Dobrý den,
prosím o pomoc. Povedlo se mi zavirovat si počítač tímto pokladem. Hledala jsem na fórech rady, jak se toho zbavit, protože mi poskytovatel vypl připojení k netu za šíření spamu (tak jsem na to došla, že jsem zavirovaná). Aby mi ho zapl, musím být čistá. Moc moc prosím o kontrolu logu po "údržbě" a případně radu (nejlépe jak pro blbečka), jak postupovat dál.
Mám Winy 10, provedla jsem scan ESET Security, Virus scan ClamWinem, CCleanerem jsem vyčistila Registry a takto teď vypadá RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 11:00:09
Microsoft Windows 10 Home
System drive C: has 233 GB (54%) free of 435 GB
Total RAM: 3979 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:00:20, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Program Files\trend micro\Ludmila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={597D4DB3 ... 2016-10-23 15:54:02&v=4.3.6.255&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 2.21.74.75 n6849213.iavs9x.avg.u.avcdn.net
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 13979 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b35e816a-190c-4627-9814-0116c6a5d92b -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3e190f85-435b-45d1-85a3-e7208293812b -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f11d4c39-b07e-4b56-89cc-48d85ffea2d7 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4cb51109-a12b-4643-bbfa-ba99fd05a25e -LifetimeId:f8f7ab45-8bd7-43d6-b5b0-4bbc52570229 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
dashost.exe {9b65e0b4-d888-4447-848212bac74a142e}
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\windows\system32\CxAudMsg64.exe
C:\WINDOWS\system32\ibtsiva
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe" /LOGON
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1d4,0x1d8,0x1dc,0x1d0,0x1e0,0x7fff2c2964d0,0x7fff2c2964e0,0x7fff2c2964f0
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=8248 --on-initialized-event-handle=656 --parent-handle=660 /prefetch:6
"C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3301541838263162028 --mojo-platform-channel-handle=1560 --ignored=" --type=renderer " /prefetch:2
adb fork-server server
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --service-pipe-token=914634902431520906 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=914634902431520906 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --service-pipe-token=13541673783443561730 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13541673783443561730 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --service-pipe-token=48580315749594021 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=48580315749594021 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Ludmila\AppData\Local\Steam\htmlcache" "-steampid=8276" "-buildid=1543346820" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Ludmila\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1543346820 --initial-client-data=0x328,0x32c,0x330,0x324,0x334,0x6e5bd758,0x6e5bd768,0x6e5bd774
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --service-request-channel-token=174DBC3C45C20A2225FC563D35F53E47 --mojo-platform-channel-handle=1324 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.AppX6an27ssxm1kq22j0wm54a996rsgjh8an.mca
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=DBBCF821BC0A7A29098355866B785DBE --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1543346820 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=DBBCF821BC0A7A29098355866B785DBE --renderer-client-id=4 --mojo-platform-channel-handle=2000 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=AD00D87749106F47329B7A1357A28740 --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1543346820 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=AD00D87749106F47329B7A1357A28740 --renderer-client-id=5 --mojo-platform-channel-handle=2544 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\rempl\sedsvc.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
c:\windows\system32\svchost.exe -k netsvcs -p -s XblAuthManager
"C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe" 1 69
"C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe" 1 71
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --service-pipe-token=6299917473164192717 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6299917473164192717 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/0/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/default/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="9564.2.536871958\1531235113" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --service-pipe-token=8724409818774633775 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8724409818774633775 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1548,4818999377923720460,3290031622347999500,131072 --service-pipe-token=454743940745492301 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=454743940745492301 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 740 748 756 8192 752
"C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe" 1 62
"C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe" 1 60
"C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe" 1 61
"C:\Program Files\rempl\sedlauncher.exe"
"C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe"
C:\WINDOWS\system32\AUDIODG.EXE 0x4c4
"C:\Users\Ludmila\Downloads\RSITx64.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
======Scheduled tasks folder======
C:\WINDOWS\tasks\Online Application V2G1.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 69
C:\WINDOWS\tasks\Online Application V2G2.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 70
C:\WINDOWS\tasks\Online Application V2G3.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 71
C:\WINDOWS\tasks\Online Application V2G4.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 60
C:\WINDOWS\tasks\Online Application V2G5.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 61
C:\WINDOWS\tasks\Online Application V2G6.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 62
C:\WINDOWS\tasks\Updater_Online_Application.job - C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe /silentall -nofreqcheck
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2018-12-12 1587680]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
"ClamWin"=C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [2018-03-03 86016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-27 00:45:18 ----D---- C:\Users\Ludmila\AppData\Roaming\.clamwin
2018-12-27 00:44:27 ----D---- C:\ProgramData\.clamwin
2018-12-27 00:44:27 ----D---- C:\Program Files (x86)\ClamWin
2018-12-27 00:40:55 ----HD---- C:\OneDriveTemp
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:13:38 ----SHD---- C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341
2018-12-26 20:10:25 ----A---- C:\ProgramData\nss3.dll
2018-12-26 20:10:21 ----A---- C:\ProgramData\mozglue.dll
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:27:52 ----D---- C:\Program Files (x86)\Microleaves
2018-12-26 19:25:08 ----D---- C:\Users\Ludmila\AppData\Roaming\Microleaves
2018-12-26 19:19:06 ----D---- C:\ProgramData\Blogger
2018-12-26 19:16:44 ----D---- C:\ProgramData\Eres
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 11:00:17 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 11:00:15 ----D---- C:\WINDOWS\Prefetch
2018-12-27 10:59:54 ----D---- C:\WINDOWS\Temp
2018-12-27 10:51:58 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 10:49:51 ----D---- C:\WINDOWS\system32\sru
2018-12-27 09:53:46 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 02:56:53 ----SHD---- C:\System Volume Information
2018-12-27 01:48:02 ----D---- C:\WINDOWS\Logs
2018-12-27 01:46:08 ----D---- C:\Windows
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:13 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:44:27 ----RD---- C:\Program Files (x86)
2018-12-27 00:44:27 ----HD---- C:\ProgramData
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:51:07 ----D---- C:\WINDOWS\system32\drivers
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:27 ----SHD---- C:\WINDOWS\Installer
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:24 ----D---- C:\WINDOWS\INF
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SysWOW64
2018-12-26 19:27:21 ----D---- C:\WINDOWS\Tasks
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 19:12:57 ----D---- C:\WINDOWS\AppReadiness
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files\Common Files
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----D---- C:\WINDOWS\System32
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-23 11:01:40 ----D---- C:\WINDOWS\CbsTemp
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-16 09:42:45 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_461bf;Uživatelská služba platformy připojených zařízení_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_461bf;Hostitel synchronizace_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_461bf;Data kontaktů_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_461bf;Uživatelská služba pro GameDVR a vysílání her_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_461bf;Služba pro podporu uživatelů Bluetooth_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_461bf;DevicePicker_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_461bf;Tok zařízení_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_461bf;Služba zasílání zpráv_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_461bf;PrintWorkflow_461bf; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
Díky moc za radu!
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trojan Tofsee - kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Trojan Tofsee - kontrola logu
Ahoj,
na zaciatok odinstaluj ClamWin a vycisti PC s Adwcleanerom -log sem
na zaciatok odinstaluj ClamWin a vycisti PC s Adwcleanerom -log sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Trojan Tofsee - kontrola logu
Provedeno. Pořád mi tam asi něco trčí. Vůbec netuším, co je SweetLabs.
AdwCleaner:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-27-2018
# Duration: 00:00:44
# OS: Windows 10 Home
# Cleaned: 145
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\Ludmila\AppData\Roaming\Microleaves
Deleted C:\ProgramData\Pokki
Deleted C:\Users\Public\Pokki
Deleted C:\Users\Ludmila\AppData\Local\Pokki
Deleted C:\ProgramData\AVG_UPDATE_1215AV
Deleted C:\ProgramData\AVG_UPDATE_1015AV
Deleted C:\ProgramData\AVG_UPDATE_0316AV
Deleted C:\ProgramData\AVG_UPDATE_0116AV
Not Deleted C:\Users\Ludmila\AppData\Local\SweetLabs App Platform
Deleted C:\ProgramData\AVG Security Toolbar
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
Deleted C:\Users\Ludmila\AppData\Local\UpdateAdmin
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\SweetLabs App Platform
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted C:\Windows\SysWOW64\VisualDiscovery.ini
Deleted C:\Windows\System32\VisualDiscoveryOff.ini
Deleted C:\Windows\SysWOW64\VisualDiscoveryOff.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\System32\Tasks\1015AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\0116AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\SweetLabs App Platform
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77ADAF2A-FA9A-4D2F-BA05-81B5A621872B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77ADAF2A-FA9A-4D2F-BA05-81B5A621872B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB91CA14-4AA0-4176-9865-A1D1B16C7380}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB91CA14-4AA0-4176-9865-A1D1B16C7380}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40A9FE41-2ECE-4C5A-AF42-77EBAFD87BC2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40A9FE41-2ECE-4C5A-AF42-77EBAFD87BC2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted HKCU\Software\SweetLabs App Platform
Deleted HKCU\Software\Classes\lnkfile\shell\pokki
Deleted HKCU\Software\Classes\Drive\shell\pokki
Deleted HKCU\Software\Classes\Directory\shell\pokki
Deleted HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted HKCU\Software\Classes\pokki
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23D46856-817F-4AD5-97BB-81CD7EF1D028}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23D46856-817F-4AD5-97BB-81CD7EF1D028}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2493CFE-4EFA-4F96-BD4C-3E850E49D923}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2493CFE-4EFA-4F96-BD4C-3E850E49D923}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116avUpdateInfo
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKCU\Software\DownloadAdmin
Deleted HKCU\Software\SIMPLYTECH
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
Deleted HKLM\Software\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
Deleted HKLM\Software\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Deleted HKLM\Software\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Deleted HKLM\Software\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Deleted HKLM\Software\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Deleted HKLM\Software\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Deleted HKLM\Software\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Deleted HKLM\Software\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Deleted HKLM\Software\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Deleted HKLM\Software\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Deleted HKLM\Software\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A51AE94-57A8-4419-BE6C-430FB65DBAF1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0701A6AA-864B-4AB3-B431-9C99198027EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0701A6AA-864B-4AB3-B431-9C99198027EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{341B274C-6526-4CA2-812D-50EA8D78153D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{341B274C-6526-4CA2-812D-50EA8D78153D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD317B6-984E-45FA-BCBE-9979DDAEE62D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD317B6-984E-45FA-BCBE-9979DDAEE62D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\omniboxes.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A324F315-777D-4BB6-B69D-46718F4BB6E9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A324F315-777D-4BB6-B69D-46718F4BB6E9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\Software\Wow6432Node\omniboxesSoftware
Deleted HKCU\Software\TNT2
Deleted HKLM\Software\Wow6432Node\VisualDiscovery
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Deleted HKLM\Software\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Deleted HKLM\Software\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Deleted HKLM\Software\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted omniboxes
Deleted slunecnice.cz
Deleted Softonic EN
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [16310 octets] - [27/12/2018 12:19:59]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 12:31:55
Microsoft Windows 10 Home
System drive C: has 233 GB (54%) free of 435 GB
Total RAM: 3979 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:00, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Users\Ludmila\Downloads\adwcleaner_7.2.6.0.exe
C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Lenovo\iMController\AutoUpdate.exe
C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
C:\Program Files\trend micro\Ludmila.exe
C:\Program Files\Lenovo\iMController\PluginCommunication.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 2.21.74.75 n6849213.iavs9x.avg.u.avcdn.net
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 13656 bytes
======Listing Processes======
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-452252a6-27c8-427d-b976-50823279c480 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-95a9f3fa-aa6f-4fe2-a780-037bbe930681 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ef0f8d5b-2574-4655-9d99-d3c61f121479 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2e000cbb-3616-45f9-b6f8-95e065460cc8 -LifetimeId:2386b403-58ec-4a7a-9682-4815b466238c -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
dashost.exe {7edfdd17-7634-4928-a08b5d4ebd44a963}
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\AUDIODG.EXE 0x3d0
C:\windows\system32\CxAudMsg64.exe
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Program Files\rempl\sedsvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
winlogon.exe
"fontdrvhost.exe"
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:/Users/Ludmila/Downloads/adwcleaner_7.2.6.0.exe /r
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\smartscreen.exe -Embedding
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"ctfmon.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Windows\RTFTrack.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXggkaqzf6p31g37n0m8phzeswb0rt9m7e.mca
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.AppX6an27ssxm1kq22j0wm54a996rsgjh8an.mca
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ffce15a64d0,0x7ffce15a64e0,0x7ffce15a64f0
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Microsoft.XboxApp.AppXf74jmpwd42x7vxttda454sh29n0qpb8x.mca
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9000 --on-initialized-event-handle=660 --parent-handle=664 /prefetch:6
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3011643984794074202 --mojo-platform-channel-handle=1624 --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=1259998303211945571 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1259998303211945571 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=8340555990017359258 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8340555990017359258 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=9758762273783562534 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9758762273783562534 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=11990367419856375105 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11990367419856375105 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 748 752 760 8192 756
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Ludmila\AppData\Local\Steam\htmlcache" "-steampid=9116" "-buildid=1543346820" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Ludmila\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1543346820 --initial-client-data=0x328,0x32c,0x330,0x324,0x334,0x6ea7d758,0x6ea7d768,0x6ea7d774
