﻿Лог утилиты random's system information tool 1.16(автор: random/random)
Run by Janna at 2021-08-03 20:03:07
Microsoft Windows 7 Профессиональная  Service Pack 1
Системный раздел C: размер 17 GB (34%) Свободно 50 GB
Total RAM: 8045 MB (68% free)
X64

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:03:07, on 03.08.2021
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)


Boot mode: Normal

Running processes:
C:\Windows\runSW.exe
C:\Windows\SwUSB.exe
C:\Users\Janna\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\AutoLogger\AutoLogger.exe
D:\AutoLogger\AutoLogger\AV\AV_Z.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Janna\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Janna\AppData\Roaming\ACEStream\engine\ace_engine.exe
D:\AutoLogger\AutoLogger\RSIT\Janna_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {13D67BB7-DB5F-48AA-884D-7A5D94168509} - (no file)
O2 - BHO: PXCIEaddin6 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: PDF-XChange IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [f.lux] "C:\Users\Janna\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RunSwUSB - Unknown owner - C:\Windows\runSW.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\SysWOW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\SysWOW64\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8666 bytes

====== Список процессов ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\runSW.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SwUSB.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Users\Janna\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Total Commander\TOTALCMD64.EXE" 
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\System Explorer\SystemExplorer.exe" taskmgr.exe /3 
"C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://google.ru/"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://google.ru
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:79873
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.0.589455994\943117150" -childID 1 -isForBrowser -prefsHandle 1960 -prefMapHandle 2180 -prefsLen 1 -prefMapSize 230173 -parentBuildID 20200403064753 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 372 "\\.\pipe\gecko-crash-server-pipe.372" 2660 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.6.1244795876\1804542666" -childID 2 -isForBrowser -prefsHandle 2696 -prefMapHandle 2068 -prefsLen 269 -prefMapSize 230173 -parentBuildID 20200403064753 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 372 "\\.\pipe\gecko-crash-server-pipe.372" 3084 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.12.2069363498\1928971165" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3628 -prefsLen 6394 -prefMapSize 230173 -parentBuildID 20200403064753 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 372 "\\.\pipe\gecko-crash-server-pipe.372" 3568 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.18.1813925628\272886350" -childID 4 -isForBrowser -prefsHandle 3980 -prefMapHandle 3924 -prefsLen 7062 -prefMapSize 230173 -parentBuildID 20200403064753 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 372 "\\.\pipe\gecko-crash-server-pipe.372" 3992 tab
C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
\??\C:\Windows\system32\conhost.exe "2068397735936647806196778239911863036791068315857-72611951-3502629201702623409
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"D:\AutoLogger\AutoLogger.exe" 
"D:\AutoLogger\AutoLogger\AV\AV_Z.exe" Script=AV\GeneralScript.txt HiddenMode=0
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532 
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:14341
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.24.1943407795\1860272366" -childID 5 -isForBrowser -prefsHandle 4924 -prefMapHandle 3956 -prefsLen 7228 -prefMapSize 230173 -parentBuildID 20200403064753 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 372 "\\.\pipe\gecko-crash-server-pipe.372" 4596 tab
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1363035089-4254223843-2971312467-10004_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1363035089-4254223843-2971312467-10004 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"  "1"
C:\Users\Janna\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Users\Janna\AppData\Roaming\ACEStream\engine\ace_engine.exe --js-player
"D:\AutoLogger\AutoLogger\RSIT\RSITx64.exe" /silent /m3 /autolog /logfolder "D:\AutoLogger\AutoLogger\RSIT\Log" /hjtp "D:\AutoLogger\AutoLogger\RSIT\HiJackThis.exe" /rus 

====== Папка назначенных заданий ======

C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\WinKernel - C:\Windows\System32\WinKernel.exe /kernel
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Janna\AppData\Roaming\Mozilla\Firefox\Profiles\8eaah7cd.default-release

prefs.js - "browser.startup.homepage" -  "about:blank"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.465 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.181.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.465 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.181.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf]
"Description"=Handles PDF files in place in the browser
"Path"=C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Users\Janna\AppData\Roaming\Mozilla\Firefox\Profiles\8eaah7cd.default-release\extensions\
staged

