:41 ----D---- C:\WINDOWS\system32\MRT
2017-05-23 16:57:41 ----D---- C:\WINDOWS\debug
2017-05-23 16:57:38 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-05-22 18:11:16 ----D---- C:\WINDOWS\Logs
2017-05-22 16:52:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-22 16:52:39 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-05-22 16:11:13 ----D---- C:\ProgramData\KMSAutoS
2017-05-21 13:48:57 ----RD---- C:\WINDOWS\assembly
2017-05-20 11:56:55 ----D---- C:\WINDOWS\system32\DriverStore
2017-05-20 11:56:52 ----D---- C:\WINDOWS\WinSxS
2017-05-20 11:55:07 ----D---- C:\WINDOWS\system32\LogFiles
2017-05-20 11:31:12 ----D---- C:\WINDOWS\system32\WDI
2017-05-19 18:20:53 ----D---- C:\WINDOWS\appcompat
2017-05-19 18:13:28 ----SD---- C:\ProgramData\Microsoft
2017-05-19 18:12:58 ----D---- C:\ProgramData\NVIDIA
2017-05-19 18:12:45 ----D---- C:\Windows
2017-05-19 00:22:25 ----HD---- C:\ProgramData
2017-05-19 00:20:34 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-05-18 21:26:50 ----SD---- C:\WINDOWS\SYSWOW64\F12
2017-05-18 21:26:50 ----SD---- C:\WINDOWS\system32\F12
2017-05-18 21:26:50 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2017-05-18 21:26:50 ----D---- C:\WINDOWS\SYSWOW64\Dism
2017-05-18 21:26:50 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-05-18 21:26:50 ----D---- C:\WINDOWS\system32\sk-SK
2017-05-18 21:26:50 ----D---- C:\WINDOWS\system32\Dism
2017-05-18 21:26:50 ----D---- C:\WINDOWS\system32\appraiser
2017-05-18 21:26:50 ----D---- C:\WINDOWS\ShellExperiences
2017-05-18 21:26:50 ----D---- C:\WINDOWS\Provisioning
2017-05-18 21:26:50 ----D---- C:\WINDOWS\AppPatch
2017-05-18 21:26:50 ----D---- C:\Program Files\Windows Photo Viewer
2017-05-18 21:26:50 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2017-05-18 21:26:49 ----D---- C:\WINDOWS\system32\drivers\UMDF
2017-05-18 21:22:34 ----D---- C:\WINDOWS\SYSWOW64\WCN
2017-05-18 21:22:33 ----D---- C:\WINDOWS\SYSWOW64\drivers\en-US
2017-05-18 21:22:33 ----D---- C:\WINDOWS\system32\WCN
2017-05-18 21:22:33 ----D---- C:\WINDOWS\system32\SystemResetPlatform
2017-05-18 21:22:33 ----D---- C:\WINDOWS\system32\migwiz
2017-05-18 21:22:33 ----D---- C:\WINDOWS\system32\en
2017-05-18 21:22:33 ----D---- C:\WINDOWS\system32\drivers\en-US
2017-05-18 21:22:33 ----D---- C:\WINDOWS\en-US
2017-05-18 20:49:24 ----D---- C:\WINDOWS\system32\CodeIntegrity
2017-05-18 20:45:00 ----D---- C:\ProgramData\USOPrivate
2017-05-18 20:44:26 ----D---- C:\WINDOWS\rescache
2017-05-18 20:43:37 ----D---- C:\WINDOWS\system32\WinBioDatabase
2017-05-18 20:43:23 ----D---- C:\WINDOWS\SoftwareDistribution
2017-05-18 20:42:38 ----D---- C:\WINDOWS\Registration
2017-05-18 20:42:14 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2017-05-18 20:42:13 ----RSD---- C:\WINDOWS\Fonts
2017-05-18 20:40:52 ----A---- C:\WINDOWS\SYSWOW64\PerfStringBackup.INI
2017-05-18 20:40:33 ----D---- C:\WINDOWS\HoloShell
2017-05-18 20:39:59 ----D---- C:\WINDOWS\Tasks
2017-05-18 20:39:43 ----RSD---- C:\WINDOWS\Media
2017-05-18 20:39:39 ----D---- C:\WINDOWS\system32\wbem
2017-05-18 20:39:39 ----D---- C:\WINDOWS\system32\drivers\etc
2017-05-18 20:38:42 ----D---- C:\WINDOWS\system32\catroot2
2017-05-18 20:38:05 ----D---- C:\WINDOWS\SYSWOW64\drivers
2017-05-18 20:38:04 ----D---- C:\WINDOWS\system32\ihvmanager
2017-05-18 20:38:02 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2017-05-18 20:34:31 ----D---- C:\WINDOWS\SYSWOW64\migration
2017-05-18 20:34:31 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-05-18 20:34:30 ----D---- C:\WINDOWS\SYSWOW64\en-US
2017-05-18 20:34:30 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2017-05-18 20:34:30 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2017-05-18 20:34:30 ----D---- C:\WINDOWS\SYSWOW64\BestPractices
2017-05-18 20:34:29 ----D---- C:\WINDOWS\system32\zh-HK
2017-05-18 20:34:28 ----D---- C:\WINDOWS\system32\spool
2017-05-18 20:34:27 ----D---- C:\WINDOWS\system32\oobe
2017-05-18 20:34:27 ----D---- C:\WINDOWS\system32\NDF
2017-05-18 20:34:27 ----D---- C:\WINDOWS\system32\Macromed
2017-05-18 20:34:26 ----D---- C:\WINDOWS\system32\en-US
2017-05-18 20:34:25 ----D---- C:\WINDOWS\system32\cs-CZ
2017-05-18 20:34:18 ----D---- C:\WINDOWS\system32\BestPractices
2017-05-18 20:34:17 ----D---- C:\WINDOWS\oem
2017-05-18 20:34:17 ----D---- C:\WINDOWS\OCR
2017-05-18 20:34:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2017-05-18 20:34:14 ----RD---- C:\Users
2017-05-18 20:34:11 ----RD---- C:\Program Files (x86)
2017-05-18 20:34:11 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-05-18 20:34:10 ----RD---- C:\Program Files
2017-05-18 20:34:06 ----D---- C:\Program Files\Common Files\microsoft shared
2017-05-18 20:34:06 ----D---- C:\Program Files\Common Files
2017-05-18 20:33:49 ----D---- C:\WINDOWS\system32\Recovery
2017-05-18 20:32:36 ----SHD---- C:\Recovery
2017-05-18 20:32:30 ----D---- C:\WINDOWS\system32\Sysprep
2017-05-18 20:31:08 ----D---- C:\WINDOWS\Help
2017-05-18 20:01:41 ----HD---- C:\$WINDOWS.~BT
2017-05-18 09:20:34 ----D---- C:\Users\tomas\AppData\Roaming\NVIDIA
2017-05-15 12:03:35 ----D---- C:\Users\tomas\AppData\Roaming\uTorrent
2017-05-11 23:06:00 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-CS
2017-05-11 23:05:55 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2017-05-07 18:08:33 ----SHD---- C:\System Volume Information
2017-05-04 20:23:05 ----D---- C:\Users\tomas\AppData\Roaming\Autodesk
2017-05-04 20:23:05 ----AD---- C:\ProgramData\Autodesk
2017-04-30 19:47:49 ----D---- C:\ProgramData\Package Cache
2017-04-29 03:05:09 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2016-06-01 791560]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-03-18 49568]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-03-06 132272]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-03-06 180544]
R1 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2017-03-06 70960]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2017-03-18 14336]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-06-26 610656]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\system32\DRIVERS\BTHUSB.sys [2017-03-18 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-03-18 53664]