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --service-request-channel-token=3E442565DA339E4ACA034762CF46DC8B --mojo-platform-channel-handle=1480 --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=A95B3D70BA20FE503AB8D63B6C212A77 --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1543346820 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=A95B3D70BA20FE503AB8D63B6C212A77 --renderer-client-id=4 --mojo-platform-channel-handle=1924 /prefetch:1
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=832061A0D516CA2B01FA4E3A0636C65F --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1543346820 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=832061A0D516CA2B01FA4E3A0636C65F --renderer-client-id=5 --mojo-platform-channel-handle=2432 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalService -p
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=1288346929505915868 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1288346929505915868 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
"C:\Program Files\Lenovo\iMController\AutoUpdate.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s XblAuthManager
"C:\Program Files\Lenovo\iMController\LegacyFeatures.exe" run
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Users\Ludmila\Downloads\RSITx64.exe"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Program Files\Lenovo\iMController\PluginCommunication.exe" "Lenovo.Plugins.MachineInformation_007" "E046963F.LenovoCompanion_k1h2ywk1493x8" "lenovo-metro-support" "C:\Users\Ludmila\AppData\Local\Packages\E046963F.LenovoCompanion_k1h2ywk1493x8\LocalState" "Lenovo.Plugins.MachineInformation.dll"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2018-12-12 1587680]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 12:18:27 ----D---- C:\AdwCleaner
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-27 00:40:55 ----HD---- C:\OneDriveTemp
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:13:38 ----SHD---- C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341
2018-12-26 20:10:25 ----A---- C:\ProgramData\nss3.dll
2018-12-26 20:10:21 ----A---- C:\ProgramData\mozglue.dll
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:19:06 ----D---- C:\ProgramData\Blogger
2018-12-26 19:16:44 ----D---- C:\ProgramData\Eres
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 12:30:50 ----D---- C:\WINDOWS\Temp
2018-12-27 12:30:17 ----D---- C:\WINDOWS\Prefetch
2018-12-27 12:28:28 ----RD---- C:\Users
2018-12-27 12:28:22 ----D---- C:\WINDOWS\AppReadiness
2018-12-27 12:27:09 ----D---- C:\WINDOWS\CbsTemp
2018-12-27 12:26:21 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 12:21:43 ----D---- C:\WINDOWS\system32\sru
2018-12-27 12:21:07 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 12:20:59 ----HD---- C:\ProgramData
2018-12-27 12:20:58 ----RD---- C:\Program Files (x86)
2018-12-27 12:20:58 ----D---- C:\WINDOWS\Tasks
2018-12-27 12:20:43 ----SHD---- C:\WINDOWS\Installer
2018-12-27 12:20:42 ----D---- C:\WINDOWS\SysWOW64
2018-12-27 12:20:42 ----D---- C:\WINDOWS\System32
2018-12-27 12:20:22 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 11:37:36 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 11:01:20 ----D---- C:\Windows
2018-12-27 11:00:17 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 02:56:53 ----SHD---- C:\System Volume Information
2018-12-27 01:48:02 ----D---- C:\WINDOWS\Logs
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:51:07 ----D---- C:\WINDOWS\system32\drivers
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:24 ----D---- C:\WINDOWS\INF
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files\Common Files
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-16 09:42:45 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_10df3f;Uživatelská služba platformy připojených zařízení_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_10df3f;Hostitel synchronizace_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_10df3f;Data kontaktů_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_10df3f;Uživatelská služba pro GameDVR a vysílání her_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_10df3f;Služba pro podporu uživatelů Bluetooth_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_10df3f;DevicePicker_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_10df3f;Tok zařízení_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_10df3f;Služba zasílání zpráv_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_10df3f;PrintWorkflow_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
AdwCleaner:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-27-2018
# Duration: 00:00:44
# OS: Windows 10 Home
# Cleaned: 145
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\Ludmila\AppData\Roaming\Microleaves
Deleted C:\ProgramData\Pokki
Deleted C:\Users\Public\Pokki
Deleted C:\Users\Ludmila\AppData\Local\Pokki
Deleted C:\ProgramData\AVG_UPDATE_1215AV
Deleted C:\ProgramData\AVG_UPDATE_1015AV
Deleted C:\ProgramData\AVG_UPDATE_0316AV
Deleted C:\ProgramData\AVG_UPDATE_0116AV
Not Deleted C:\Users\Ludmila\AppData\Local\SweetLabs App Platform
Deleted C:\ProgramData\AVG Security Toolbar
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
Deleted C:\Users\Ludmila\AppData\Local\UpdateAdmin
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\SweetLabs App Platform
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted C:\Windows\SysWOW64\VisualDiscovery.ini
Deleted C:\Windows\System32\VisualDiscoveryOff.ini
Deleted C:\Windows\SysWOW64\VisualDiscoveryOff.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\System32\Tasks\1015AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\0116AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\SweetLabs App Platform
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77ADAF2A-FA9A-4D2F-BA05-81B5A621872B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77ADAF2A-FA9A-4D2F-BA05-81B5A621872B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB91CA14-4AA0-4176-9865-A1D1B16C7380}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB91CA14-4AA0-4176-9865-A1D1B16C7380}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40A9FE41-2ECE-4C5A-AF42-77EBAFD87BC2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40A9FE41-2ECE-4C5A-AF42-77EBAFD87BC2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted HKCU\Software\SweetLabs App Platform
Deleted HKCU\Software\Classes\lnkfile\shell\pokki
Deleted HKCU\Software\Classes\Drive\shell\pokki
Deleted HKCU\Software\Classes\Directory\shell\pokki
Deleted HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted HKCU\Software\Classes\pokki
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23D46856-817F-4AD5-97BB-81CD7EF1D028}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23D46856-817F-4AD5-97BB-81CD7EF1D028}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2493CFE-4EFA-4F96-BD4C-3E850E49D923}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2493CFE-4EFA-4F96-BD4C-3E850E49D923}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116avUpdateInfo
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKCU\Software\DownloadAdmin
Deleted HKCU\Software\SIMPLYTECH
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
Deleted HKLM\Software\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
Deleted HKLM\Software\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Deleted HKLM\Software\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Deleted HKLM\Software\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Deleted HKLM\Software\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Deleted HKLM\Software\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Deleted HKLM\Software\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Deleted HKLM\Software\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Deleted HKLM\Software\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Deleted HKLM\Software\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Deleted HKLM\Software\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A51AE94-57A8-4419-BE6C-430FB65DBAF1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0701A6AA-864B-4AB3-B431-9C99198027EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0701A6AA-864B-4AB3-B431-9C99198027EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{341B274C-6526-4CA2-812D-50EA8D78153D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{341B274C-6526-4CA2-812D-50EA8D78153D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD317B6-984E-45FA-BCBE-9979DDAEE62D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD317B6-984E-45FA-BCBE-9979DDAEE62D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\omniboxes.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A324F315-777D-4BB6-B69D-46718F4BB6E9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A324F315-777D-4BB6-B69D-46718F4BB6E9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\Software\Wow6432Node\omniboxesSoftware
Deleted HKCU\Software\TNT2
Deleted HKLM\Software\Wow6432Node\VisualDiscovery
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Deleted HKLM\Software\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Deleted HKLM\Software\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Deleted HKLM\Software\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted omniboxes
Deleted slunecnice.cz
Deleted Softonic EN
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [16310 octets] - [27/12/2018 12:19:59]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 12:31:55
Microsoft Windows 10 Home
System drive C: has 233 GB (54%) free of 435 GB
Total RAM: 3979 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:00, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Users\Ludmila\Downloads\adwcleaner_7.2.6.0.exe
C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Lenovo\iMController\AutoUpdate.exe
C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
C:\Program Files\trend micro\Ludmila.exe
C:\Program Files\Lenovo\iMController\PluginCommunication.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 2.21.74.75 n6849213.iavs9x.avg.u.avcdn.net
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 13656 bytes
======Listing Processes======
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-452252a6-27c8-427d-b976-50823279c480 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-95a9f3fa-aa6f-4fe2-a780-037bbe930681 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ef0f8d5b-2574-4655-9d99-d3c61f121479 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2e000cbb-3616-45f9-b6f8-95e065460cc8 -LifetimeId:2386b403-58ec-4a7a-9682-4815b466238c -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
dashost.exe {7edfdd17-7634-4928-a08b5d4ebd44a963}
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\AUDIODG.EXE 0x3d0
C:\windows\system32\CxAudMsg64.exe
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Program Files\rempl\sedsvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
winlogon.exe
"fontdrvhost.exe"
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:/Users/Ludmila/Downloads/adwcleaner_7.2.6.0.exe /r
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\smartscreen.exe -Embedding
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"ctfmon.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Windows\RTFTrack.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXggkaqzf6p31g37n0m8phzeswb0rt9m7e.mca
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.AppX6an27ssxm1kq22j0wm54a996rsgjh8an.mca
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ffce15a64d0,0x7ffce15a64e0,0x7ffce15a64f0
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Microsoft.XboxApp.AppXf74jmpwd42x7vxttda454sh29n0qpb8x.mca
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9000 --on-initialized-event-handle=660 --parent-handle=664 /prefetch:6
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3011643984794074202 --mojo-platform-channel-handle=1624 --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=1259998303211945571 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1259998303211945571 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=8340555990017359258 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8340555990017359258 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=9758762273783562534 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9758762273783562534 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=11990367419856375105 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11990367419856375105 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 748 752 760 8192 756
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Ludmila\AppData\Local\Steam\htmlcache" "-steampid=9116" "-buildid=1543346820" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Ludmila\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1543346820 --initial-client-data=0x328,0x32c,0x330,0x324,0x334,0x6ea7d758,0x6ea7d768,0x6ea7d774
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --service-request-channel-token=3E442565DA339E4ACA034762CF46DC8B --mojo-platform-channel-handle=1480 --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=A95B3D70BA20FE503AB8D63B6C212A77 --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1543346820 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=A95B3D70BA20FE503AB8D63B6C212A77 --renderer-client-id=4 --mojo-platform-channel-handle=1924 /prefetch:1
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --service-pipe-token=832061A0D516CA2B01FA4E3A0636C65F --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --disable-spell-checking --buildid=1543346820 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=832061A0D516CA2B01FA4E3A0636C65F --renderer-client-id=5 --mojo-platform-channel-handle=2432 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalService -p
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,16488802081556598717,17174292252532065936,131072 --service-pipe-token=1288346929505915868 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1288346929505915868 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
"C:\Program Files\Lenovo\iMController\AutoUpdate.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s XblAuthManager
"C:\Program Files\Lenovo\iMController\LegacyFeatures.exe" run
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Users\Ludmila\Downloads\RSITx64.exe"
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Program Files\Lenovo\iMController\PluginCommunication.exe" "Lenovo.Plugins.MachineInformation_007" "E046963F.LenovoCompanion_k1h2ywk1493x8" "lenovo-metro-support" "C:\Users\Ludmila\AppData\Local\Packages\E046963F.LenovoCompanion_k1h2ywk1493x8\LocalState" "Lenovo.Plugins.MachineInformation.dll"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2018-12-12 1587680]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 12:18:27 ----D---- C:\AdwCleaner
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-27 00:40:55 ----HD---- C:\OneDriveTemp
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:13:38 ----SHD---- C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341
2018-12-26 20:10:25 ----A---- C:\ProgramData\nss3.dll
2018-12-26 20:10:21 ----A---- C:\ProgramData\mozglue.dll
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:19:06 ----D---- C:\ProgramData\Blogger
2018-12-26 19:16:44 ----D---- C:\ProgramData\Eres
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 12:30:50 ----D---- C:\WINDOWS\Temp
2018-12-27 12:30:17 ----D---- C:\WINDOWS\Prefetch
2018-12-27 12:28:28 ----RD---- C:\Users
2018-12-27 12:28:22 ----D---- C:\WINDOWS\AppReadiness
2018-12-27 12:27:09 ----D---- C:\WINDOWS\CbsTemp
2018-12-27 12:26:21 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 12:21:43 ----D---- C:\WINDOWS\system32\sru
2018-12-27 12:21:07 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 12:20:59 ----HD---- C:\ProgramData
2018-12-27 12:20:58 ----RD---- C:\Program Files (x86)
2018-12-27 12:20:58 ----D---- C:\WINDOWS\Tasks
2018-12-27 12:20:43 ----SHD---- C:\WINDOWS\Installer
2018-12-27 12:20:42 ----D---- C:\WINDOWS\SysWOW64
2018-12-27 12:20:42 ----D---- C:\WINDOWS\System32
2018-12-27 12:20:22 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 11:37:36 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 11:01:20 ----D---- C:\Windows
2018-12-27 11:00:17 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 02:56:53 ----SHD---- C:\System Volume Information
2018-12-27 01:48:02 ----D---- C:\WINDOWS\Logs
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:51:07 ----D---- C:\WINDOWS\system32\drivers
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:24 ----D---- C:\WINDOWS\INF
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files\Common Files
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-16 09:42:45 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_10df3f;Uživatelská služba platformy připojených zařízení_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_10df3f;Hostitel synchronizace_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_10df3f;Data kontaktů_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_10df3f;Uživatelská služba pro GameDVR a vysílání her_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_10df3f;Služba pro podporu uživatelů Bluetooth_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_10df3f;DevicePicker_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_10df3f;Tok zařízení_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_10df3f;Služba zasílání zpráv_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_10df3f;PrintWorkflow_10df3f; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
Re: Trojan Tofsee - kontrola logu
Pouzi este JRT podla Rudyho navodu https://forum.viry.cz/viewtopic.php?f=1 ... e#p1514790
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Trojan Tofsee - kontrola logu
Tak už i toto mám za sebou. Asi tam pořád něco je. ESET nachází soubor "MBR sektor 0.fyzického disku - WIN32/Pitou.J trojský kůň" 
To je nějaká odolná potvora toto 
Níže JRT, zoek a nový RSIT log
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Ludmila (Administrator) on 27.12.2018 at 15:02:17,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.12.2018 at 15:09:31,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZOEK:
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Ludmila on 27.12.2018 at 13:46:27,59.