C:\Users\Janna\AppData\Roaming\Mozilla\Firefox\Profiles\8eaah7cd.default-release\addons.json
uBlock Origin - extension - uBlock0@raymondhill.net
Ghostery – Privacy Ad Blocker - extension - firefox@ghostery.com
YouTube Video and Audio Downloader (WebEx) - extension - {f73df109-8fb4-453e-8373-f59e61ca4da3}
Disconnect - extension - 2.0@disconnect.me
Turn Off the Lights - extension - stefanvandamme@stefanvd.net
Browsec VPN - Free VPN for Firefox - extension - browsec@browsec.com
Русский словарь проверки орфографии - dictionary - ru@dictionaries.addons.mozilla.org
British English Dictionary (Marco Pinto) - dictionary - marcoagpinto@mail.telepac.pt
Free Download Manager official extension - extension - fdm_ffext2@freedownloadmanager.org
Summer-Garden - theme - {a257db5a-0f33-4b62-accb-807b871c1ce1}

C:\Users\Janna\AppData\Roaming\Mozilla\Firefox\Profiles\8eaah7cd.default-release\extensions.json
Summer-Garden - theme - {a257db5a-0f33-4b62-accb-807b871c1ce1} - 
Ace Script - extension - acewebextension_unlisted@acestream.org - 
Ace Script - extension - acewebextension_unlisted@acestream.org - 
Turn Off the Lights - extension - stefanvandamme@stefanvd.net - 
Russian spellchecking dictionary - dictionary - ru@dictionaries.addons.mozilla.org - 
Disconnect - extension - 2.0@disconnect.me - 
Form Autofill - extension - formautofill@mozilla.org - 
Firefox Screenshots - extension - screenshots@mozilla.org - 
WebCompat Reporter - extension - webcompat-reporter@mozilla.org - 
Web Compat - extension - webcompat@mozilla.org - 
DoH Roll-Out - extension - doh-rollout@mozilla.org - 
Default - theme - default-theme@mozilla.org - 
Dark - theme - firefox-compact-dark@mozilla.org - 
Light - theme - firefox-compact-light@mozilla.org - 
Google - extension - google@search.mozilla.org - 
Bing - extension - bing@search.mozilla.org - 
DuckDuckGo - extension - ddg@search.mozilla.org - 
Wikipedia (en) - extension - wikipedia@search.mozilla.org - 
Hotline - extension - hotline-ua@search.mozilla.org - 
Free Download Manager - extension - fdm_ffext2@freedownloadmanager.org - 
YouTube Video and Audio Downloader (Dev Edt.) - extension - {f73df109-8fb4-453e-8373-f59e61ca4da3} - 
Ghostery – Privacy Ad Blocker - extension - firefox@ghostery.com - 
Browsec VPN - Free VPN for Firefox - extension - browsec@browsec.com - 
British English Dictionary (Marco Pinto) - dictionary - marcoagpinto@mail.telepac.pt - 
uBlock Origin - extension - uBlock0@raymondhill.net - 

C:\Users\Janna\AppData\Roaming\Mozilla\Firefox\Profiles\8eaah7cd.default-release\pluginreg.dat

