Asi Policejní vir
Napsal: 06 bře 2018 15:26
Dobrý den.
Rodiče mi tvrdili, že jim vyskočila na webovém prohlížeči hláška o tom, že stahovali porno, nelegální věci, dětskou pornografii. Na obrázku stál policajt s čepicí a vyžadovali do 24 hodin 4 000 Kč.
Osobně si myslím, že to ransomware nebyl, jen vyskakovací okno, ale jistota je jistota. PC se nehlásilo nijak podivně. Pouze jim zde nešel internet, ale výpadky tu mají stále (nestabilní ADSL od O2)
Prohnal jsem PC adwcleanerem_7.0.8.0 a nejdříve něco nalezl, vymzal jsem a poté již OK.
Nyní jsem ještě pro jistotu prohnal s RSITx64.exe a vkládám log. Prosím o kontrolu. Děkuji:
------------------------------------------------------------------------------------------------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by Máma a Táta at 2018-03-06 15:17:26
Microsoft Windows 10 Home
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 4094 MB (46% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:36, on 06.03.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\trend micro\Máma a Táta_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\MICROS~1\Office16\GROOVEEX.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat do On&eNotu - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Poslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Poslat do On&eNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: wampapache64 - Apache Software Foundation - c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe
O23 - Service: wampmysqld64 - Unknown owner - c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 8441 bytes
====== Enumerating Processes ======
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b3b3eecb-6944-49c9-be5c-df3b808d5936 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-736f6230-d3bd-4523-a1cd-6c908628287f -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d21bda8c-6a68-4529-bfd3-0fcd6c93632d -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-fc0ac2bc-454c-42e6-8cfe-b5edca5bc72d -LifetimeId:db67a6c3-b78b-4cf4-85b9-3d2782f4f1b2 -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\KMSpico\Service_KMS.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe" -k runservice
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe -d C:/wamp64/bin/apache/apache2.4.23
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -s W32Time
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
C:\WINDOWS\Explorer.EXE
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files\Windows Defender\MSASCuiL.exe"
C:\Windows\System32\smartscreen.exe -Embedding
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\AUDIODG.EXE 0x49c
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\totalcmd\TOTALCMD64.EXE"
"C:\WINDOWS\system32\NOTEPAD.EXE" I:\Antivir\Postup.txt
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{7E55A26D-EF95-4A45-9F55-21E52ADF9887}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=64.0.3282.186 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ffb3edb2050,0x7ffb3edb2060,0x7ffb3edb2070
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7956 --on-initialized-event-handle=648 --parent-handle=652 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1448,1687658695776535940,14594573836380311473,131072 --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --gpu-vendor-id=0x1002 --gpu-device-id=0x68b8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.201.1151.1008 --gpu-driver-date=11-4-2015 --service-request-channel-token=3296D0F7AB7BBC02AB710430F10876A5 --mojo-platform-channel-handle=1456 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1448,1687658695776535940,14594573836380311473,131072 --service-pipe-token=8DF1208456FD42F695F0ED7705EC8E96 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=1 --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=8DF1208456FD42F695F0ED7705EC8E96 --renderer-client-id=3 --mojo-platform-channel-handle=2076 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1448,1687658695776535940,14594573836380311473,131072 --service-pipe-token=FB98191C0425C838CA7BC1B47138C065 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=1 --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=FB98191C0425C838CA7BC1B47138C065 --renderer-client-id=7 --mojo-platform-channel-handle=5232 /prefetch:1
"C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\SwReporter\25.141.202\software_reporter_tool.exe" --engine=2 --session-id=NQqS2hdqjlHgvEVPYyzhI6Hs//oKPJcMjg5X9XDN --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment
"c:\users\máma a táta\appdata\local\google\chrome\user data\swreporter\25.141.202\software_reporter_tool.exe" --crash-handler "--database=c:\users\máma a táta\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=25.141.202 --initial-client-data=0x23c,0x234,0x240,0x238,0x244,0x7ff6ba0f9e10,0x7ff6ba0f9e28,0x7ff6ba0f9e40
"c:\users\máma a táta\appdata\local\google\chrome\user data\swreporter\25.141.202\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_1644_RJUKBFNIUSGGUZTK" --sandboxed-process-id=1 --sandbox-mojo-pipe-token=4A57E0B8081B904F2907696B6E366619 --mojo-platform-channel-handle=628 --engine=2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Microsoft.XboxApp.AppXf74jmpwd42x7vxttda454sh29n0qpb8x.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"D:\Filmy_z_netu\RSITx64.exe"
====== Scheduled tasks folder ======
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\AutoPico Daily Restart - "C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\klcp_update - "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1483796268 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Recovery-Check - %SystemRoot%\System32\dsregcmd.exe /checkrecovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WaaSMedic\PerformRemediation - %systemroot%\System32\WaaSMedic.exe None