Microsoft Windows 10 Home 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ludmila\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27.12.2018 13:51:00 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Cisco deleted successfully
C:\PROGRA~2\New Folder deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Eres deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Ludmila\AppData\Roaming\Opera Software deleted successfully
C:\Users\Ludmila\AppData\Roaming\QuickScan deleted successfully
C:\Users\Ludmila\AppData\Local\ActiveSync deleted successfully
C:\Users\Ludmila\AppData\Local\DBG deleted successfully
C:\Users\Ludmila\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Ludmila\AppData\Local\EmieSiteList deleted successfully
C:\Users\Ludmila\AppData\Local\EmieUserList deleted successfully
C:\Users\Ludmila\AppData\Local\NetworkTiles deleted successfully
C:\Users\Ludmila\AppData\Local\Opera Software deleted successfully
C:\Users\Ludmila\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Cisco not found
C:\PROGRA~2\New Folder not found
C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341 deleted
C:\windows\SysNative\Tasks\0216scUpdateInfo deleted
C:\WINDOWS\sysWoW64\config\systemprofile\.android deleted
C:\Users\Ludmila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\PROGRA~3\mozglue.dll deleted
C:\PROGRA~3\nss3.dll deleted
C:\PROGRA~3\Avg_Update_0216sc deleted
C:\PROGRA~3\Avg_Update_0717tb_a07980 deleted
C:\PROGRA~3\Package Cache deleted
C:\PROGRA~3\Trymedia deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Pokki deleted
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Pokki deleted
C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
==== Orphaned Tasks deleted from Registry ======================
0216scUpdateInfo deleted
==== Chromium Look ======================
Google Chrome Version: 71.0.3578.98
Seznam doplněk - Esko- - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
KMPlayer for Chrome - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanhlgdkijihdflgmdobeohanbfamho
McAfee SECURE - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn
Chrome Media Router - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... 02&pc=UE15
HKCU\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} - No_Url_Value
==== Reset Google Chrome ======================
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF21886f3.TMP will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3370d3e8.TMP will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Edge Cache ======================
Edge Cache Emptied Successfully
==== Empty Chrome Cache ======================
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11671 folders=311 656744795 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ludmila\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Ludmila\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF21886f3.TMP" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3370d3e8.TMP" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
==== EOF on 27.12.2018 at 14:59:21,42 ======================
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 15:11:46
Microsoft Windows 10 Home
System drive C: has 234 GB (54%) free of 435 GB
Total RAM: 3979 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:11:54, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Program Files\trend micro\Ludmila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 12609 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8955367a-52a5-4ec3-99e6-60602239dd2c -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-fdb34b97-f033-4276-8864-0ffa2cbea640 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2fb7e42d-7459-4c7c-b08c-a7de94cb8097 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7bd0b914-5816-424e-8e5f-0c5586ae8a68 -LifetimeId:bc012e83-aafe-4a40-818a-56a9a9a52c11 -DeviceGroupId:WudfDefaultDevicePool
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
dashost.exe {79e9e8f4-316e-4ac3-9602fb083b055b50}
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\windows\system32\CxAudMsg64.exe
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\WINDOWS\system32\ibtsiva
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"ctfmon.exe"
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
c:\windows\system32\svchost.exe -k netsvcs -p
adb fork-server server
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
"C:\Program Files\rempl\sedsvc.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "LSC Memory|0x1020_0x2764_0x49a9b5ba"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s pla
C:\WINDOWS\system32\AUDIODG.EXE 0x4a4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1f0,0x1f4,0x1f8,0x1ec,0x1fc,0x7ffd503b64d0,0x7ffd503b64e0,0x7ffd503b64f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9192 --on-initialized-event-handle=692 --parent-handle=696 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1572,8723499718592300550,17907200472319544772,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5201121421491378868 --mojo-platform-channel-handle=1584 --ignored=" --type=renderer " /prefetch:2
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,8723499718592300550,17907200472319544772,131072 --service-pipe-token=11041163568510623138 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11041163568510623138 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,8723499718592300550,17907200472319544772,131072 --service-pipe-token=13936286130627190469 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13936286130627190469 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
"C:\Users\Ludmila\Desktop\RSITx64.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 15:01:23 ----HD---- C:\OneDriveTemp
2018-12-27 14:59:27 ----SHD---- C:\$RECYCLE.BIN
2018-12-27 14:56:27 ----A---- C:\WINDOWS\zoek-delete.exe
2018-12-27 14:56:25 ----D---- C:\WINDOWS\Temp
2018-12-27 13:46:12 ----D---- C:\zoek_backup
2018-12-27 12:18:27 ----D---- C:\AdwCleaner
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:19:06 ----D---- C:\ProgramData\Blogger
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 15:10:43 ----D---- C:\WINDOWS\Prefetch
2018-12-27 15:03:31 ----SHD---- C:\System Volume Information
2018-12-27 14:59:23 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 14:58:10 ----HD---- C:\ProgramData
2018-12-27 14:58:04 ----D---- C:\Windows
2018-12-27 14:57:21 ----D---- C:\WINDOWS\system32\sru
2018-12-27 14:42:15 ----HD---- C:\WINDOWS\system32\GroupPolicy
2018-12-27 14:42:15 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2018-12-27 14:41:55 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 13:59:01 ----RD---- C:\Program Files (x86)
2018-12-27 13:59:01 ----D---- C:\Program Files\Common Files
2018-12-27 13:53:03 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 13:46:15 ----D---- C:\WINDOWS\SysWOW64
2018-12-27 13:29:16 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 12:28:28 ----RD---- C:\Users
2018-12-27 12:28:24 ----D---- C:\WINDOWS\AppReadiness
2018-12-27 12:27:14 ----D---- C:\WINDOWS\CbsTemp
2018-12-27 12:20:58 ----D---- C:\WINDOWS\Tasks
2018-12-27 12:20:43 ----SHD---- C:\WINDOWS\Installer
2018-12-27 12:20:42 ----D---- C:\WINDOWS\System32
2018-12-27 12:20:22 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 01:48:02 ----D---- C:\WINDOWS\Logs
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:51:07 ----D---- C:\WINDOWS\system32\drivers
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:24 ----D---- C:\WINDOWS\INF
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-16 09:42:45 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_4f90e;Uživatelská služba platformy připojených zařízení_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_4f90e;Hostitel synchronizace_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_4f90e;Data kontaktů_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_4f90e;Uživatelská služba pro GameDVR a vysílání her_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_4f90e;Služba pro podporu uživatelů Bluetooth_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_4f90e;DevicePicker_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_4f90e;Tok zařízení_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_4f90e;Služba zasílání zpráv_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_4f90e;PrintWorkflow_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
To je nějaká odolná potvora toto Níže JRT, zoek a nový RSIT logJRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Ludmila (Administrator) on 27.12.2018 at 15:02:17,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E9C6095D8424EAA20FEDBFBD94483E1A (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.12.2018 at 15:09:31,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZOEK:
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Ludmila on 27.12.2018 at 13:46:27,59.
Microsoft Windows 10 Home 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ludmila\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27.12.2018 13:51:00 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Cisco deleted successfully
C:\PROGRA~2\New Folder deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Eres deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Ludmila\AppData\Roaming\Opera Software deleted successfully
C:\Users\Ludmila\AppData\Roaming\QuickScan deleted successfully
C:\Users\Ludmila\AppData\Local\ActiveSync deleted successfully
C:\Users\Ludmila\AppData\Local\DBG deleted successfully
C:\Users\Ludmila\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Ludmila\AppData\Local\EmieSiteList deleted successfully
C:\Users\Ludmila\AppData\Local\EmieUserList deleted successfully
C:\Users\Ludmila\AppData\Local\NetworkTiles deleted successfully
C:\Users\Ludmila\AppData\Local\Opera Software deleted successfully
C:\Users\Ludmila\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Cisco not found
C:\PROGRA~2\New Folder not found
C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341 deleted
C:\windows\SysNative\Tasks\0216scUpdateInfo deleted
C:\WINDOWS\sysWoW64\config\systemprofile\.android deleted
C:\Users\Ludmila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\PROGRA~3\mozglue.dll deleted
C:\PROGRA~3\nss3.dll deleted
C:\PROGRA~3\Avg_Update_0216sc deleted
C:\PROGRA~3\Avg_Update_0717tb_a07980 deleted
C:\PROGRA~3\Package Cache deleted
C:\PROGRA~3\Trymedia deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Pokki deleted
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Pokki deleted
C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
==== Orphaned Tasks deleted from Registry ======================
0216scUpdateInfo deleted
==== Chromium Look ======================
Google Chrome Version: 71.0.3578.98
Seznam doplněk - Esko- - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
KMPlayer for Chrome - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanhlgdkijihdflgmdobeohanbfamho
McAfee SECURE - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn
Chrome Media Router - Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... 02&pc=UE15
HKCU\SearchScopes\{C0CC6625-DADB-402E-88EA-C5918290AE54} - No_Url_Value
==== Reset Google Chrome ======================
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF21886f3.TMP will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3370d3e8.TMP will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Ludmila\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Edge Cache ======================
Edge Cache Emptied Successfully
==== Empty Chrome Cache ======================
C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11671 folders=311 656744795 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ludmila\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Ludmila\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF21886f3.TMP" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3370d3e8.TMP" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
==== EOF on 27.12.2018 at 14:59:21,42 ======================
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 15:11:46
Microsoft Windows 10 Home
System drive C: has 234 GB (54%) free of 435 GB
Total RAM: 3979 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:11:54, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Program Files\trend micro\Ludmila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 12609 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8955367a-52a5-4ec3-99e6-60602239dd2c -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-fdb34b97-f033-4276-8864-0ffa2cbea640 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2fb7e42d-7459-4c7c-b08c-a7de94cb8097 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7bd0b914-5816-424e-8e5f-0c5586ae8a68 -LifetimeId:bc012e83-aafe-4a40-818a-56a9a9a52c11 -DeviceGroupId:WudfDefaultDevicePool
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
dashost.exe {79e9e8f4-316e-4ac3-9602fb083b055b50}
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\windows\system32\CxAudMsg64.exe
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\WINDOWS\system32\ibtsiva
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"ctfmon.exe"
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
c:\windows\system32\svchost.exe -k netsvcs -p
adb fork-server server
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
"C:\Program Files\rempl\sedsvc.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "LSC Memory|0x1020_0x2764_0x49a9b5ba"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s pla
C:\WINDOWS\system32\AUDIODG.EXE 0x4a4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1f0,0x1f4,0x1f8,0x1ec,0x1fc,0x7ffd503b64d0,0x7ffd503b64e0,0x7ffd503b64f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9192 --on-initialized-event-handle=692 --parent-handle=696 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1572,8723499718592300550,17907200472319544772,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5201121421491378868 --mojo-platform-channel-handle=1584 --ignored=" --type=renderer " /prefetch:2
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,8723499718592300550,17907200472319544772,131072 --service-pipe-token=11041163568510623138 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11041163568510623138 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1572,8723499718592300550,17907200472319544772,131072 --service-pipe-token=13936286130627190469 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13936286130627190469 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
"C:\Users\Ludmila\Desktop\RSITx64.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [2018-12-20 8992976]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 15:01:23 ----HD---- C:\OneDriveTemp
2018-12-27 14:59:27 ----SHD---- C:\$RECYCLE.BIN
2018-12-27 14:56:27 ----A---- C:\WINDOWS\zoek-delete.exe
2018-12-27 14:56:25 ----D---- C:\WINDOWS\Temp
2018-12-27 13:46:12 ----D---- C:\zoek_backup
2018-12-27 12:18:27 ----D---- C:\AdwCleaner
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:19:06 ----D---- C:\ProgramData\Blogger
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 15:10:43 ----D---- C:\WINDOWS\Prefetch
2018-12-27 15:03:31 ----SHD---- C:\System Volume Information
2018-12-27 14:59:23 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 14:58:10 ----HD---- C:\ProgramData
2018-12-27 14:58:04 ----D---- C:\Windows
2018-12-27 14:57:21 ----D---- C:\WINDOWS\system32\sru
2018-12-27 14:42:15 ----HD---- C:\WINDOWS\system32\GroupPolicy
2018-12-27 14:42:15 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2018-12-27 14:41:55 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 13:59:01 ----RD---- C:\Program Files (x86)
2018-12-27 13:59:01 ----D---- C:\Program Files\Common Files
2018-12-27 13:53:03 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 13:46:15 ----D---- C:\WINDOWS\SysWOW64
2018-12-27 13:29:16 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 12:28:28 ----RD---- C:\Users
2018-12-27 12:28:24 ----D---- C:\WINDOWS\AppReadiness
2018-12-27 12:27:14 ----D---- C:\WINDOWS\CbsTemp
2018-12-27 12:20:58 ----D---- C:\WINDOWS\Tasks
2018-12-27 12:20:43 ----SHD---- C:\WINDOWS\Installer
2018-12-27 12:20:42 ----D---- C:\WINDOWS\System32
2018-12-27 12:20:22 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 01:48:02 ----D---- C:\WINDOWS\Logs
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:51:07 ----D---- C:\WINDOWS\system32\drivers
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:24 ----D---- C:\WINDOWS\INF
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-16 09:42:45 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_4f90e;Uživatelská služba platformy připojených zařízení_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_4f90e;Hostitel synchronizace_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_4f90e;Data kontaktů_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_4f90e;Uživatelská služba pro GameDVR a vysílání her_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_4f90e;Služba pro podporu uživatelů Bluetooth_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_4f90e;DevicePicker_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_4f90e;Tok zařízení_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_4f90e;Služba zasílání zpráv_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_4f90e;PrintWorkflow_4f90e; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
Re: Trojan Tofsee - kontrola logu
Skontroluj s MBAR https://www.malwarebytes.com/antirootkit/
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Trojan Tofsee - kontrola logu
Tak s mbar poprvé tři hrozby, nyní čisté. Ale ESET pořád toho trojana nachází a konkrétně, když projedu volitelnou kontrolu, tak je v boot sectoru/UEFI.