======Снимок реестра ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A}]
PDF-XChange IE Plugin - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x64.dll [2018-02-27 334592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15 885560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2020-07-16 582008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2020-07-16 245112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A}]
PDF-XChange IE Plugin - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll [2018-02-27 278272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15 760632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2020-07-16 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2020-07-16 194424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15 885560]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - PDF-XChange IE Plugin - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x64.dll [2018-02-27 334592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15 760632]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - PDF-XChange IE Plugin - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll [2018-02-27 278272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2018-07-15 163640]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-18 13657304]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-10-21 1360600]
"egui"=C:\Program Files\ESET\ESET Smart Security\ecmds.exe [2019-10-18 180736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\Janna\AppData\Local\FluxSoftware\Flux\flux.exe [2020-06-17 1469968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-03-28 1160408]
"Dolby Home Theater v4"=C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31 508656]
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2012-09-13 204136]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RManService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
"Debugger" = "C:\Program Files (x86)\System Explorer\SystemExplorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"msacm.lame"=lame.ax
"vidc.dvsd"=mcdvd_32.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"vidc.DIVX"=DivX.dll
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"vidc.LAGS"=lagarith.dll

====== Ассоциации файлов ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== Список файлов и папок, созданных за последние 3 месяца ======

2021-08-04 06:52:59 ----D---- C:\symbols
2021-08-04 06:43:22 ----D---- C:\Windows\Standalone System Sweeper
2021-08-03 17:47:31 ----N---- C:\bootsqm.dat
2021-07-03 22:12:18 ----D---- C:\Windows\system
2021-07-03 22:11:58 ----A---- C:\Windows\SYSWOW64\serivces.exe
2021-07-03 22:11:58 ----A---- C:\Windows\fonts\4744396.dll
2021-07-03 22:11:55 ----RSHD---- C:\Windows\fonts\sqlservr.exe
2021-07-03 22:11:54 ----H---- C:\Windows\fonts\dl1host.exe
2021-07-03 22:11:52 ----H---- C:\Windows\fonts\WinRing0x64.sys
2021-07-03 22:11:52 ----H---- C:\Windows\fonts\conhost.exe
2021-07-03 22:11:36 ----A---- C:\Windows\c64.exe
2021-07-03 22:10:43 ----A---- C:\ProgramData\temp5.exe
2021-07-03 21:46:23 ----SHD---- C:\Windows\McMwt
2021-07-03 21:46:23 ----SHD---- C:\ProgramData\Avg
2021-07-03 21:46:22 ----SHD---- C:\ProgramData\360TotalSecurity
2021-07-03 21:46:15 ----SHD---- C:\Program Files (x86)\Panda Security
2021-07-03 21:46:14 ----SHD---- C:\Program Files (x86)\GRIZZLY Antivirus
2021-07-03 21:46:14 ----D---- C:\ProgramData\Avira
2021-07-03 21:46:13 ----SHD---- C:\ProgramData\McAfee
2021-07-03 21:46:13 ----SHD---- C:\Program Files\Cezurity
2021-07-03 21:46:13 ----SHD---- C:\Program Files (x86)\Cezurity