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr - %windir%\System32\UNP\UpdateNotificationMgr.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\LoginCheck - %windir%\system32\sc.exe start pushtoinstall login
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\Registration - %windir%\system32\sc.exe start pushtoinstall registration
C:\WINDOWS\system32\tasks\Microsoft\Windows\Printing\EduPrintProv - %windir%\system32\eduprintprov.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Chkdsk\SyspartRepair - %windir%\system32\bcdboot.exe %windir% /sysrepair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload
=========Mozilla firefox=========
ProfilePath - C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\MICROS~1\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL
C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default\extensions.json
Adblock Plus - webextension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -
Application Update Service Helper - extension - aushelper@mozilla.org -
Multi-process staged rollout - extension - e10srollout@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Firefox Screenshots - extension - screenshots@mozilla.org -
Web Compat - extension - webcompat@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Click-to-Play staged rollout - extension - clicktoplay-rollout@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default\pluginreg.dat
=========Google Chrome=========
C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.13.5
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage:
default_search_provider.search_url:
C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 1512152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe [2017-09-29 20488312]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2014-01-17 1284680]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-03-06 15:17:26 ----D---- C:\rsit
2018-03-06 15:17:26 ----D---- C:\Program Files\trend micro
2018-02-15 18:09:48 ----D---- C:\WINDOWS\system32\drivers\wd
2018-02-14 19:03:33 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 19:03:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2018-02-14 19:03:32 ----A---- C:\WINDOWS\SYSWOW64\nlaapi.dll
2018-02-14 19:03:32 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-02-14 19:03:30 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\evr.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\hal.dll
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2018-02-14 19:03:26 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\system32\dxtrans.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\nshhttp.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\evr.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\InputService.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-02-14 19:03:23 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-02-14 19:03:22 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 19:03:22 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-02-14 19:03:22 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\mshtmled.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\ncsi.dll
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-02-14 19:03:17 ----A---- C:\WINDOWS\system32\wininet.dll
2018-02-14 19:03:17 ----A---- C:\WINDOWS\system32\msIso.dll
2018-02-14 19:03:17 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-02-14 19:03:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-02-14 19:03:16 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-02-14 19:03:15 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-02-14 19:03:13 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-02-14 19:03:13 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\nlaapi.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\ISM.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\convertvhd.exe
2018-02-14 19:03:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2018-02-14 19:03:11 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\system32\nlasvc.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\wow64.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\twinui.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\comdlg32.dll
2018-02-14 19:03:09 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-02-14 19:03:09 ----A---- C:\WINDOWS\system32\shell32.dll
2018-02-14 19:03:09 ----A---- C:\WINDOWS\explorer.exe
2018-02-14 19:03:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-14 19:03:08 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-02-14 19:03:08 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-14 19:03:08 ----A---- C:\WINDOWS\system32\mfps.dll
2018-02-14 19:03:03 ----A---- C:\WINDOWS\system32\usocore.dll
2018-02-14 19:03:03 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2018-02-14 19:03:03 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-02-14 19:02:59 ----A---- C:\WINDOWS\system32\vac.exe
2018-02-14 19:02:58 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\SRH.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\winresume.exe
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\winload.exe
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\ci.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\devinv.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-02-14 19:02:55 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-02-14 19:02:55 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\efscore.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\usercpl.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\tquery.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\StateRepository.Core.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\rtmpltfm.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-02-14 19:02:50 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\system32\sppwinob.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\system32\Wpc.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\mmc.exe