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 19:50:11
Microsoft Windows 10 Home
System drive C: has 235 GB (54%) free of 435 GB
Total RAM: 3979 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:32, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\trend micro\Ludmila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 13002 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b773b277-7ac5-42e7-8374-21bb721f19f7 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-bbda2cd1-0108-4c36-8b0b-8bdcca9ba6f3 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-62d5201d-3bef-4cf2-94df-41c4acec1a68 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3e80dfb7-1fb7-48eb-8178-5edce56d933b -LifetimeId:12afbd2f-cdb9-4495-979c-be35d720f55c -DeviceGroupId:WudfDefaultDevicePool
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
dashost.exe {7919354b-b59d-4108-bea54648cc0a96f2}
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\windows\system32\CxAudMsg64.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
igfxEM.exe
igfxHK.exe
igfxTray.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Steam\Steam.exe" -silent
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
adb fork-server server
c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Ludmila\AppData\Local\Steam\htmlcache" "-steampid=7920" "-buildid=1543346820" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Ludmila\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1543346820 --initial-client-data=0x338,0x33c,0x340,0x330,0x344,0x6d1bd758,0x6d1bd768,0x6d1bd774
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --service-request-channel-token=9AD59D358766F22D2F7B1756A74F8FAC --mojo-platform-channel-handle=1336 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\rempl\sedsvc.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "LSC Memory|0x2244_0x23c8_0x4b12b206"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s pla
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
taskhostw.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.AppX6an27ssxm1kq22j0wm54a996rsgjh8an.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1d4,0x1d8,0x1dc,0x1d0,0x1e0,0x7ffacb1064d0,0x7ffacb1064e0,0x7ffacb1064f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9240 --on-initialized-event-handle=652 --parent-handle=656 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12808476153029421436 --mojo-platform-channel-handle=1596 --ignored=" --type=renderer " /prefetch:2
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=6642973845348413301 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6642973845348413301 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=5233084564701374299 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5233084564701374299 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=16942616412829418502 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16942616412829418502 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=7204020117230387272 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7204020117230387272 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=12776919014756793615 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12776919014756793615 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x480
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\Ludmila\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session []
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 18:50:35 ----A---- C:\WINDOWS\system32\drivers\3633126C.sys
2018-12-27 18:50:08 ----HD---- C:\OneDriveTemp
2018-12-27 16:39:00 ----D---- C:\ProgramData\Malwarebytes
2018-12-27 16:38:46 ----A---- C:\WINDOWS\system32\drivers\75137F7B.sys
2018-12-27 16:36:21 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-12-27 16:36:19 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2018-12-27 14:59:27 ----SHD---- C:\$RECYCLE.BIN
2018-12-27 14:56:27 ----A---- C:\WINDOWS\zoek-delete.exe
2018-12-27 14:56:25 ----D---- C:\WINDOWS\Temp
2018-12-27 13:46:12 ----D---- C:\zoek_backup
2018-12-27 12:18:27 ----D---- C:\AdwCleaner
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 19:48:04 ----D---- C:\WINDOWS\system32\sru
2018-12-27 19:39:50 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 19:27:40 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 18:52:59 ----D---- C:\WINDOWS\Prefetch
2018-12-27 18:50:35 ----D---- C:\WINDOWS\system32\drivers
2018-12-27 17:30:23 ----HD---- C:\ProgramData
2018-12-27 17:30:09 ----SHD---- C:\System Volume Information
2018-12-27 16:42:45 ----D---- C:\WINDOWS\debug
2018-12-27 16:34:50 ----D---- C:\Windows
2018-12-27 16:25:12 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 16:24:46 ----D---- C:\WINDOWS\SoftwareDistribution
2018-12-27 16:13:08 ----DC---- C:\WINDOWS\Panther
2018-12-27 16:13:08 ----D---- C:\WINDOWS\INF
2018-12-27 16:13:07 ----D---- C:\WINDOWS\Logs
2018-12-27 16:13:07 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-27 14:42:15 ----HD---- C:\WINDOWS\system32\GroupPolicy
2018-12-27 14:42:15 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2018-12-27 13:59:01 ----RD---- C:\Program Files (x86)
2018-12-27 13:59:01 ----D---- C:\Program Files\Common Files
2018-12-27 13:53:03 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 13:46:15 ----D---- C:\WINDOWS\SysWOW64
2018-12-27 12:28:28 ----RD---- C:\Users
2018-12-27 12:28:24 ----D---- C:\WINDOWS\AppReadiness
2018-12-27 12:27:14 ----D---- C:\WINDOWS\CbsTemp
2018-12-27 12:20:58 ----D---- C:\WINDOWS\Tasks
2018-12-27 12:20:43 ----SHD---- C:\WINDOWS\Installer
2018-12-27 12:20:42 ----D---- C:\WINDOWS\System32
2018-12-27 12:20:22 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_4d166;Uživatelská služba platformy připojených zařízení_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_4d166;Hostitel synchronizace_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_4d166;Data kontaktů_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_4d166;Uživatelská služba pro GameDVR a vysílání her_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_4d166;Služba pro podporu uživatelů Bluetooth_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_4d166;DevicePicker_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_4d166;Tok zařízení_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_4d166;Služba zasílání zpráv_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_4d166;PrintWorkflow_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ludmila at 2018-12-27 19:50:11
Microsoft Windows 10 Home
System drive C: has 235 GB (54%) free of 435 GB
Total RAM: 3979 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:32, on 27.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\trend micro\Ludmila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 13002 bytes
======Listing Processes======
winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b773b277-7ac5-42e7-8374-21bb721f19f7 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-bbda2cd1-0108-4c36-8b0b-8bdcca9ba6f3 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-62d5201d-3bef-4cf2-94df-41c4acec1a68 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3e80dfb7-1fb7-48eb-8178-5edce56d933b -LifetimeId:12afbd2f-cdb9-4495-979c-be35d720f55c -DeviceGroupId:WudfDefaultDevicePool
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
dashost.exe {7919354b-b59d-4108-bea54648cc0a96f2}
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\windows\system32\CxAudMsg64.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
igfxEM.exe
igfxHK.exe
igfxTray.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Steam\Steam.exe" -silent
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
adb fork-server server
c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Ludmila\AppData\Local\Steam\htmlcache" "-steampid=7920" "-buildid=1543346820" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Ludmila\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1543346820 --initial-client-data=0x338,0x33c,0x340,0x330,0x344,0x6d1bd758,0x6d1bd768,0x6d1bd774
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback ... localhost/* --lang=cs-CZ --buildid=1543346820 --steamid=0 --service-request-channel-token=9AD59D358766F22D2F7B1756A74F8FAC --mojo-platform-channel-handle=1336 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\rempl\sedsvc.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "LSC Memory|0x2244_0x23c8_0x4b12b206"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s pla
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
taskhostw.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.AppX6an27ssxm1kq22j0wm54a996rsgjh8an.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x1d4,0x1d8,0x1dc,0x1d0,0x1e0,0x7ffacb1064d0,0x7ffacb1064e0,0x7ffacb1064f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9240 --on-initialized-event-handle=652 --parent-handle=656 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12808476153029421436 --mojo-platform-channel-handle=1596 --ignored=" --type=renderer " /prefetch:2
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=6642973845348413301 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6642973845348413301 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=5233084564701374299 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5233084564701374299 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=16942616412829418502 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16942616412829418502 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=7204020117230387272 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7204020117230387272 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,17548311326290925332,8449543549824916020,131072 --service-pipe-token=12776919014756793615 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12776919014756793615 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x480
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\Ludmila\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14 203552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25 3945672]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2018-11-29 177928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Ludmila\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-12-15 1543264]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-11-26 3131680]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-12-10 19589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #4"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session []
"Application Restart #3"=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-27 18:50:35 ----A---- C:\WINDOWS\system32\drivers\3633126C.sys
2018-12-27 18:50:08 ----HD---- C:\OneDriveTemp
2018-12-27 16:39:00 ----D---- C:\ProgramData\Malwarebytes
2018-12-27 16:38:46 ----A---- C:\WINDOWS\system32\drivers\75137F7B.sys
2018-12-27 16:36:21 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-12-27 16:36:19 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2018-12-27 14:59:27 ----SHD---- C:\$RECYCLE.BIN
2018-12-27 14:56:27 ----A---- C:\WINDOWS\zoek-delete.exe
2018-12-27 14:56:25 ----D---- C:\WINDOWS\Temp
2018-12-27 13:46:12 ----D---- C:\zoek_backup
2018-12-27 12:18:27 ----D---- C:\AdwCleaner
2018-12-27 11:00:09 ----D---- C:\rsit
2018-12-27 00:47:02 ----D---- C:\Program Files\CCleaner
2018-12-26 22:33:05 ----D---- C:\Program Files\trend micro
2018-12-26 21:45:19 ----D---- C:\ProgramData\ESET
2018-12-26 21:45:18 ----D---- C:\Program Files\ESET
2018-12-26 21:27:42 ----D---- C:\Program Files\AVAST Software
2018-12-26 20:15:17 ----D---- C:\WINDOWS\SYSWOW64\ajhfmnxw
2018-12-26 20:10:16 ----D---- C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:49:16 ----D---- C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:16:19 ----D---- C:\ProgramData\HPC
2018-12-26 19:14:04 ----D---- C:\ProgramData\CopyPaste
2018-12-26 18:47:21 ----D---- C:\GOG Games
2018-12-26 17:52:24 ----D---- C:\Program Files (x86)\Ubisoft
2018-12-26 17:49:05 ----D---- C:\Program Files (x86)\Steam
2018-12-23 10:03:25 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03:14 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03:09 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:03:06 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03:02 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03:01 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:02:58 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2018-12-23 10:02:56 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02:54 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\winload.exe
2018-12-23 10:02:52 ----A---- C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02:51 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-12-23 10:02:50 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02:48 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02:47 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02:46 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2018-12-23 10:02:40 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-12-23 10:02:40 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02:36 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-12 19:21:20 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21:07 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21:06 ----A---- C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21:05 ----A---- C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21:04 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-12-12 19:21:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-12-12 19:21:01 ----A---- C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21:00 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:20:59 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-12-12 19:20:57 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20:55 ----A---- C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20:53 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-12-12 19:20:52 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-12-12 19:20:51 ----A---- C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20:50 ----A---- C:\WINDOWS\system32\mos.dll
2018-12-12 19:20:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20:48 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20:47 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2adec.dll
2018-12-12 19:20:46 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-12-12 19:20:45 ----A---- C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20:44 ----A---- C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20:43 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20:42 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20:41 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20:40 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2018-12-12 19:20:39 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\SYSWOW64\WMVDECOD.DLL
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20:37 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-12-12 19:20:36 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20:36 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20:35 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-12-12 19:20:34 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20:33 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20:32 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2018-12-12 19:20:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20:30 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20:27 ----A---- C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\SYSWOW64\MSAudDecMFT.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20:26 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-12-12 19:20:25 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20:24 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-12-12 19:20:23 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20:22 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20:21 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20:18 ----A---- C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20:17 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\mf.dll
2018-12-12 19:20:16 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20:15 ----A---- C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-12-12 19:20:14 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20:13 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20:13 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20:12 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\MapRouter.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\BingOnlineServices.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-12-12 19:20:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20:10 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20:09 ----A---- C:\WINDOWS\system32\ci.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20:08 ----A---- C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\WWAHost.exe
2018-12-12 19:20:07 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\wer.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-12-12 19:20:07 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20:06 ----A---- C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\SYSWOW64\MapGeocoder.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20:05 ----A---- C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-12-12 19:20:04 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-12-12 19:20:03 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-12-12 19:20:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-12-12 19:20:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20:00 ----A---- C:\WINDOWS\system32\drivers\fileinfo.sys
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19:58 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\hal.dll
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-12-12 19:19:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\OpcServices.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\webio.dll
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-12-12 19:19:56 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\ninput.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AppResolver.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-12-12 19:19:55 ----A---- C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2018-12-12 19:19:54 ----A---- C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-12-12 19:19:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\drivers\ClipSp.sys
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19:52 ----A---- C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\mmcss.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19:51 ----A---- C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\SYSWOW64\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-12-12 19:19:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2018-12-12 19:19:49 ----A---- C:\WINDOWS\system32\drivers\storqosflt.sys
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19:46 ----A---- C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19:45 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\winhttpcom.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19:44 ----A---- C:\WINDOWS\system32\tzres.dll
2018-11-29 10:54:40 ----A---- C:\WINDOWS\system32\drivers\eamonm.sys
======List of files/folders modified in the last 1 month======
2018-12-27 19:48:04 ----D---- C:\WINDOWS\system32\sru
2018-12-27 19:39:50 ----D---- C:\WINDOWS\system32\SleepStudy
2018-12-27 19:27:40 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 18:52:59 ----D---- C:\WINDOWS\Prefetch
2018-12-27 18:50:35 ----D---- C:\WINDOWS\system32\drivers
2018-12-27 17:30:23 ----HD---- C:\ProgramData
2018-12-27 17:30:09 ----SHD---- C:\System Volume Information
2018-12-27 16:42:45 ----D---- C:\WINDOWS\debug
2018-12-27 16:34:50 ----D---- C:\Windows
2018-12-27 16:25:12 ----D---- C:\WINDOWS\system32\Tasks
2018-12-27 16:24:46 ----D---- C:\WINDOWS\SoftwareDistribution
2018-12-27 16:13:08 ----DC---- C:\WINDOWS\Panther
2018-12-27 16:13:08 ----D---- C:\WINDOWS\INF
2018-12-27 16:13:07 ----D---- C:\WINDOWS\Logs
2018-12-27 16:13:07 ----D---- C:\WINDOWS\LiveKernelReports
2018-12-27 14:42:15 ----HD---- C:\WINDOWS\system32\GroupPolicy
2018-12-27 14:42:15 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2018-12-27 13:59:01 ----RD---- C:\Program Files (x86)
2018-12-27 13:59:01 ----D---- C:\Program Files\Common Files
2018-12-27 13:53:03 ----D---- C:\WINDOWS\system32\drivers\etc
2018-12-27 13:46:15 ----D---- C:\WINDOWS\SysWOW64
2018-12-27 12:28:28 ----RD---- C:\Users
2018-12-27 12:28:24 ----D---- C:\WINDOWS\AppReadiness
2018-12-27 12:27:14 ----D---- C:\WINDOWS\CbsTemp
2018-12-27 12:20:58 ----D---- C:\WINDOWS\Tasks
2018-12-27 12:20:43 ----SHD---- C:\WINDOWS\Installer
2018-12-27 12:20:42 ----D---- C:\WINDOWS\System32
2018-12-27 12:20:22 ----D---- C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 06:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2018-12-27 01:41:22 ----RD---- C:\WINDOWS\Microsoft.NET
2018-12-27 00:47:02 ----RD---- C:\Program Files
2018-12-27 00:24:24 ----D---- C:\WINDOWS\system32\NDF
2018-12-26 21:50:09 ----D---- C:\WINDOWS\system32\catroot2
2018-12-26 21:46:25 ----D---- C:\WINDOWS\system32\DriverStore
2018-12-26 21:46:15 ----HD---- C:\WINDOWS\ELAMBKUP
2018-12-26 21:31:59 ----AD---- C:\ProgramData\Avg
2018-12-26 21:26:41 ----D---- C:\ProgramData\AVAST Software
2018-12-26 19:26:15 ----D---- C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42:18 ----D---- C:\Program Files (x86)\Lenovo
2018-12-26 17:41:43 ----D---- C:\ProgramData\CyberLink
2018-12-26 17:41:00 ----D---- C:\ProgramData\Origin
2018-12-26 17:38:23 ----HD---- C:\Program Files\WindowsApps
2018-12-26 17:35:29 ----D---- C:\WINDOWS\system32\config
2018-12-26 17:31:51 ----D---- C:\Program Files (x86)\Common Files
2018-12-26 17:31:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:24:23 ----D---- C:\WINDOWS\WinSxS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\TextInput
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\zu-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\yo-NG