R3 LMDriver;@oem73.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys [2016-07-29 21344]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [2017-01-17 14190520]
R3 nvvad_WaveExtensible;@oem68.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-04-14 56384]
R3 Qcamain10x64;@netathr10x.inf,%ATHR.Service.DispName%;Qualcomm Extensible Wireless LAN 11AC device driver; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2017-03-18 2344448]
R3 RadioShim;@oem73.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys [2016-07-29 14688]
R3 ROCKEYNT;@oem63.inf,%Rockey.SVCDESC%;Feitian ROCKEY4 Device Service; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2017-04-30 36904]
R3 rt640x64;@oem51.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-11-19 935168]
R3 RTSPER;@oem27.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2015-12-18 769752]
R3 SynRMIHID;@oem55.inf,%SynRMIHID.SVCDESC%;Synaptics HID Service; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [2015-10-22 57448]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2016-10-13 15488]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-03-18 64416]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-03-18 91040]
S2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2017-03-18 12288]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-03-18 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-03-18 17920]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\system32\DRIVERS\BTHport.sys [2017-05-18 980992]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-03-18 74648]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-03-18 347032]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-03-18 2104224]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-03-18 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-03-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-03-18 85504]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-03-18 168448]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-03-18 36864]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-03-18 120320]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-03-18 405408]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-03-18 51104]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-03-18 122368]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2017-05-18 118784]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-03-18 80896]
S3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 28216]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-03-18 101376]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2017-03-18 1735584]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-03-18 31128]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-03-20 40352]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AdAppMgrSvc;Autodesk Application Manager Service; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2016-02-24 1145928]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-02-27 2227312]
R2 AtherosSvc;AtherosSvc; C:\WINDOWS\system32\AdminService.exe [2016-06-26 355760]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2016-08-30 2267352]
R2 CDPUserSvc_1c1b4cb4;Connected Devices Platform User Service_1c1b4cb4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-05-14 3971264]
R2 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [2017-02-07 488944]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2017-03-06 2836296]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2016-06-01 17992]
R2 IntelSSTSvc;Intel SST Parameter Service; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [2016-03-04 26592]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2016-05-17 215328]
R2 KrosPlusFireBird;KrosFireBird; D:\ProgramFilesPersonal\CENKROS_DEMO\Firebird\FBbin\fbserver.exe [2013-03-19 3784704]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2016-05-17 419104]
R2 NovaPdfServer;novaPDF Server; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2016-03-03 50600]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 OneSyncSvc_1c1b4cb4;Sync Host_1c1b4cb4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2017-03-18 335808]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-02-10 43696]
R3 Intel(R) Security Assist;Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2016-03-02 335872]
R3 PimIndexMaintenanceSvc_1c1b4cb4;Kontaktné údaje_1c1b4cb4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 QALSvc;Quick Access Local Service; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [2016-07-29 440224]
R3 QASvc;Quick Access Service; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2016-07-29 481696]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-04-26 1590048]
S2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2015-02-05 31160]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 Dashlane Upgrade Service;Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [2016-08-04 83992]
S2 isaHelperSvc;Intel(R) Security Assist Helper; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2016-03-02 8704]
S2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2522680]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_1c1b4cb4;DevicesFlow_1c1b4cb4; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-04-28 1369856]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2016-02-19 974632]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_1c1b4cb4;MessagingService_1c1b4cb4; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-05-22 173512]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\syswow64\GameMon.des [2017-04-10 7987104]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-05-14 207040]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2017-03-18 891904]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[godfather13]