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\mf.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\aepic.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\nshhttp.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\WpcMon.exe
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\VSSVC.exe
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\rtmpal.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\invagent.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\StructuredQuery.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\shutdownux.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\authui.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\setupapi.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\rtmpal.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\setupapi.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\localspl.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\efswrt.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\rtmcodecs.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\mspaint.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\Magnify.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\lsm.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2018-02-14 19:02:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\SYSWOW64\winbrand.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\winbrand.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\webio.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\vssapi.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\SettingSync.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\WMVXENCD.DLL
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\srcore.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\rastls.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\gameux.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\FsIso.exe
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\sppcomapi.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\rtmmvrortc.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\ortcengine.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Magnify.exe
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\CloudNotifications.exe
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\wldp.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\rasgcw.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\ortcengine.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\edputil.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\aclui.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\vssapi.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\edputil.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\DeviceReactivation.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\twinapi.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\WMVSENCD.DLL
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\SyncCenter.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\PCShellCommonProxyStub.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\OneCoreCommonProxyStub.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\davclnt.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\WebClnt.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\themecpl.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\sud.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\srchadmin.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\shsetup.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\mmcbase.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\hgcpl.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\davclnt.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\themeui.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\shsetup.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\setup16.exe
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\mssprxy.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\themeui.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\stobject.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\netplwiz.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\ListSvc.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\FontProvider.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\browserexport.exe
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\bootux.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\authz.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\winsku.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\UserDeviceRegistration.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\twext.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\sendmail.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\regsvr32.exe
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\rshx32.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\regsvr32.exe
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\ntshrui.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\fontext.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\virtdisk.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\srchadmin.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\SearchFilterHost.exe
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\mmcbase.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\EnterpriseAppMgmtClient.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\winsku.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\virtdisk.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\twext.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\SettingMonitor.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\rstrui.exe
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\LockScreenContent.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\dsreg.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\SYSWOW64\user.exe