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\xh-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\wo-SN
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tn-ZA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\ti-ET
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\rw-RW
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-12-24 01:12:25 ----D---- C:\WINDOWS\system32\nso-ZA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\migration
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ig-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-12-24 01:12:24 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-12-24 01:12:24 ----D---- C:\WINDOWS\bcastdvr
2018-12-24 01:12:23 ----D---- C:\WINDOWS\system32\Boot
2018-12-17 18:24:39 ----RSD---- C:\WINDOWS\assembly
2018-12-15 12:27:23 ----D---- C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-12-12 23:27:04 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2018-12-12 23:27:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\en-US
2018-12-12 23:27:01 ----D---- C:\WINDOWS\system32\cs-CZ
2018-12-12 23:26:55 ----D---- C:\WINDOWS\ShellComponents
2018-12-12 23:26:54 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26:54 ----D---- C:\WINDOWS\apppatch
2018-12-12 19:45:05 ----D---- C:\WINDOWS\system32\MRT
2018-12-12 19:40:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52:44 ----D---- C:\WINDOWS\system32\drivers\wd
2018-12-11 17:52:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48:18 ----D---- C:\Program Files\rempl
2018-12-01 05:01:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem50.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2018-11-29 143448]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2018-10-17 188832]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2018-10-17 109864]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-12-08 82432]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem42.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem11.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-10-04 3797424]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem52.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 rt640x64;@oem22.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem43.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem26.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-09-25 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2018-10-17 15872]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-07-01 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2018-12-14 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2018-07-01 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_4d166;Uživatelská služba platformy připojených zařízení_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-12-07 9646240]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R2 ibtsiva;@oem11.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-10-04 328616]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 OneSyncSvc_4d166;Hostitel synchronizace_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-12-02 326336]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2018-11-29 2302160]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-30 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_4d166;Data kontaktů_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-11-26 1684256]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_4d166;Uživatelská služba pro GameDVR a vysílání her_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_4d166;Služba pro podporu uživatelů Bluetooth_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-10-04 290224]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_4d166;DevicePicker_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_4d166;Tok zařízení_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 443872]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_4d166;Služba zasílání zpráv_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 ose;Office Source Engine; c:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-12-03 214824]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_4d166;PrintWorkflow_4d166; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-07-01 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-12 51288]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
-----------------EOF-----------------
Re: Trojan Tofsee - kontrola logu
Vloz oba logy FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Trojan Tofsee - kontrola logu
Ale zjistila jsem, že když spustím normální kontrolu ESET, tak to nic nenajde, ale když volitelnou, tak je to v tom bootu. Nevím, jak moc jsou tyto informace relevantní, ale radši je píšu.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.12.2018
Ran by Ludmila (administrator) on LENOVO-PC (27-12-2018 20:54:00)
Running from C:\Users\Ludmila\Desktop
Loaded Profiles: Ludmila (Available Profiles: Ludmila)
Platform: Windows 10 Home Version 1803 17134.472 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
"Path" (C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;%SYSTEMROOT%\System32\OpenSSH\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;%SYSTEMROOT%\System32\OpenSSH\) <==== Repaired successfully
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-19] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-09-25] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\RunOnce: [Application Restart #4] => C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\RunOnce: [Application Restart #3] => C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKLM\...\Drivers32-x32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-14] (CyberLink Corp.)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (On2.com)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32-x32: [vidc.iv50] => C:\WINDOWS\SysWOW64\ir50_32original.dll [746496 2018-04-12] (Intel Corporation)
HKLM\Software\...\AppCompatFlags\Custom\S4Editor.exe: [{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb] -> 6b092e4b499dd401
HKLM\Software\...\AppCompatFlags\Custom\S4_Main.exe: [{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb] -> 6b092e4b499dd401
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ff2cad6c-eb68-4e98-88d7-49887440affb}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb [2013-07-16]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{93c4563d-30ee-4290-8f7d-82f4d8c14a4d}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{b7327587-4ffe-4ec1-a576-3e0727375e62}: [DhcpNameServer] 150.210.1.2
Internet Explorer:
==================
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-99061962-4161369856-3824286045-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-99061962-4161369856-3824286045-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ludmila\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-04-19] (Cisco WebEx LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default [2018-12-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328616 2015-10-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-19] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-19] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-19] (Lenovo)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-25] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-10-17] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-12] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-25] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error(1) reading file: "C:\Users\Ludmila\Downloads\dreamworks.dragons.s04e02.720p.webrip.hevc.x265.rmteam.mkv "
2018-12-27 20:54 - 2018-12-27 20:55 - 000020218 _____ C:\Users\Ludmila\Desktop\FRST.txt
2018-12-27 20:53 - 2018-12-27 20:54 - 000000000 ____D C:\FRST
2018-12-27 20:52 - 2018-12-27 20:52 - 002422784 _____ (Farbar) C:\Users\Ludmila\Downloads\FRST64.exe
2018-12-27 20:52 - 2018-12-27 20:52 - 002422784 _____ (Farbar) C:\Users\Ludmila\Desktop\FRST64.exe
2018-12-27 18:50 - 2018-12-27 18:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3633126C.sys
2018-12-27 18:50 - 2018-12-27 18:50 - 000000000 ___HD C:\OneDriveTemp
2018-12-27 16:39 - 2018-12-27 16:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-27 16:38 - 2018-12-27 16:38 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\75137F7B.sys
2018-12-27 16:36 - 2018-12-27 19:39 - 000000000 ____D C:\Users\Ludmila\Desktop\mbar
2018-12-27 16:36 - 2018-12-27 19:39 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-12-27 16:36 - 2018-12-27 18:50 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-12-27 16:35 - 2018-12-27 16:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Ludmila\Downloads\mbar-1.10.3.1001.exe
2018-12-27 15:09 - 2018-12-27 15:10 - 000001324 _____ C:\Users\Ludmila\Desktop\JRT.txt
2018-12-27 15:00 - 2018-12-27 15:00 - 000010805 _____ C:\Users\Ludmila\Desktop\zoek-results.txt
2018-12-27 14:56 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-12-27 13:54 - 2018-12-27 13:45 - 001663040 _____ (Malwarebytes) C:\Users\Ludmila\Desktop\JRT.exe
2018-12-27 13:46 - 2018-12-27 14:41 - 000000000 ____D C:\zoek_backup
2018-12-27 13:45 - 2018-12-27 13:45 - 001663040 _____ (Malwarebytes) C:\Users\Ludmila\Downloads\JRT.exe
2018-12-27 13:44 - 2018-12-27 13:44 - 002038755 _____ C:\Users\Ludmila\Downloads\zoek.exe
2018-12-27 12:34 - 2018-12-27 12:34 - 000013859 _____ C:\Users\Ludmila\Desktop\AdwCleaner[C00].txt
2018-12-27 12:18 - 2018-12-27 12:20 - 000000000 ____D C:\AdwCleaner
2018-12-27 12:17 - 2018-12-27 12:18 - 007320272 _____ (Malwarebytes) C:\Users\Ludmila\Downloads\adwcleaner_7.2.6.0.exe
2018-12-27 11:00 - 2018-12-27 11:00 - 000000000 ____D C:\rsit
2018-12-27 10:59 - 2018-12-27 10:59 - 001222144 _____ C:\Users\Ludmila\Desktop\RSITx64.exe
2018-12-27 00:47 - 2018-12-27 18:49 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-12-27 00:47 - 2018-12-27 00:47 - 000002880 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-12-27 00:47 - 2018-12-27 00:47 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-27 00:47 - 2018-12-27 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-27 00:47 - 2018-12-27 00:47 - 000000000 ____D C:\Program Files\CCleaner
2018-12-26 22:33 - 2018-12-27 19:50 - 000000000 ____D C:\Program Files\trend micro
2018-12-26 21:57 - 2018-12-26 21:57 - 000000000 ____D C:\Users\Ludmila\AppData\Local\ESET
2018-12-26 21:45 - 2018-12-26 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-12-26 21:45 - 2018-12-26 21:45 - 000000000 ____D C:\ProgramData\ESET
2018-12-26 21:45 - 2018-12-26 21:45 - 000000000 ____D C:\Program Files\ESET
2018-12-26 21:27 - 2018-12-26 21:27 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-26 20:15 - 2018-12-26 20:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ajhfmnxw
2018-12-26 20:13 - 2018-12-26 20:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-2-6-45-1348762120-1346907721-1012719275-9206
2018-12-26 20:10 - 2018-12-26 20:12 - 000000000 ____D C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:59 - 2018-12-26 20:31 - 000001964 _____ C:\Users\Public\Desktop\The Settlers - The Eastern Realm.lnk
2018-12-26 19:59 - 2018-12-26 20:31 - 000001950 _____ C:\Users\Public\Desktop\The Settlers - Rise of an Empire.lnk
2018-12-26 19:59 - 2018-12-26 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Settlers - Rise of an Empire [GOG.com]
2018-12-26 19:59 - 2018-12-26 19:59 - 000000000 ____D C:\Users\Ludmila\Documents\THE SETTLERS - Rise of an Empire
2018-12-26 19:49 - 2018-12-26 19:49 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:31 - 2018-12-26 19:31 - 000001728 _____ C:\Users\Public\Desktop\The Settlers IV GOLD.lnk
2018-12-26 19:31 - 2018-12-26 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Settlers IV GOLD [GOG.com]
2018-12-26 19:25 - 2018-12-26 19:25 - 000000000 ____D C:\Users\Ludmila\AppData\Local\AdvinstAnalytics
2018-12-26 19:16 - 2018-12-26 19:17 - 000000000 ____D C:\ProgramData\HPC
2018-12-26 19:14 - 2018-12-27 17:30 - 000000000 ____D C:\ProgramData\CopyPaste
2018-12-26 18:47 - 2018-12-26 22:24 - 000000000 ____D C:\GOG Games
2018-12-26 18:31 - 2018-12-26 18:46 - 000000000 ____D C:\Users\Ludmila\Downloads\The.Settlers.Rise.of.an.Empire.Gold.Edition-GOG
2018-12-26 18:30 - 2018-12-26 18:34 - 000000000 ____D C:\Users\Ludmila\Downloads\the_settlers_4_gold_edition
2018-12-26 18:26 - 2018-12-26 18:26 - 000000000 ____D C:\Users\Ludmila\Downloads\Sid.Meiers.Civilization.VI.Deluxe.Edition+7DLC
2018-12-26 17:52 - 2018-12-26 18:13 - 000000000 ____D C:\Users\Ludmila\AppData\Local\Ubisoft Game Launcher
2018-12-26 17:52 - 2018-12-26 17:52 - 000001285 _____ C:\Users\Ludmila\Desktop\Uplay.lnk
2018-12-26 17:52 - 2018-12-26 17:52 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-12-26 17:52 - 2018-12-26 17:52 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-12-26 17:49 - 2018-12-27 17:34 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-26 17:49 - 2018-12-26 17:49 - 000001043 _____ C:\Users\Public\Desktop\Steam.lnk
2018-12-26 17:49 - 2018-12-26 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-12-23 20:51 - 2018-12-23 20:55 - 342122840 _____ C:\Users\Ludmila\Downloads\DCs.Legends.of.Tomorrow.S04E08.HDTV.x264-SVA[eztv].mkv
2018-12-23 20:51 - 2018-12-23 20:54 - 311169184 _____ C:\Users\Ludmila\Downloads\DCs.Legends.of.Tomorrow.S04E07.HDTV.x264-SVA[eztv].mkv
2018-12-23 20:51 - 2018-12-23 20:54 - 295689489 _____ C:\Users\Ludmila\Downloads\DCs.Legends.of.Tomorrow.S04E06.HDTV.x264-SVA[eztv].mkv
2018-12-23 10:03 - 2018-12-14 08:29 - 006567472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03 - 2018-12-14 08:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03 - 2018-12-14 08:23 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03 - 2018-12-14 08:23 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:03 - 2018-12-14 08:22 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03 - 2018-12-14 08:22 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03 - 2018-12-14 08:13 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-23 10:03 - 2018-12-14 07:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03 - 2018-12-14 07:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03 - 2018-12-14 07:53 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03 - 2018-12-14 07:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:02 - 2018-12-14 13:24 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02 - 2018-12-14 08:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-12-23 10:02 - 2018-12-14 08:23 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02 - 2018-12-14 08:23 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02 - 2018-12-14 08:23 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-23 10:02 - 2018-12-14 08:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-23 10:02 - 2018-12-14 08:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-23 10:02 - 2018-12-14 08:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-23 10:02 - 2018-12-14 08:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02 - 2018-12-14 08:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02 - 2018-12-14 08:12 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-23 10:02 - 2018-12-14 08:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-23 10:02 - 2018-12-14 08:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-23 10:02 - 2018-12-14 07:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-23 10:02 - 2018-12-14 07:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02 - 2018-12-14 07:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02 - 2018-12-14 07:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02 - 2018-12-14 07:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02 - 2018-12-14 07:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02 - 2018-12-14 06:34 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-16 11:35 - 2018-12-16 11:38 - 309968265 _____ C:\Users\Ludmila\Downloads\Arrow.S07E09.HDTV.x264-SVA[eztv].mkv
2018-12-14 19:57 - 2018-12-14 19:57 - 000002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002536 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-12-12 19:21 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:21 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 19:21 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 19:20 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 19:20 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 19:20 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 19:20 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 19:20 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 19:20 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 19:20 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 19:20 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 19:20 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 19:20 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 19:20 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 19:20 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 19:20 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 19:20 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 19:20 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 19:20 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 19:20 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 19:20 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 19:20 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 19:20 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20 - 2018-12-08 08:32 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-12-12 19:20 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 19:20 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 19:20 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 19:20 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 19:20 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 19:20 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 19:20 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 19:20 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 19:20 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 19:20 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 19:20 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 19:20 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 19:20 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 19:20 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 19:20 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 19:20 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 19:20 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 19:20 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 19:20 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 19:20 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 19:20 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 19:20 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 19:20 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 19:20 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 19:20 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 19:20 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 19:20 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 19:20 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 19:20 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 19:20 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 19:19 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 19:19 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 19:19 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 19:19 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 19:19 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 19:19 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 19:19 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 19:19 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 19:19 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 19:19 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 19:19 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 19:19 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 19:19 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 19:19 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 19:19 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2018-12-12 19:19 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 19:19 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 19:19 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 19:19 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 19:19 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 19:19 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 19:19 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 19:19 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 19:19 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 19:19 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 19:19 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 19:19 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 19:19 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 19:19 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 19:19 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 19:19 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 19:19 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 19:19 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 19:19 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 19:19 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 19:19 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 19:19 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 19:19 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 19:19 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 19:19 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 19:19 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 19:19 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 19:19 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 19:19 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 19:19 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 19:19 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 19:19 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-10 20:30 - 2018-12-10 20:33 - 272840336 _____ C:\Users\Ludmila\Downloads\Manifest.S01E09.HDTV.x264-KILLERS[eztv].mkv