Ďakujem za skorú reakciu!
Prikladám log z ADW:

# AdwCleaner v6.047 - *Logfile created 28/05/2017 *at 19:37:32
# *Updated on 19/05/2017 by Malwarebytes
# *Database : 2017-05-26.6 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : tomas - ACER-TOMAS
# *Running from : C:\Users\tomas\Desktop\adwcleaner_6.047.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****



***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Public\App Explorer


***** [ *Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****



***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3363 *Bytes] - [01/12/2016 22:00:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [892 *Bytes] - [28/05/2017 19:37:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [3281 *Bytes] - [01/12/2016 21:59:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [1336 *Bytes] - [28/05/2017 19:37:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1113 *Bytes] ##########

[Rudy]

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[godfather13]

Prikladám Log FRST

[Rudy]

Ještě potřebuji vidět samotný FRST log. Děkuji.

[godfather13]

Ospravedlňujem sa.. prikladám Log z FRST

[Rudy]

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1772258607-4237981511-2433331023-1001\...\Policies\Explorer: []
SearchScopes: HKU\S-1-5-21-1772258607-4237981511-2433331023-1001 -> DefaultScope {5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB} URL =
SearchScopes: HKU\S-1-5-21-1772258607-4237981511-2433331023-1001 -> {5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB} URL =
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\KMSAutoNet
C:\ProgramData\KMSAutoS
C:\ProgramData\DP45977C.lfl
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[godfather13]

Prikladám FIXLOG

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-05-2017
Ran by tomas (01-06-2017 14:56:17) Run:2
Running from C:\Users\tomas\Desktop
Loaded Profiles: tomas (Available Profiles: tomas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1772258607-4237981511-2433331023-1001\...\Policies\Explorer: []
SearchScopes: HKU\S-1-5-21-1772258607-4237981511-2433331023-1001 -> DefaultScope {5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB} URL =
SearchScopes: HKU\S-1-5-21-1772258607-4237981511-2433331023-1001 -> {5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB} URL =
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\KMSAutoNet
C:\ProgramData\KMSAutoS
C:\ProgramData\DP45977C.lfl
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

EmptyTemp:
End
*****************

HKU\S-1-5-21-1772258607-4237981511-2433331023-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-1772258607-4237981511-2433331023-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1772258607-4237981511-2433331023-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB} => key removed successfully
HKCR\CLSID\{5CE0BC2D-CB8C-4D7B-B4BA-08FC77D881DB} => key not found.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\KMSAutoNet => moved successfully
C:\ProgramData\KMSAutoS => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94994830 B
Java, Flash, Steam htmlcache => 117357508 B
Windows/system/drivers => 19108837 B
Edge => 1952803 B
Chrome => 91938541 B
Firefox => 389479508 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3266 B
NetworkService => 0 B
tomas => 40439226 B

RecycleBin => 939437597 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:56:27 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[godfather13]

Už neevidujem žiadne vyskakovanie okien. Ďakujem veľmi pekne za pomoc.

[Rudy]

Nemáte zač!