2018-02-14 19:02:33 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeHelper.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\system32\wups2.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\system32\tzres.dll
====== List of files/folders modified in the last 1 month ======
2018-03-06 15:17:34 ----D---- C:\WINDOWS\Prefetch
2018-03-06 15:17:26 ----RD---- C:\Program Files
2018-03-06 15:16:39 ----HD---- C:\Program Files\WindowsApps
2018-03-06 15:16:37 ----D---- C:\WINDOWS\Temp
2018-03-06 15:16:37 ----D---- C:\WINDOWS\AppReadiness
2018-03-06 15:13:32 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-06 15:12:19 ----D---- C:\WINDOWS\System32
2018-03-06 15:12:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-06 15:11:07 ----D---- C:\AdwCleaner
2018-03-06 15:06:48 ----D---- C:\WINDOWS\system32\sru
2018-03-06 15:05:54 ----AD---- C:\Program Files (x86)\Opera
2018-03-06 14:53:47 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-06 14:32:10 ----D---- C:\WINDOWS\system32\NDF
2018-03-06 14:25:52 ----AD---- C:\Program Files (x86)\TeamViewer
2018-03-05 19:11:03 ----D---- C:\WINDOWS\system32\catroot2
2018-03-05 18:45:37 ----D---- C:\WINDOWS\Logs
2018-03-05 13:03:28 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-05 11:00:13 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-03 05:33:12 ----D---- C:\WINDOWS\system32\Tasks
2018-03-02 09:52:14 ----RD---- C:\Program Files\Windows Defender
2018-03-01 04:42:01 ----SHD---- C:\WINDOWS\Installer
2018-02-25 18:09:51 ----D---- C:\WINDOWS\system32\config
2018-02-24 09:52:37 ----D---- C:\WINDOWS\SysWOW64
2018-02-19 05:44:29 ----D---- C:\WINDOWS\rescache
2018-02-18 12:26:14 ----D---- C:\WINDOWS\system32\DriverStore
2018-02-18 12:26:12 ----D---- C:\WINDOWS\WinSxS
2018-02-18 10:37:43 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-02-18 10:37:43 ----D---- C:\WINDOWS\system32\drivers
2018-02-18 10:37:43 ----D---- C:\Windows
2018-02-18 10:37:42 ----D---- C:\WINDOWS\INF
2018-02-15 18:07:25 ----D---- C:\WINDOWS\TextInput
2018-02-15 18:07:25 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-02-15 18:07:25 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\wbem
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\oobe
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\migration
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\Boot
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\appraiser
2018-02-15 18:07:23 ----D---- C:\WINDOWS\ShellExperiences
2018-02-15 18:07:23 ----D---- C:\WINDOWS\bcastdvr
2018-02-15 18:07:23 ----D---- C:\WINDOWS\apppatch
2018-02-14 19:09:42 ----D---- C:\WINDOWS\system32\MRT
2018-02-14 19:09:37 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 19:09:31 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-02-14 19:07:14 ----D---- C:\WINDOWS\CbsTemp
File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 59800]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
R3 AtiHDAudioService;@oem4.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2016-04-18 110096]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2017-09-29 604160]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 HyperVideo;HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [2017-09-29 28160]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2018-01-01 192512]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2017-09-29 1849752]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2017-09-29 146944]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-16 255472]
R2 CDPUserSvc_4ca1b;Uživatelská služba platformy připojených zařízení_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 OneSyncSvc_4ca1b;Hostitel synchronizace_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-02-10 519144]
R2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2015-08-30 737984]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-12-18 10803440]
R3 PimIndexMaintenanceSvc_4ca1b;Data kontaktů_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
R3 TokenBroker;@%systemroot%\system32\tokenbroker.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\TokenBroker.dll
R3 UnistoreSvc_4ca1b;Úložiště uživatelských dat_4ca1b; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; %SystemRoot%\system32\svchost.exe -k appmodel -p;"ServiceDll" = %SystemRoot%\system32\CapabilityAccessManager.dll
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_4ca1b;Tok zařízení_4ca1b; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k diagnostics;"ServiceDll" = %systemroot%\system32\DiagSvc.dll
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup;"ServiceDll" = %SystemRoot%\System32\GraphicsPerfSvc.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\InstallService.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_4ca1b;Služba zasílání zpráv_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-11-16 194000]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 242864]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; %SystemRoot%\system32\svchost.exe -k PrintWorkflow;"ServiceDll" = %SystemRoot%\System32\PrintWorkflowService.dll
S3 PrintWorkflowUserSvc_4ca1b;PrintWorkflow_4ca1b; C:\WINDOWS\system32\svchost.exe -k PrintWorkflow;"ServiceDll" =
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\PushToInstall.dll
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\System32\SharedRealitySvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-01-01 956416]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
-----------------EOF-----------------
Rodiče mi tvrdili, že jim vyskočila na webovém prohlížeči hláška o tom, že stahovali porno, nelegální věci, dětskou pornografii. Na obrázku stál policajt s čepicí a vyžadovali do 24 hodin 4 000 Kč.
Osobně si myslím, že to ransomware nebyl, jen vyskakovací okno, ale jistota je jistota. PC se nehlásilo nijak podivně. Pouze jim zde nešel internet, ale výpadky tu mají stále (nestabilní ADSL od O2)
Prohnal jsem PC adwcleanerem_7.0.8.0 a nejdříve něco nalezl, vymzal jsem a poté již OK.