2018-12-10 19:51 - 2018-12-10 20:37 - 377423283 _____ C:\Users\Ludmila\Downloads\Charmed.2018.S01E09.WEB.h264-TBS[eztv].mkv
2018-12-10 19:51 - 2018-12-10 20:37 - 242138116 _____ C:\Users\Ludmila\Downloads\Charmed.2018.S01E08.HDTV.x264-KILLERS[eztv].mkv
2018-12-08 11:38 - 2018-12-08 11:39 - 000723631 _____ C:\Users\Ludmila\Downloads\2185897686.pdf
2018-12-02 23:06 - 2018-12-03 20:55 - 296766913 _____ C:\Users\Ludmila\Downloads\vikings.s05e11.web.h264-convoy[eztv].mkv
2018-11-29 10:54 - 2018-11-29 10:54 - 000143448 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-27 20:46 - 2018-07-02 09:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-27 20:39 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 18:50 - 2015-01-27 17:59 - 000000000 ___RD C:\Users\Ludmila\OneDrive
2018-12-27 17:33 - 2015-01-27 17:54 - 000000000 __SHD C:\Users\Ludmila\IntelGraphicsProfiles
2018-12-27 17:32 - 2018-07-02 10:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-27 17:31 - 2018-04-11 22:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-12-27 16:13 - 2018-06-30 12:01 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-27 16:13 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-27 16:13 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-27 14:58 - 2015-09-27 22:26 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-12-27 14:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-12-27 14:42 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-12-27 12:28 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-27 12:27 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-27 12:20 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 04:47 - 2018-08-25 19:46 - 000000000 ____D C:\Users\Ludmila\Downloads\Pokemon
2018-12-27 00:30 - 2018-07-02 10:06 - 000000000 ____D C:\Users\Ludmila
2018-12-27 00:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-12-26 21:57 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-26 21:46 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-12-26 21:31 - 2016-10-17 18:58 - 000000000 ____D C:\ProgramData\Avg
2018-12-26 21:26 - 2015-07-14 20:22 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-26 19:26 - 2017-05-26 17:14 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43 - 2014-09-19 13:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42 - 2014-09-19 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photo Master
2018-12-26 17:42 - 2014-09-19 13:57 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-12-26 17:41 - 2015-11-15 20:08 - 000000000 ____D C:\ProgramData\Origin
2018-12-26 17:41 - 2014-09-19 14:10 - 000000000 ____D C:\ProgramData\CyberLink
2018-12-26 17:38 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-26 17:38 - 2017-12-09 21:51 - 000000000 ____D C:\Users\Ludmila\AppData\Local\Packages
2018-12-26 17:31 - 2018-07-02 10:23 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:31 - 2018-04-12 16:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-26 17:31 - 2018-04-12 16:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-24 01:12 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-24 01:12 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-24 00:13 - 2017-02-05 22:34 - 000000000 ____D C:\Users\Ludmila\Downloads\Subs
2018-12-20 18:05 - 2018-07-02 10:39 - 000003472 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-20 18:05 - 2018-07-02 10:39 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-18 19:13 - 2015-01-27 18:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-15 19:44 - 2018-07-02 10:39 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-99061962-4161369856-3824286045-1001
2018-12-15 19:44 - 2018-07-02 10:06 - 000002404 _____ C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-15 12:27 - 2016-02-13 11:15 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55 - 2014-09-19 13:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-14 19:34 - 2017-12-09 22:24 - 000000000 ___RD C:\Users\Ludmila\3D Objects
2018-12-14 19:34 - 2015-09-10 06:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-14 19:32 - 2018-07-02 09:57 - 000415920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-12 23:27 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:26 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-12 19:45 - 2015-01-31 19:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 19:40 - 2015-01-31 19:11 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52 - 2018-02-12 18:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-12-11 17:52 - 2015-04-14 06:04 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48 - 2018-11-16 17:27 - 000000000 ____D C:\Program Files\rempl
2018-12-01 05:01 - 2018-11-15 17:26 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-11-15 17:26 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2016-10-16 16:07 - 2016-10-16 16:07 - 000001459 _____ () C:\Users\Ludmila\AppData\Local\recently-used.xbel
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-02 09:57
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.12.2018
Ran by Ludmila (27-12-2018 20:57:17)
Running from C:\Users\Ludmila\Desktop
Windows 10 Home Version 1803 17134.472 (X64) (2018-07-02 09:41:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-99061962-4161369856-3824286045-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-99061962-4161369856-3824286045-503 - Limited - Disabled)
Guest (S-1-5-21-99061962-4161369856-3824286045-501 - Limited - Disabled)
Ludmila (S-1-5-21-99061962-4161369856-3824286045-1001 - Administrator - Enabled) => C:\Users\Ludmila
WDAGUtilityAccount (S-1-5-21-99061962-4161369856-3824286045-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\uTorrent) (Version: 3.5.5.44954 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
ESET Security (HKLM\...\{F1544F11-BFCC-43CC-9D0C-169A7E99369E}) (Version: 12.0.31.0 - ESET, spol. s r.o.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GOG.com The Settlers 4 GOLD (HKLM\...\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.11029.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registrace uživatele zařízení Canon iP7200 series (HKLM-x32\...\Registrace uživatele zařízení Canon iP7200 series) (Version: - Canon Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
The Settlers - Rise of an Empire - Gold Edition (HKLM-x32\...\1438268682_is1) (Version: 2.0.0.4 - GOG.com)
The Settlers IV GOLD (HKLM-x32\...\GOGPACKSETTLERS4GOLD_is1) (Version: 2.0.0.4 - GOG.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 78.1 - Ubisoft)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-99061962-4161369856-3824286045-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-24] (Lenovo)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-24] (Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-04] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-10-04] (Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01CEBACC-1E78-424B-A236-09A3048AE14E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {0AB1EF8B-A3E9-40B5-8D03-DDB578F72290} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {21BCEA96-1ECD-4DC6-A70F-7325AA8A0EA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {283C5E15-7761-4056-9A9A-B0BEED08CA97} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {2894977B-EF90-4F0C-873C-250DB2AE1FD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {2AD4193A-E880-4364-AC9D-BD201A0A7999} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {31C7DF61-50DF-4964-BE3B-9F612771220F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D5E7E7C-8DE9-40FE-85B8-A7B711B4096F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3F2F3837-C097-4AA7-AA3F-08E14F3DE588} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {43820763-3C6B-4423-B6F6-96D19AEAE6CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {471C4D95-E1FC-40BF-A71C-2F588D885D5B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {47497F01-53A2-489F-9CE0-8114A1C1A635} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25] (Synaptics Incorporated)
Task: {477120CA-EBEE-45D9-9133-62D63CC3A63A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4AE567DB-3A23-4EF5-8BA3-97840D4AC277} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56352339-F189-4A84-8837-A8929A26FCBB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5F1BA118-1AAA-4E9B-8AB9-DA196BFA3334} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6E462284-2336-4380-8C79-0E865C0656AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70E8605E-46FE-4C40-A1CA-04015A97DC0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {79DCE592-6049-405B-BDB2-AA4D08E9D595} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-14] (Microsoft Corporation)
Task: {854136BB-EA0C-4A78-943A-24D4185FC248} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {86CABE55-4CD2-411E-AA66-D2E1C70E01BC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {8DB15128-5B6D-44BE-9C3B-CBADC025D3D4} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {8FDDCD55-FC72-47D2-A861-45881F682656} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {9136667B-0FEA-4CF2-8F60-9DAC8155FF3E} - System32\Tasks\S-2-6-45-1348762120-1346907721-1012719275-9206\{QK1WZL55-XYZQ-TCCP-P4RP-EAX5BH1WEW6} => C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\WindowsDefaultHeatProcessor.exe
Task: {96896F1B-28D2-48F3-A180-028A0742C187} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {988E14BC-5110-44AD-980F-2EB8AD23B0FC} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {9C1A191D-AD9F-4538-AC31-7FCDF6194937} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A5F595D1-1382-4697-AB5C-A58942AC805D} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: {AA58FA88-26D9-4107-8AA8-1AF899B7972A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {B11D049B-C431-491A-927A-89FAD11669F8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {B520045D-EB17-4D0D-A9AA-75118662EFA0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-12-12] (Microsoft Corporation)
Task: {B7945576-DD3D-458F-9F7F-1C8086B16D7E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {C31632BD-CAC4-43E2-997E-0EA1D6153069} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {C847DBB2-A721-44F8-862F-FB33D74141C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CAB47459-B1AE-4240-BA36-37AC2BCEF224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1A37899-18CA-401C-A671-5CC542EFE091} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {F4A42DB5-B4F9-4EB0-A6B4-54330213EA2C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {F55F3606-22FA-433F-BA1C-F66D48C60AB7} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 19:20 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-23 10:03 - 2018-12-14 07:50 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 20:00 - 2018-12-14 20:02 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2014-09-19 13:19 - 2010-10-26 05:40 - 000049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-03-26 20:50 - 2014-09-19 14:17 - 000058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2014-09-19 14:11 - 2014-09-19 14:11 - 000815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2018-11-06 17:51 - 2018-11-06 17:51 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 17:51 - 2018-11-06 17:51 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 17:51 - 2018-11-06 17:51 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-04 15:40 - 2018-10-04 15:42 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-02 20:45 - 2018-07-02 20:46 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-11-14 21:56 - 2018-11-14 21:57 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-01 19:56 - 2017-10-01 19:57 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-20 11:32 - 2018-08-20 11:34 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-20 11:32 - 2018-08-20 11:34 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-03-30 11:07 - 2018-03-30 11:09 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-28 21:52 - 2018-08-28 21:58 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-30 11:02 - 2018-07-30 11:03 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-18 19:13 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 19:13 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-12-11 21:31 - 2018-12-11 21:31 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-11 21:31 - 2018-12-11 21:31 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 20:33 - 2017-12-01 20:33 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 21:52 - 2018-11-28 21:53 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-11 21:31 - 2018-12-11 21:31 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-11 21:31 - 2018-12-11 21:31 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-12-26 17:52 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-12-26 17:52 - 2018-11-26 21:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-12-26 17:52 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-12-26 17:52 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-12-26 17:52 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-12-26 17:52 - 2018-11-26 21:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-12-26 17:52 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-12-26 17:52 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-12-26 17:52 - 2018-09-23 01:00 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-12-26 17:52 - 2018-09-23 01:00 - 004083488 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libglesv2.dll
2018-12-26 17:52 - 2018-09-23 01:00 - 000097056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ludmila:.repos [6509768]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA [104]
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72 [98]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2018-12-27 13:53 - 000000841 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{13C54105-DC7C-4F87-B137-13D293B93DA9}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{0A945015-9FC2-4B5D-A683-9BDA9CF44F0C}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{7A0BCAB3-258B-4B58-88C1-38E6D2BAB0D1}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{4A4DC867-B9AE-424E-A534-7F44B0A2631C}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{A4480595-D565-4950-9A30-7E36B70082DE}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{7B9A23D7-DF79-4AF4-85F6-CA6E027913F9}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{2301CB45-8783-44FB-B7C3-02510F9B56F2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{C5CCA6A8-A203-4CAC-9F70-DE6A5438CCD0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{3C6D0CC5-CC32-402D-AB04-D0E7CA56EDBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{E9624560-55C0-4288-90C0-972B856D27CD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{478FCA57-FF68-43D8-925E-00B8BF6CF6C0}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (Lenovo)
FirewallRules: [{61A0C4F5-96FA-48D4-B52B-E7979DE1E07E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (Lenovo)
FirewallRules: [{E16E1749-428F-468A-AC55-971EAD3EBDF3}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp.)
FirewallRules: [{74953A22-0283-4B83-92A9-1DD772944E66}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp.)
FirewallRules: [{1CA71831-6078-4942-926D-630200626B66}] => (Allow) LPort=55100
FirewallRules: [{C8AAFDC4-2533-4689-9007-0CE98C5971EF}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo)
FirewallRules: [{AFFFD4AB-9897-4AC1-A0DC-8236091B52FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{BD244D3F-8BA2-4329-A6EA-5D3FD1413DCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [TCP Query User{398A8892-7731-4670-A7CA-E8002099CA90}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{A0F7BA37-2180-46B2-89BF-906EB6AD0FA4}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Corporation)
FirewallRules: [{192296FB-37B7-4089-9E5D-B2C1EEB91742}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{8EF695D8-BB83-4C34-8445-D7ADF3219C7F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
==================== Restore Points =========================
23-12-2018 09:58:16 Windows Update
26-12-2018 20:02:39 Nainstalováno rozhraní DirectX
27-12-2018 15:02:25 JRT Pre-Junkware Removal
27-12-2018 17:29:00 Malwarebytes Anti-Rootkit Restore Point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2018 05:34:29 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 04:25:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 03:00:48 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 01:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x2978
Čas spuštění chybující aplikace: 0x01d49de2d5d65120
Cesta k chybující aplikaci: C:\Users\Ludmila\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 13892384-1d41-4f65-ba15-94a7e282cd0e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/27/2018 01:51:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.IOException
na System.IO.__Error.WinIOError(Int32, System.String)
na System.Console.SetWindowSize(Int32, Int32)
na DriverAndServicesOut.Program.Main(System.String[])
Error: (12/27/2018 01:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zoek.exe, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x3da51fd0
Kód výjimky: 0xc0000409
Posun chyby: 0x00111812
ID chybujícího procesu: 0x1e28
Čas spuštění chybující aplikace: 0x01d49de21f9e412b
Cesta k chybující aplikaci: C:\Users\Ludmila\Desktop\zoek.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 3b4458df-80c0-4243-a8df-7c06ddac0526
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/27/2018 12:30:26 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 12:16:07 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LENOVO-PC)
Description: httphttp-2147467263
System errors:
=============
Error: (12/27/2018 08:53:40 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 07:43:14 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 07:41:59 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Lenovo-PC\Ludmila (SID: S-1-5-21-99061962-4161369856-3824286045-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (12/27/2018 06:52:32 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 06:51:32 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Lenovo-PC\Ludmila (SID: S-1-5-21-99061962-4161369856-3824286045-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (12/27/2018 05:36:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {784E29F4-5EBE-4279-9948-1E8FE941646D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 05:35:34 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 05:34:28 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Lenovo-PC\Ludmila (SID: S-1-5-21-99061962-4161369856-3824286045-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Windows Defender:
===================================
Date: 2018-12-27 13:48:12.896
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\Desktop\zoek.exe; process:_pid:7720,ProcessStart:131903883619221803
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.1605.0, AS: 1.283.1605.0, NIS: 1.283.1605.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-27 13:46:10.115
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\Desktop\zoek.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.1605.0, AS: 1.283.1605.0, NIS: 1.283.1605.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-26 22:07:17.731
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\KBDROST.exe; process:_pid:9416,ProcessStart:131903312505504573
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.1559.0, AS: 1.283.1559.0, NIS: 1.283.1559.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-26 21:54:48.819
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\KBDROST.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lenovo-PC\Ludmila
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.283.1559.0, AS: 1.283.1559.0, NIS: 1.283.1559.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-26 21:54:16.891
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\KBDROST.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lenovo-PC\Ludmila
Název procesu: C:\Windows\System32\conhost.exe
Verze podpisu: AV: 1.283.1559.0, AS: 1.283.1559.0, NIS: 1.283.1559.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-27 17:42:36.905
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1622.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x8024402c
Popis chyby
ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2018-12-27 16:32:55.393
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1616.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chybyři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2018-12-26 22:08:10.385
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1559.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chybyři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2018-12-26 21:10:03.367
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1534.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chybyři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2018-12-26 20:49:45.469
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1534.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chybyři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
CodeIntegrity:
===================================
Date: 2018-12-26 19:07:49.515
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-26 19:07:48.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-26 19:07:47.942
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-26 19:07:47.285
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.269
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.202
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 67%
Total physical RAM: 3979.21 MB
Available physical RAM: 1304.88 MB
Total Virtual: 4683.21 MB
Available Virtual: 1558.75 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.14 GB) (Free:229.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.6 GB) NTFS
\\?\Volume{38cd929b-4ea5-45de-a84c-447b1ee1ac23}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{386f4fc9-cd0f-40f1-a1c9-0d920b5b7fbe}\ (PBR_DRV) (Fixed) (Total:13.29 GB) (Free:3.74 GB) NTFS
\\?\Volume{59bffc35-eca1-45ff-8128-c6aeb13a0da8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8F6E0211)
Partition: GPT.
==================== End of Addition.txt ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.12.2018
Ran by Ludmila (administrator) on LENOVO-PC (27-12-2018 20:54:00)
Running from C:\Users\Ludmila\Desktop
Loaded Profiles: Ludmila (Available Profiles: Ludmila)
Platform: Windows 10 Home Version 1803 17134.472 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
"Path" (C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;%SYSTEMROOT%\System32\OpenSSH\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;%SYSTEMROOT%\System32\OpenSSH\) <==== Repaired successfully
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-19] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-09-25] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\RunOnce: [Application Restart #4] => C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\RunOnce: [Application Restart #3] => C:\Users\Ludmila\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKLM\...\Drivers32-x32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-14] (CyberLink Corp.)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (On2.com)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32-x32: [vidc.iv50] => C:\WINDOWS\SysWOW64\ir50_32original.dll [746496 2018-04-12] (Intel Corporation)
HKLM\Software\...\AppCompatFlags\Custom\S4Editor.exe: [{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb] -> 6b092e4b499dd401
HKLM\Software\...\AppCompatFlags\Custom\S4_Main.exe: [{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb] -> 6b092e4b499dd401
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ff2cad6c-eb68-4e98-88d7-49887440affb}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb [2013-07-16]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{93c4563d-30ee-4290-8f7d-82f4d8c14a4d}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{b7327587-4ffe-4ec1-a576-3e0727375e62}: [DhcpNameServer] 150.210.1.2
Internet Explorer:
==================
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-99061962-4161369856-3824286045-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-99061962-4161369856-3824286045-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-14] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ludmila\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-04-19] (Cisco WebEx LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default [2018-12-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\Ludmila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328616 2015-10-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-19] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-19] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-19] (Lenovo)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-25] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-10-17] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-12] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-25] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error(1) reading file: "C:\Users\Ludmila\Downloads\dreamworks.dragons.s04e02.720p.webrip.hevc.x265.rmteam.mkv "
2018-12-27 20:54 - 2018-12-27 20:55 - 000020218 _____ C:\Users\Ludmila\Desktop\FRST.txt
2018-12-27 20:53 - 2018-12-27 20:54 - 000000000 ____D C:\FRST
2018-12-27 20:52 - 2018-12-27 20:52 - 002422784 _____ (Farbar) C:\Users\Ludmila\Downloads\FRST64.exe
2018-12-27 20:52 - 2018-12-27 20:52 - 002422784 _____ (Farbar) C:\Users\Ludmila\Desktop\FRST64.exe
2018-12-27 18:50 - 2018-12-27 18:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3633126C.sys
2018-12-27 18:50 - 2018-12-27 18:50 - 000000000 ___HD C:\OneDriveTemp
2018-12-27 16:39 - 2018-12-27 16:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-27 16:38 - 2018-12-27 16:38 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\75137F7B.sys
2018-12-27 16:36 - 2018-12-27 19:39 - 000000000 ____D C:\Users\Ludmila\Desktop\mbar
2018-12-27 16:36 - 2018-12-27 19:39 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-12-27 16:36 - 2018-12-27 18:50 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-12-27 16:35 - 2018-12-27 16:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Ludmila\Downloads\mbar-1.10.3.1001.exe
2018-12-27 15:09 - 2018-12-27 15:10 - 000001324 _____ C:\Users\Ludmila\Desktop\JRT.txt
2018-12-27 15:00 - 2018-12-27 15:00 - 000010805 _____ C:\Users\Ludmila\Desktop\zoek-results.txt
2018-12-27 14:56 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-12-27 13:54 - 2018-12-27 13:45 - 001663040 _____ (Malwarebytes) C:\Users\Ludmila\Desktop\JRT.exe
2018-12-27 13:46 - 2018-12-27 14:41 - 000000000 ____D C:\zoek_backup
2018-12-27 13:45 - 2018-12-27 13:45 - 001663040 _____ (Malwarebytes) C:\Users\Ludmila\Downloads\JRT.exe
2018-12-27 13:44 - 2018-12-27 13:44 - 002038755 _____ C:\Users\Ludmila\Downloads\zoek.exe
2018-12-27 12:34 - 2018-12-27 12:34 - 000013859 _____ C:\Users\Ludmila\Desktop\AdwCleaner[C00].txt
2018-12-27 12:18 - 2018-12-27 12:20 - 000000000 ____D C:\AdwCleaner
2018-12-27 12:17 - 2018-12-27 12:18 - 007320272 _____ (Malwarebytes) C:\Users\Ludmila\Downloads\adwcleaner_7.2.6.0.exe
2018-12-27 11:00 - 2018-12-27 11:00 - 000000000 ____D C:\rsit
2018-12-27 10:59 - 2018-12-27 10:59 - 001222144 _____ C:\Users\Ludmila\Desktop\RSITx64.exe
2018-12-27 00:47 - 2018-12-27 18:49 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-12-27 00:47 - 2018-12-27 00:47 - 000002880 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-12-27 00:47 - 2018-12-27 00:47 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-27 00:47 - 2018-12-27 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-27 00:47 - 2018-12-27 00:47 - 000000000 ____D C:\Program Files\CCleaner
2018-12-26 22:33 - 2018-12-27 19:50 - 000000000 ____D C:\Program Files\trend micro
2018-12-26 21:57 - 2018-12-26 21:57 - 000000000 ____D C:\Users\Ludmila\AppData\Local\ESET
2018-12-26 21:45 - 2018-12-26 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-12-26 21:45 - 2018-12-26 21:45 - 000000000 ____D C:\ProgramData\ESET
2018-12-26 21:45 - 2018-12-26 21:45 - 000000000 ____D C:\Program Files\ESET
2018-12-26 21:27 - 2018-12-26 21:27 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-26 20:15 - 2018-12-26 20:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ajhfmnxw
2018-12-26 20:13 - 2018-12-26 20:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-2-6-45-1348762120-1346907721-1012719275-9206
2018-12-26 20:10 - 2018-12-26 20:12 - 000000000 ____D C:\ProgramData\GCYTYWQMMM4ULN5BDJKV
2018-12-26 19:59 - 2018-12-26 20:31 - 000001964 _____ C:\Users\Public\Desktop\The Settlers - The Eastern Realm.lnk
2018-12-26 19:59 - 2018-12-26 20:31 - 000001950 _____ C:\Users\Public\Desktop\The Settlers - Rise of an Empire.lnk
2018-12-26 19:59 - 2018-12-26 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Settlers - Rise of an Empire [GOG.com]
2018-12-26 19:59 - 2018-12-26 19:59 - 000000000 ____D C:\Users\Ludmila\Documents\THE SETTLERS - Rise of an Empire
2018-12-26 19:49 - 2018-12-26 19:49 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\ComfortSoftware
2018-12-26 19:31 - 2018-12-26 19:31 - 000001728 _____ C:\Users\Public\Desktop\The Settlers IV GOLD.lnk
2018-12-26 19:31 - 2018-12-26 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Settlers IV GOLD [GOG.com]
2018-12-26 19:25 - 2018-12-26 19:25 - 000000000 ____D C:\Users\Ludmila\AppData\Local\AdvinstAnalytics
2018-12-26 19:16 - 2018-12-26 19:17 - 000000000 ____D C:\ProgramData\HPC
2018-12-26 19:14 - 2018-12-27 17:30 - 000000000 ____D C:\ProgramData\CopyPaste
2018-12-26 18:47 - 2018-12-26 22:24 - 000000000 ____D C:\GOG Games
2018-12-26 18:31 - 2018-12-26 18:46 - 000000000 ____D C:\Users\Ludmila\Downloads\The.Settlers.Rise.of.an.Empire.Gold.Edition-GOG
2018-12-26 18:30 - 2018-12-26 18:34 - 000000000 ____D C:\Users\Ludmila\Downloads\the_settlers_4_gold_edition
2018-12-26 18:26 - 2018-12-26 18:26 - 000000000 ____D C:\Users\Ludmila\Downloads\Sid.Meiers.Civilization.VI.Deluxe.Edition+7DLC
2018-12-26 17:52 - 2018-12-26 18:13 - 000000000 ____D C:\Users\Ludmila\AppData\Local\Ubisoft Game Launcher
2018-12-26 17:52 - 2018-12-26 17:52 - 000001285 _____ C:\Users\Ludmila\Desktop\Uplay.lnk
2018-12-26 17:52 - 2018-12-26 17:52 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-12-26 17:52 - 2018-12-26 17:52 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-12-26 17:49 - 2018-12-27 17:34 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-26 17:49 - 2018-12-26 17:49 - 000001043 _____ C:\Users\Public\Desktop\Steam.lnk
2018-12-26 17:49 - 2018-12-26 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-12-23 20:51 - 2018-12-23 20:55 - 342122840 _____ C:\Users\Ludmila\Downloads\DCs.Legends.of.Tomorrow.S04E08.HDTV.x264-SVA[eztv].mkv
2018-12-23 20:51 - 2018-12-23 20:54 - 311169184 _____ C:\Users\Ludmila\Downloads\DCs.Legends.of.Tomorrow.S04E07.HDTV.x264-SVA[eztv].mkv
2018-12-23 20:51 - 2018-12-23 20:54 - 295689489 _____ C:\Users\Ludmila\Downloads\DCs.Legends.of.Tomorrow.S04E06.HDTV.x264-SVA[eztv].mkv
2018-12-23 10:03 - 2018-12-14 08:29 - 006567472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03 - 2018-12-14 08:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-23 10:03 - 2018-12-14 08:23 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-23 10:03 - 2018-12-14 08:23 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-23 10:03 - 2018-12-14 08:22 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-23 10:03 - 2018-12-14 08:22 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-23 10:03 - 2018-12-14 08:13 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-23 10:03 - 2018-12-14 07:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-23 10:03 - 2018-12-14 07:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-23 10:03 - 2018-12-14 07:53 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-23 10:03 - 2018-12-14 07:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 10:02 - 2018-12-14 13:24 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-23 10:02 - 2018-12-14 08:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-12-23 10:02 - 2018-12-14 08:23 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-23 10:02 - 2018-12-14 08:23 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-23 10:02 - 2018-12-14 08:23 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-23 10:02 - 2018-12-14 08:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-23 10:02 - 2018-12-14 08:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-23 10:02 - 2018-12-14 08:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-23 10:02 - 2018-12-14 08:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-12-23 10:02 - 2018-12-14 08:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-23 10:02 - 2018-12-14 08:12 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-23 10:02 - 2018-12-14 08:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-23 10:02 - 2018-12-14 08:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-23 10:02 - 2018-12-14 07:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-23 10:02 - 2018-12-14 07:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 10:02 - 2018-12-14 07:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-23 10:02 - 2018-12-14 07:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-23 10:02 - 2018-12-14 07:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-23 10:02 - 2018-12-14 07:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-23 10:02 - 2018-12-14 06:34 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-16 11:35 - 2018-12-16 11:38 - 309968265 _____ C:\Users\Ludmila\Downloads\Arrow.S07E09.HDTV.x264-SVA[eztv].mkv
2018-12-14 19:57 - 2018-12-14 19:57 - 000002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002536 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-12-14 19:57 - 2018-12-14 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-12-12 19:21 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 19:21 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 19:21 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 19:21 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 19:21 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 19:21 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 19:21 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 19:21 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 19:21 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 19:20 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 19:20 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 19:20 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 19:20 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 19:20 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 19:20 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 19:20 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 19:20 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 19:20 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 19:20 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 19:20 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 19:20 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 19:20 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 19:20 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 19:20 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 19:20 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 19:20 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 19:20 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 19:20 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 19:20 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 19:20 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 19:20 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 19:20 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 19:20 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 19:20 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 19:20 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 19:20 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 19:20 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 19:20 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 19:20 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 19:20 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 19:20 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 19:20 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 19:20 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 19:20 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 19:20 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 19:20 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 19:20 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 19:20 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 19:20 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 19:20 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 19:20 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 19:20 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 19:20 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 19:20 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 19:20 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 19:20 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 19:20 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 19:20 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 19:20 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 19:20 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 19:20 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 19:20 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 19:20 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 19:20 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 19:20 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 19:20 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 19:20 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 19:20 - 2018-12-08 08:32 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-12-12 19:20 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 19:20 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 19:20 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 19:20 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 19:20 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 19:20 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 19:20 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 19:20 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 19:20 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 19:20 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 19:20 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 19:20 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 19:20 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 19:20 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 19:20 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 19:20 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 19:20 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 19:20 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 19:20 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 19:20 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 19:20 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 19:20 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 19:20 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 19:20 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 19:20 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 19:20 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 19:20 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 19:20 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 19:20 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 19:20 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 19:20 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 19:20 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 19:20 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 19:20 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 19:20 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 19:20 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 19:20 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 19:20 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 19:20 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 19:20 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 19:20 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 19:20 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 19:20 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 19:20 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 19:20 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 19:20 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 19:20 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 19:20 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 19:20 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 19:20 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 19:20 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 19:20 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 19:20 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 19:20 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 19:20 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 19:20 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 19:20 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 19:20 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 19:20 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 19:19 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 19:19 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 19:19 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 19:19 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 19:19 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 19:19 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 19:19 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 19:19 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 19:19 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 19:19 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 19:19 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 19:19 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 19:19 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 19:19 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 19:19 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 19:19 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 19:19 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 19:19 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 19:19 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 19:19 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 19:19 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 19:19 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 19:19 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 19:19 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 19:19 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 19:19 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 19:19 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 19:19 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 19:19 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 19:19 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 19:19 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2018-12-12 19:19 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 19:19 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 19:19 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 19:19 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 19:19 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 19:19 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 19:19 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 19:19 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 19:19 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 19:19 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 19:19 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 19:19 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 19:19 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 19:19 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 19:19 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 19:19 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 19:19 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 19:19 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 19:19 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 19:19 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 19:19 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 19:19 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 19:19 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 19:19 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 19:19 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 19:19 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 19:19 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 19:19 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 19:19 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 19:19 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 19:19 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 19:19 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 19:19 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 19:19 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 19:19 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 19:19 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 19:19 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 19:19 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 19:19 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 19:19 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 19:19 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 19:19 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 19:19 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 19:19 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 19:19 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 19:19 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 19:19 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 19:19 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 19:19 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 19:19 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 19:19 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 19:19 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 19:19 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 19:19 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 19:19 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 19:19 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 19:19 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 19:19 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 19:19 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 19:19 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-10 20:30 - 2018-12-10 20:33 - 272840336 _____ C:\Users\Ludmila\Downloads\Manifest.S01E09.HDTV.x264-KILLERS[eztv].mkv