Nyní jsem ještě pro jistotu prohnal s RSITx64.exe a vkládám log. Prosím o kontrolu. Děkuji:
------------------------------------------------------------------------------------------------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by Máma a Táta at 2018-03-06 15:17:26
Microsoft Windows 10 Home
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 4094 MB (46% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:36, on 06.03.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\trend micro\Máma a Táta_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\MICROS~1\Office16\GROOVEEX.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat do On&eNotu - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Poslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Poslat do On&eNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: wampapache64 - Apache Software Foundation - c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe
O23 - Service: wampmysqld64 - Unknown owner - c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 8441 bytes
====== Enumerating Processes ======
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b3b3eecb-6944-49c9-be5c-df3b808d5936 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-736f6230-d3bd-4523-a1cd-6c908628287f -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d21bda8c-6a68-4529-bfd3-0fcd6c93632d -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-fc0ac2bc-454c-42e6-8cfe-b5edca5bc72d -LifetimeId:db67a6c3-b78b-4cf4-85b9-3d2782f4f1b2 -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\KMSpico\Service_KMS.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe" -k runservice
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe -d C:/wamp64/bin/apache/apache2.4.23
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -s W32Time
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
C:\WINDOWS\Explorer.EXE
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files\Windows Defender\MSASCuiL.exe"
C:\Windows\System32\smartscreen.exe -Embedding
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\AUDIODG.EXE 0x49c
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\totalcmd\TOTALCMD64.EXE"
"C:\WINDOWS\system32\NOTEPAD.EXE" I:\Antivir\Postup.txt
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{7E55A26D-EF95-4A45-9F55-21E52ADF9887}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=64.0.3282.186 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ffb3edb2050,0x7ffb3edb2060,0x7ffb3edb2070
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7956 --on-initialized-event-handle=648 --parent-handle=652 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1448,1687658695776535940,14594573836380311473,131072 --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --gpu-vendor-id=0x1002 --gpu-device-id=0x68b8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.201.1151.1008 --gpu-driver-date=11-4-2015 --service-request-channel-token=3296D0F7AB7BBC02AB710430F10876A5 --mojo-platform-channel-handle=1456 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1448,1687658695776535940,14594573836380311473,131072 --service-pipe-token=8DF1208456FD42F695F0ED7705EC8E96 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=1 --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=8DF1208456FD42F695F0ED7705EC8E96 --renderer-client-id=3 --mojo-platform-channel-handle=2076 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1448,1687658695776535940,14594573836380311473,131072 --service-pipe-token=FB98191C0425C838CA7BC1B47138C065 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=1 --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=FB98191C0425C838CA7BC1B47138C065 --renderer-client-id=7 --mojo-platform-channel-handle=5232 /prefetch:1
"C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\SwReporter\25.141.202\software_reporter_tool.exe" --engine=2 --session-id=NQqS2hdqjlHgvEVPYyzhI6Hs//oKPJcMjg5X9XDN --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment
"c:\users\máma a táta\appdata\local\google\chrome\user data\swreporter\25.141.202\software_reporter_tool.exe" --crash-handler "--database=c:\users\máma a táta\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=25.141.202 --initial-client-data=0x23c,0x234,0x240,0x238,0x244,0x7ff6ba0f9e10,0x7ff6ba0f9e28,0x7ff6ba0f9e40
"c:\users\máma a táta\appdata\local\google\chrome\user data\swreporter\25.141.202\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_1644_RJUKBFNIUSGGUZTK" --sandboxed-process-id=1 --sandbox-mojo-pipe-token=4A57E0B8081B904F2907696B6E366619 --mojo-platform-channel-handle=628 --engine=2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Microsoft.XboxApp.AppXf74jmpwd42x7vxttda454sh29n0qpb8x.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"D:\Filmy_z_netu\RSITx64.exe"
====== Scheduled tasks folder ======
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\AutoPico Daily Restart - "C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\klcp_update - "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1483796268 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Recovery-Check - %SystemRoot%\System32\dsregcmd.exe /checkrecovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WaaSMedic\PerformRemediation - %systemroot%\System32\WaaSMedic.exe None
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr - %windir%\System32\UNP\UpdateNotificationMgr.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\LoginCheck - %windir%\system32\sc.exe start pushtoinstall login
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\Registration - %windir%\system32\sc.exe start pushtoinstall registration
C:\WINDOWS\system32\tasks\Microsoft\Windows\Printing\EduPrintProv - %windir%\system32\eduprintprov.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Chkdsk\SyspartRepair - %windir%\system32\bcdboot.exe %windir% /sysrepair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload
=========Mozilla firefox=========
ProfilePath - C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\MICROS~1\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL
C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default\extensions.json
Adblock Plus - webextension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -
Application Update Service Helper - extension - aushelper@mozilla.org -
Multi-process staged rollout - extension - e10srollout@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Firefox Screenshots - extension - screenshots@mozilla.org -
Web Compat - extension - webcompat@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Click-to-Play staged rollout - extension - clicktoplay-rollout@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
C:\Users\Máma a Táta\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1dgbf.default\pluginreg.dat
=========Google Chrome=========
C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.13.5
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage:
default_search_provider.search_url:
C:\Users\Máma a Táta\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 1512152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe [2017-09-29 20488312]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2014-01-17 1284680]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-03-06 15:17:26 ----D---- C:\rsit
2018-03-06 15:17:26 ----D---- C:\Program Files\trend micro
2018-02-15 18:09:48 ----D---- C:\WINDOWS\system32\drivers\wd
2018-02-14 19:03:33 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 19:03:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2018-02-14 19:03:32 ----A---- C:\WINDOWS\SYSWOW64\nlaapi.dll
2018-02-14 19:03:32 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-02-14 19:03:31 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-02-14 19:03:30 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-02-14 19:03:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\evr.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-02-14 19:03:28 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\hal.dll
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-02-14 19:03:27 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2018-02-14 19:03:26 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-02-14 19:03:26 ----A---- C:\WINDOWS\system32\dxtrans.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\nshhttp.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\evr.dll
2018-02-14 19:03:25 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\InputService.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-14 19:03:24 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-02-14 19:03:23 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-14 19:03:23 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-02-14 19:03:22 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 19:03:22 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-02-14 19:03:22 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\mshtmled.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-02-14 19:03:21 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2018-02-14 19:03:20 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-02-14 19:03:19 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\ncsi.dll
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-02-14 19:03:18 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-02-14 19:03:17 ----A---- C:\WINDOWS\system32\wininet.dll
2018-02-14 19:03:17 ----A---- C:\WINDOWS\system32\msIso.dll
2018-02-14 19:03:17 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-02-14 19:03:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-02-14 19:03:16 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-02-14 19:03:15 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-02-14 19:03:14 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-02-14 19:03:13 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-02-14 19:03:13 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\nlaapi.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\ISM.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-14 19:03:12 ----A---- C:\WINDOWS\system32\convertvhd.exe
2018-02-14 19:03:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2018-02-14 19:03:11 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\system32\nlasvc.dll
2018-02-14 19:03:11 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\wow64.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\twinui.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-14 19:03:10 ----A---- C:\WINDOWS\system32\comdlg32.dll
2018-02-14 19:03:09 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-02-14 19:03:09 ----A---- C:\WINDOWS\system32\shell32.dll
2018-02-14 19:03:09 ----A---- C:\WINDOWS\explorer.exe
2018-02-14 19:03:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-14 19:03:08 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-02-14 19:03:08 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-14 19:03:08 ----A---- C:\WINDOWS\system32\mfps.dll
2018-02-14 19:03:03 ----A---- C:\WINDOWS\system32\usocore.dll
2018-02-14 19:03:03 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2018-02-14 19:03:03 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-02-14 19:02:59 ----A---- C:\WINDOWS\system32\vac.exe
2018-02-14 19:02:58 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\SRH.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-14 19:02:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\winresume.exe
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\winload.exe
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\ci.dll
2018-02-14 19:02:57 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\devinv.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-02-14 19:02:56 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-02-14 19:02:55 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-02-14 19:02:55 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\efscore.dll
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-02-14 19:02:54 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\usercpl.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-14 19:02:53 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-14 19:02:52 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\tquery.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-14 19:02:51 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\StateRepository.Core.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\rtmpltfm.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-02-14 19:02:50 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-14 19:02:50 ----A---- C:\WINDOWS\system32\sppwinob.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\system32\Wpc.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-14 19:02:49 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\mmc.exe
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\mf.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2018-02-14 19:02:48 ----A---- C:\WINDOWS\system32\aepic.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\nshhttp.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\WpcMon.exe
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\VSSVC.exe
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\rtmpal.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-14 19:02:47 ----A---- C:\WINDOWS\system32\invagent.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\StructuredQuery.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-02-14 19:02:46 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\shutdownux.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\authui.dll
2018-02-14 19:02:45 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\setupapi.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\rtmpal.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-02-14 19:02:44 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\setupapi.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\localspl.dll
2018-02-14 19:02:43 ----A---- C:\WINDOWS\system32\efswrt.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\rtmcodecs.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\mspaint.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\Magnify.exe
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\lsm.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-14 19:02:42 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2018-02-14 19:02:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\SYSWOW64\winbrand.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\winbrand.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\webio.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\vssapi.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\SettingSync.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-02-14 19:02:41 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\WMVXENCD.DLL
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\srcore.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\rastls.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\gameux.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\FsIso.exe
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-14 19:02:40 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\sppcomapi.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\rtmmvrortc.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\ortcengine.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\Magnify.exe
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\SYSWOW64\CloudNotifications.exe
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\wldp.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\rasgcw.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\ortcengine.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\edputil.dll
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-02-14 19:02:39 ----A---- C:\WINDOWS\system32\aclui.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\vssapi.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\edputil.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\DeviceReactivation.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\twinapi.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-02-14 19:02:38 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\WMVSENCD.DLL
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\SyncCenter.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\PCShellCommonProxyStub.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\OneCoreCommonProxyStub.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\SYSWOW64\davclnt.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\WebClnt.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\themecpl.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\sud.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\srchadmin.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\shsetup.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\mmcbase.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\hgcpl.dll
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-02-14 19:02:37 ----A---- C:\WINDOWS\system32\davclnt.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\themeui.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\shsetup.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\setup16.exe
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\mssprxy.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\themeui.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\stobject.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\netplwiz.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\ListSvc.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\FontProvider.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\browserexport.exe
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\bootux.dll
2018-02-14 19:02:36 ----A---- C:\WINDOWS\system32\authz.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\winsku.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\UserDeviceRegistration.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\twext.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\sendmail.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\regsvr32.exe
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\rshx32.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\regsvr32.exe
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\ntshrui.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\fontext.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-02-14 19:02:35 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\virtdisk.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\srchadmin.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\SearchFilterHost.exe