2018-12-10 19:51 - 2018-12-10 20:37 - 377423283 _____ C:\Users\Ludmila\Downloads\Charmed.2018.S01E09.WEB.h264-TBS[eztv].mkv
2018-12-10 19:51 - 2018-12-10 20:37 - 242138116 _____ C:\Users\Ludmila\Downloads\Charmed.2018.S01E08.HDTV.x264-KILLERS[eztv].mkv
2018-12-08 11:38 - 2018-12-08 11:39 - 000723631 _____ C:\Users\Ludmila\Downloads\2185897686.pdf
2018-12-02 23:06 - 2018-12-03 20:55 - 296766913 _____ C:\Users\Ludmila\Downloads\vikings.s05e11.web.h264-convoy[eztv].mkv
2018-11-29 10:54 - 2018-11-29 10:54 - 000143448 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-27 20:46 - 2018-07-02 09:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-27 20:39 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-27 18:50 - 2015-01-27 17:59 - 000000000 ___RD C:\Users\Ludmila\OneDrive
2018-12-27 17:33 - 2015-01-27 17:54 - 000000000 __SHD C:\Users\Ludmila\IntelGraphicsProfiles
2018-12-27 17:32 - 2018-07-02 10:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-27 17:31 - 2018-04-11 22:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-12-27 16:13 - 2018-06-30 12:01 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-27 16:13 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-27 16:13 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-27 14:58 - 2015-09-27 22:26 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-12-27 14:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-12-27 14:42 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-12-27 12:28 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-27 12:27 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-27 12:20 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-12-27 04:47 - 2018-08-25 19:46 - 000000000 ____D C:\Users\Ludmila\Downloads\Pokemon
2018-12-27 00:30 - 2018-07-02 10:06 - 000000000 ____D C:\Users\Ludmila
2018-12-27 00:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-12-26 21:57 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-26 21:46 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-12-26 21:31 - 2016-10-17 18:58 - 000000000 ____D C:\ProgramData\Avg
2018-12-26 21:26 - 2015-07-14 20:22 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-26 19:26 - 2017-05-26 17:14 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\uTorrent
2018-12-26 17:43 - 2014-09-19 13:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-26 17:42 - 2014-09-19 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photo Master
2018-12-26 17:42 - 2014-09-19 13:57 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-12-26 17:41 - 2015-11-15 20:08 - 000000000 ____D C:\ProgramData\Origin
2018-12-26 17:41 - 2014-09-19 14:10 - 000000000 ____D C:\ProgramData\CyberLink
2018-12-26 17:38 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-26 17:38 - 2017-12-09 21:51 - 000000000 ____D C:\Users\Ludmila\AppData\Local\Packages
2018-12-26 17:31 - 2018-07-02 10:23 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-26 17:31 - 2018-04-12 16:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-26 17:31 - 2018-04-12 16:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-24 01:12 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-24 01:12 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-24 00:13 - 2017-02-05 22:34 - 000000000 ____D C:\Users\Ludmila\Downloads\Subs
2018-12-20 18:05 - 2018-07-02 10:39 - 000003472 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-20 18:05 - 2018-07-02 10:39 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-18 19:13 - 2015-01-27 18:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-15 19:44 - 2018-07-02 10:39 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-99061962-4161369856-3824286045-1001
2018-12-15 19:44 - 2018-07-02 10:06 - 000002404 _____ C:\Users\Ludmila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-15 12:27 - 2016-02-13 11:15 - 000000000 ____D C:\Users\Ludmila\AppData\Roaming\vlc
2018-12-14 19:55 - 2014-09-19 13:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-14 19:34 - 2017-12-09 22:24 - 000000000 ___RD C:\Users\Ludmila\3D Objects
2018-12-14 19:34 - 2015-09-10 06:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-14 19:32 - 2018-07-02 09:57 - 000415920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-12 23:27 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-12 23:26 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-12 23:26 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-12 19:45 - 2015-01-31 19:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 19:40 - 2015-01-31 19:11 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-11 17:52 - 2018-02-12 18:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-12-11 17:52 - 2015-04-14 06:04 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-12-07 19:48 - 2018-11-16 17:27 - 000000000 ____D C:\Program Files\rempl
2018-12-01 05:01 - 2018-11-15 17:26 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-11-15 17:26 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2016-10-16 16:07 - 2016-10-16 16:07 - 000001459 _____ () C:\Users\Ludmila\AppData\Local\recently-used.xbel
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-02 09:57
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.12.2018
Ran by Ludmila (27-12-2018 20:57:17)
Running from C:\Users\Ludmila\Desktop
Windows 10 Home Version 1803 17134.472 (X64) (2018-07-02 09:41:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-99061962-4161369856-3824286045-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-99061962-4161369856-3824286045-503 - Limited - Disabled)
Guest (S-1-5-21-99061962-4161369856-3824286045-501 - Limited - Disabled)
Ludmila (S-1-5-21-99061962-4161369856-3824286045-1001 - Administrator - Enabled) => C:\Users\Ludmila
WDAGUtilityAccount (S-1-5-21-99061962-4161369856-3824286045-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\uTorrent) (Version: 3.5.5.44954 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
ESET Security (HKLM\...\{F1544F11-BFCC-43CC-9D0C-169A7E99369E}) (Version: 12.0.31.0 - ESET, spol. s r.o.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GOG.com The Settlers 4 GOLD (HKLM\...\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.11029.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-99061962-4161369856-3824286045-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registrace uživatele zařízení Canon iP7200 series (HKLM-x32\...\Registrace uživatele zařízení Canon iP7200 series) (Version: - Canon Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
The Settlers - Rise of an Empire - Gold Edition (HKLM-x32\...\1438268682_is1) (Version: 2.0.0.4 - GOG.com)
The Settlers IV GOLD (HKLM-x32\...\GOGPACKSETTLERS4GOLD_is1) (Version: 2.0.0.4 - GOG.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 78.1 - Ubisoft)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-99061962-4161369856-3824286045-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-24] (Lenovo)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-24] (Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-04] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-10-04] (Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01CEBACC-1E78-424B-A236-09A3048AE14E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {0AB1EF8B-A3E9-40B5-8D03-DDB578F72290} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {21BCEA96-1ECD-4DC6-A70F-7325AA8A0EA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {283C5E15-7761-4056-9A9A-B0BEED08CA97} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {2894977B-EF90-4F0C-873C-250DB2AE1FD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {2AD4193A-E880-4364-AC9D-BD201A0A7999} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {31C7DF61-50DF-4964-BE3B-9F612771220F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D5E7E7C-8DE9-40FE-85B8-A7B711B4096F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3F2F3837-C097-4AA7-AA3F-08E14F3DE588} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {43820763-3C6B-4423-B6F6-96D19AEAE6CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {471C4D95-E1FC-40BF-A71C-2F588D885D5B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {47497F01-53A2-489F-9CE0-8114A1C1A635} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-25] (Synaptics Incorporated)
Task: {477120CA-EBEE-45D9-9133-62D63CC3A63A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4AE567DB-3A23-4EF5-8BA3-97840D4AC277} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56352339-F189-4A84-8837-A8929A26FCBB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5F1BA118-1AAA-4E9B-8AB9-DA196BFA3334} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6E462284-2336-4380-8C79-0E865C0656AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70E8605E-46FE-4C40-A1CA-04015A97DC0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {79DCE592-6049-405B-BDB2-AA4D08E9D595} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-14] (Microsoft Corporation)
Task: {854136BB-EA0C-4A78-943A-24D4185FC248} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {86CABE55-4CD2-411E-AA66-D2E1C70E01BC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {8DB15128-5B6D-44BE-9C3B-CBADC025D3D4} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {8FDDCD55-FC72-47D2-A861-45881F682656} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {9136667B-0FEA-4CF2-8F60-9DAC8155FF3E} - System32\Tasks\S-2-6-45-1348762120-1346907721-1012719275-9206\{QK1WZL55-XYZQ-TCCP-P4RP-EAX5BH1WEW6} => C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\WindowsDefaultHeatProcessor.exe
Task: {96896F1B-28D2-48F3-A180-028A0742C187} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {988E14BC-5110-44AD-980F-2EB8AD23B0FC} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {9C1A191D-AD9F-4538-AC31-7FCDF6194937} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A5F595D1-1382-4697-AB5C-A58942AC805D} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: {AA58FA88-26D9-4107-8AA8-1AF899B7972A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {B11D049B-C431-491A-927A-89FAD11669F8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {B520045D-EB17-4D0D-A9AA-75118662EFA0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-12-12] (Microsoft Corporation)
Task: {B7945576-DD3D-458F-9F7F-1C8086B16D7E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {C31632BD-CAC4-43E2-997E-0EA1D6153069} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {C847DBB2-A721-44F8-862F-FB33D74141C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CAB47459-B1AE-4240-BA36-37AC2BCEF224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1A37899-18CA-401C-A671-5CC542EFE091} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {F4A42DB5-B4F9-4EB0-A6B4-54330213EA2C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {F55F3606-22FA-433F-BA1C-F66D48C60AB7} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 19:20 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-23 10:03 - 2018-12-14 07:50 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 20:00 - 2018-12-14 20:02 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2014-09-19 13:19 - 2010-10-26 05:40 - 000049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-03-26 20:50 - 2014-09-19 14:17 - 000058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2014-09-19 14:11 - 2014-09-19 14:11 - 000815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2018-11-06 17:51 - 2018-11-06 17:51 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 17:51 - 2018-11-06 17:51 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 17:51 - 2018-11-06 17:51 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-04 15:40 - 2018-10-04 15:42 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-14 20:00 - 2018-12-14 20:02 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-02 20:45 - 2018-07-02 20:46 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-11-14 21:56 - 2018-11-14 21:57 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-01 19:56 - 2017-10-01 19:57 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-20 11:32 - 2018-08-20 11:34 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-20 11:32 - 2018-08-20 11:34 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-03-30 11:07 - 2018-03-30 11:09 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-11-14 21:56 - 2018-11-14 21:57 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-28 21:52 - 2018-08-28 21:58 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-30 11:02 - 2018-07-30 11:03 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-18 19:13 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 19:13 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-12-11 21:31 - 2018-12-11 21:31 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-11 21:31 - 2018-12-11 21:31 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 20:33 - 2017-12-01 20:33 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 21:52 - 2018-11-28 21:53 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-11 21:31 - 2018-12-11 21:31 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-11 21:31 - 2018-12-11 21:31 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-12-26 17:52 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-12-26 17:52 - 2018-11-26 21:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-12-26 17:52 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-12-26 17:52 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-12-26 17:52 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-12-26 17:51 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-12-26 17:52 - 2018-11-26 21:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-12-26 17:52 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-12-26 17:52 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-12-26 17:52 - 2018-09-23 01:00 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-12-26 17:52 - 2018-09-23 01:00 - 004083488 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libglesv2.dll
2018-12-26 17:52 - 2018-09-23 01:00 - 000097056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ludmila:.repos [6509768]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA [104]
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72 [98]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2018-12-27 13:53 - 000000841 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-99061962-4161369856-3824286045-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{13C54105-DC7C-4F87-B137-13D293B93DA9}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{0A945015-9FC2-4B5D-A683-9BDA9CF44F0C}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{7A0BCAB3-258B-4B58-88C1-38E6D2BAB0D1}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{4A4DC867-B9AE-424E-A534-7F44B0A2631C}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{A4480595-D565-4950-9A30-7E36B70082DE}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{7B9A23D7-DF79-4AF4-85F6-CA6E027913F9}] => (Allow) C:\Users\Ludmila\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{2301CB45-8783-44FB-B7C3-02510F9B56F2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{C5CCA6A8-A203-4CAC-9F70-DE6A5438CCD0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{3C6D0CC5-CC32-402D-AB04-D0E7CA56EDBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{E9624560-55C0-4288-90C0-972B856D27CD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{478FCA57-FF68-43D8-925E-00B8BF6CF6C0}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (Lenovo)
FirewallRules: [{61A0C4F5-96FA-48D4-B52B-E7979DE1E07E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (Lenovo)
FirewallRules: [{E16E1749-428F-468A-AC55-971EAD3EBDF3}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp.)
FirewallRules: [{74953A22-0283-4B83-92A9-1DD772944E66}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp.)
FirewallRules: [{1CA71831-6078-4942-926D-630200626B66}] => (Allow) LPort=55100
FirewallRules: [{C8AAFDC4-2533-4689-9007-0CE98C5971EF}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo)
FirewallRules: [{AFFFD4AB-9897-4AC1-A0DC-8236091B52FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{BD244D3F-8BA2-4329-A6EA-5D3FD1413DCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [TCP Query User{398A8892-7731-4670-A7CA-E8002099CA90}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{A0F7BA37-2180-46B2-89BF-906EB6AD0FA4}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Corporation)
FirewallRules: [{192296FB-37B7-4089-9E5D-B2C1EEB91742}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{8EF695D8-BB83-4C34-8445-D7ADF3219C7F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
==================== Restore Points =========================
23-12-2018 09:58:16 Windows Update
26-12-2018 20:02:39 Nainstalováno rozhraní DirectX
27-12-2018 15:02:25 JRT Pre-Junkware Removal
27-12-2018 17:29:00 Malwarebytes Anti-Rootkit Restore Point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2018 05:34:29 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 04:25:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 03:00:48 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 01:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x2978
Čas spuštění chybující aplikace: 0x01d49de2d5d65120
Cesta k chybující aplikaci: C:\Users\Ludmila\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 13892384-1d41-4f65-ba15-94a7e282cd0e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/27/2018 01:51:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.IOException
na System.IO.__Error.WinIOError(Int32, System.String)
na System.Console.SetWindowSize(Int32, Int32)
na DriverAndServicesOut.Program.Main(System.String[])
Error: (12/27/2018 01:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zoek.exe, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x3da51fd0
Kód výjimky: 0xc0000409
Posun chyby: 0x00111812
ID chybujícího procesu: 0x1e28
Čas spuštění chybující aplikace: 0x01d49de21f9e412b
Cesta k chybující aplikaci: C:\Users\Ludmila\Desktop\zoek.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 3b4458df-80c0-4243-a8df-7c06ddac0526
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/27/2018 12:30:26 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (12/27/2018 12:16:07 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LENOVO-PC)
Description: httphttp-2147467263
System errors:
=============
Error: (12/27/2018 08:53:40 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 07:43:14 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 07:41:59 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Lenovo-PC\Ludmila (SID: S-1-5-21-99061962-4161369856-3824286045-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (12/27/2018 06:52:32 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 06:51:32 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Lenovo-PC\Ludmila (SID: S-1-5-21-99061962-4161369856-3824286045-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (12/27/2018 05:36:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {784E29F4-5EBE-4279-9948-1E8FE941646D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 05:35:34 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (12/27/2018 05:34:28 PM) (Source: DCOM) (EventID: 10016) (User: LENOVO-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli Lenovo-PC\Ludmila (SID: S-1-5-21-99061962-4161369856-3824286045-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Windows Defender:
===================================
Date: 2018-12-27 13:48:12.896
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\Desktop\zoek.exe; process:_pid:7720,ProcessStart:131903883619221803
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.1605.0, AS: 1.283.1605.0, NIS: 1.283.1605.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-27 13:46:10.115
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\Desktop\zoek.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.1605.0, AS: 1.283.1605.0, NIS: 1.283.1605.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-26 22:07:17.731
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\KBDROST.exe; process:_pid:9416,ProcessStart:131903312505504573
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.1559.0, AS: 1.283.1559.0, NIS: 1.283.1559.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-26 21:54:48.819
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\KBDROST.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lenovo-PC\Ludmila
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze podpisu: AV: 1.283.1559.0, AS: 1.283.1559.0, NIS: 1.283.1559.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-26 21:54:16.891
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Ludmila\AppData\Roaming\amd64_netfx4-system.core_b03f5f7f11d50a3a_4.0.15680.120_none_3222d21eb3852341\KBDROST.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: Lenovo-PC\Ludmila
Název procesu: C:\Windows\System32\conhost.exe
Verze podpisu: AV: 1.283.1559.0, AS: 1.283.1559.0, NIS: 1.283.1559.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-27 17:42:36.905
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1622.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x8024402c
Popis chyby
ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. Date: 2018-12-27 16:32:55.393
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1616.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chyby
ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. Date: 2018-12-26 22:08:10.385
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1559.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chyby
ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. Date: 2018-12-26 21:10:03.367
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1534.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chyby
ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. Date: 2018-12-26 20:49:45.469
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1534.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240438
Popis chyby
ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. CodeIntegrity:
===================================
Date: 2018-12-26 19:07:49.515
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-26 19:07:48.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-26 19:07:47.942
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-26 19:07:47.285
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.269
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-16 11:26:54.202
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 67%
Total physical RAM: 3979.21 MB
Available physical RAM: 1304.88 MB
Total Virtual: 4683.21 MB
Available Virtual: 1558.75 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.14 GB) (Free:229.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.6 GB) NTFS
\\?\Volume{38cd929b-4ea5-45de-a84c-447b1ee1ac23}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{386f4fc9-cd0f-40f1-a1c9-0d920b5b7fbe}\ (PBR_DRV) (Fixed) (Total:13.29 GB) (Free:3.74 GB) NTFS
\\?\Volume{59bffc35-eca1-45ff-8128-c6aeb13a0da8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8F6E0211)
Partition: GPT.
==================== End of Addition.txt ============================
Re: Trojan Tofsee - kontrola logu
Vycisti PC s CCleanerom - restart
a prescanuj s https://support.kaspersky.com/viruses/u ... TDSSKiller
a prescanuj s https://support.kaspersky.com/viruses/u ... TDSSKiller
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Trojan Tofsee - kontrola logu
Objevena jedna hrozba, když jsem dala cure, objevilo se:
"Can't cure MBR. Write standard boot code? If you have installed custom bootloader (eg Acronis, Grub, Lilo), you will need to reinstall them after the treatment."
A můžu dát yes nebo no. Co teď?
"Can't cure MBR. Write standard boot code? If you have installed custom bootloader (eg Acronis, Grub, Lilo), you will need to reinstall them after the treatment."
A můžu dát yes nebo no. Co teď?
Re: Trojan Tofsee - kontrola logu
Tak jsem to nějak poklikala, vyrestartovala a vypadá to, že to pomohlo. ESET už neprotestuje. Vše se jeví čisté. Páni, vy jste fakt kouzelníci. Děkuju za asistenci a navigování, co s tím. Jste skvělí! Díky, díky, díky!
Re: Trojan Tofsee - kontrola logu
Ahoj,
som rad, ze sa akcia podarila. Bud viac opatrna, toto bolo fakt silne a komplikovane zavirene,
nabuduce mozes prist o data ,,,,
Rado sa stalo a pekneho Silvestra ☺
som rad, ze sa akcia podarila. Bud viac opatrna, toto bolo fakt silne a komplikovane zavirene,
nabuduce mozes prist o data ,,,,
Rado sa stalo a pekneho Silvestra ☺
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?