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\mmcbase.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\EnterpriseAppMgmtClient.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\winsku.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\virtdisk.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\twext.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\SettingMonitor.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\rstrui.exe
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\LockScreenContent.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\dsreg.dll
2018-02-14 19:02:34 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\SYSWOW64\user.exe
2018-02-14 19:02:33 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeHelper.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\system32\wups2.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-02-14 19:02:33 ----A---- C:\WINDOWS\system32\tzres.dll
====== List of files/folders modified in the last 1 month ======
2018-03-06 15:17:34 ----D---- C:\WINDOWS\Prefetch
2018-03-06 15:17:26 ----RD---- C:\Program Files
2018-03-06 15:16:39 ----HD---- C:\Program Files\WindowsApps
2018-03-06 15:16:37 ----D---- C:\WINDOWS\Temp
2018-03-06 15:16:37 ----D---- C:\WINDOWS\AppReadiness
2018-03-06 15:13:32 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-06 15:12:19 ----D---- C:\WINDOWS\System32
2018-03-06 15:12:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-06 15:11:07 ----D---- C:\AdwCleaner
2018-03-06 15:06:48 ----D---- C:\WINDOWS\system32\sru
2018-03-06 15:05:54 ----AD---- C:\Program Files (x86)\Opera
2018-03-06 14:53:47 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-06 14:32:10 ----D---- C:\WINDOWS\system32\NDF
2018-03-06 14:25:52 ----AD---- C:\Program Files (x86)\TeamViewer
2018-03-05 19:11:03 ----D---- C:\WINDOWS\system32\catroot2
2018-03-05 18:45:37 ----D---- C:\WINDOWS\Logs
2018-03-05 13:03:28 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-05 11:00:13 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-03 05:33:12 ----D---- C:\WINDOWS\system32\Tasks
2018-03-02 09:52:14 ----RD---- C:\Program Files\Windows Defender
2018-03-01 04:42:01 ----SHD---- C:\WINDOWS\Installer
2018-02-25 18:09:51 ----D---- C:\WINDOWS\system32\config
2018-02-24 09:52:37 ----D---- C:\WINDOWS\SysWOW64
2018-02-19 05:44:29 ----D---- C:\WINDOWS\rescache
2018-02-18 12:26:14 ----D---- C:\WINDOWS\system32\DriverStore
2018-02-18 12:26:12 ----D---- C:\WINDOWS\WinSxS
2018-02-18 10:37:43 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-02-18 10:37:43 ----D---- C:\WINDOWS\system32\drivers
2018-02-18 10:37:43 ----D---- C:\Windows
2018-02-18 10:37:42 ----D---- C:\WINDOWS\INF
2018-02-15 18:07:25 ----D---- C:\WINDOWS\TextInput
2018-02-15 18:07:25 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-02-15 18:07:25 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\wbem
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\oobe
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\migration
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\Boot
2018-02-15 18:07:24 ----D---- C:\WINDOWS\system32\appraiser
2018-02-15 18:07:23 ----D---- C:\WINDOWS\ShellExperiences
2018-02-15 18:07:23 ----D---- C:\WINDOWS\bcastdvr
2018-02-15 18:07:23 ----D---- C:\WINDOWS\apppatch
2018-02-14 19:09:42 ----D---- C:\WINDOWS\system32\MRT
2018-02-14 19:09:37 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 19:09:31 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-02-14 19:07:14 ----D---- C:\WINDOWS\CbsTemp
File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 59800]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
R3 AtiHDAudioService;@oem4.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2016-04-18 110096]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2017-09-29 604160]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 HyperVideo;HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [2017-09-29 28160]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2018-01-01 192512]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2017-09-29 1849752]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2017-09-29 146944]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-16 255472]
R2 CDPUserSvc_4ca1b;Uživatelská služba platformy připojených zařízení_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 OneSyncSvc_4ca1b;Hostitel synchronizace_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-02-10 519144]
R2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2015-08-30 737984]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-12-18 10803440]
R3 PimIndexMaintenanceSvc_4ca1b;Data kontaktů_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
R3 TokenBroker;@%systemroot%\system32\tokenbroker.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\TokenBroker.dll
R3 UnistoreSvc_4ca1b;Úložiště uživatelských dat_4ca1b; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; %SystemRoot%\system32\svchost.exe -k appmodel -p;"ServiceDll" = %SystemRoot%\system32\CapabilityAccessManager.dll
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_4ca1b;Tok zařízení_4ca1b; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k diagnostics;"ServiceDll" = %systemroot%\system32\DiagSvc.dll
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup;"ServiceDll" = %SystemRoot%\System32\GraphicsPerfSvc.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\InstallService.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_4ca1b;Služba zasílání zpráv_4ca1b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-11-16 194000]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 242864]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; %SystemRoot%\system32\svchost.exe -k PrintWorkflow;"ServiceDll" = %SystemRoot%\System32\PrintWorkflowService.dll
S3 PrintWorkflowUserSvc_4ca1b;PrintWorkflow_4ca1b; C:\WINDOWS\system32\svchost.exe -k PrintWorkflow;"ServiceDll" =
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\PushToInstall.dll
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\System32\SharedRealitySvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-01-01 956416]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
-----------------EOF-----------------