2021-07-03 21:46:12 ----SHD---- C:\ProgramData\grizzly
2021-07-03 21:46:12 ----SHD---- C:\Program Files (x86)\Kaspersky Lab
2021-07-03 21:46:11 ----SHD---- C:\ProgramData\Kaspersky Lab Setup Files
2021-07-03 21:46:11 ----SHD---- C:\ProgramData\Kaspersky Lab
2021-07-03 21:46:11 ----SHD---- C:\Program Files\Kaspersky Lab
2021-07-03 21:46:10 ----SHD---- C:\ProgramData\Norton
2021-07-03 21:46:10 ----SHD---- C:\Program Files\AVG
2021-07-03 21:46:10 ----SHD---- C:\Program Files (x86)\AVG
2021-07-03 21:46:09 ----SHD---- C:\ProgramData\AVAST Software
2021-07-03 21:46:09 ----SHD---- C:\Program Files\AVAST Software
2021-07-03 21:46:09 ----SHD---- C:\Program Files (x86)\AVAST Software
2021-07-03 21:46:08 ----SHD---- C:\Program Files\SpyHunter
2021-07-03 21:46:08 ----SHD---- C:\Program Files\Enigma Software Group
2021-07-03 21:46:08 ----SHD---- C:\Program Files\COMODO
2021-07-03 21:46:07 ----SHD---- C:\Program Files\Malwarebytes
2021-07-03 21:46:07 ----SHD---- C:\Program Files (x86)\SpyHunter
2021-07-03 21:46:06 ----SHD---- C:\ProgramData\360safe
2021-07-03 21:46:06 ----SHD---- C:\Program Files (x86)\360
2021-07-03 21:46:05 ----SHD---- C:\Program Files\ByteFence
2021-07-03 21:46:05 ----SHD---- C:\KVRT_Data
2021-07-03 21:46:04 ----SHD---- C:\ProgramData\Driver Foundation Visions VHG
2021-07-03 21:46:04 ----SHD---- C:\AdwCleaner
2021-07-03 21:46:01 ----D---- C:\Windows\fonts\Mysql
2021-07-03 21:46:01 ----ASH---- C:\Windows\java.exe
2021-07-03 21:46:00 ----SHD---- C:\Program Files (x86)\Zaxar
2021-07-03 21:46:00 ----SHD---- C:\Program Files (x86)\Microsoft JDX
2021-07-03 21:46:00 ----D---- C:\Windows\speechstracing
2021-07-03 21:46:00 ----D---- C:\ProgramData\MB3Install
2021-07-03 21:46:00 ----D---- C:\ProgramData\Malwarebytes
2021-07-03 21:46:00 ----D---- C:\ProgramData\Indus
2021-07-03 21:45:54 ----SHD---- C:\Windows\NetworkDistribution
2021-07-03 21:45:53 ----ASH---- C:\Windows\svchost.exe
2021-07-03 21:45:53 ----ASH---- C:\Windows\boy.exe
2021-07-03 21:45:53 ----ASH---- C:\ProgramData\olly.exe
2021-07-03 21:45:53 ----ASH---- C:\ProgramData\lsass2.exe
2021-07-03 21:45:52 ----ASH---- C:\ProgramData\script.exe
2021-07-03 21:45:52 ----ASH---- C:\ProgramData\lsass.exe
2021-07-03 21:45:52 ----ASH---- C:\ProgramData\kz.exe
2021-07-03 21:45:51 ----SHD---- C:\Program Files\RDP Wrapper
2021-07-03 21:45:34 ----SHD---- C:\rdp
2021-07-03 21:45:32 ----ASH---- C:\Windows\SYSWOW64\drivers\conhost.exe
2021-07-03 21:45:13 ----SHD---- C:\Windows\SYSWOW64\%APPDATA%
2021-07-03 21:45:08 ----SHD---- C:\ProgramData\Windows
2021-07-03 21:45:06 ----SHD---- C:\ProgramData\WindowsTask
2021-07-03 21:45:06 ----SHD---- C:\ProgramData\RunDLL
2021-07-03 21:45:06 ----SHD---- C:\ProgramData\RealtekHD
2021-07-03 21:45:06 ----SHD---- C:\ProgramData\install
2021-07-03 21:45:06 ----D---- C:\ProgramData\System32
2021-07-03 21:09:09 ----SHD---- C:\Windows\system32\%APPDATA%
2021-07-01 14:21:32 ----SHD---- C:\ProgramData\ESET
2021-07-01 14:21:32 ----SHD---- C:\Program Files\ESET
2021-06-13 14:18:14 ----D---- C:\Program Files\gs
2021-06-13 14:00:17 ----A---- C:\Windows\gswin32.ini
2021-06-13 13:59:57 ----D---- C:\Program Files (x86)\gs
2021-05-12 18:26:43 ----D---- C:\Program Files (x86)\FBReader
2021-05-06 19:05:02 ----D---- C:\Program Files\paint.net
2021-05-06 18:39:53 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2021-05-06 18:39:53 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2021-05-06 18:35:42 ----D---- C:\Windows\Migration
2021-05-06 17:54:39 ----D---- C:\Users\Janna\AppData\Roaming\fitsliberator
2021-05-06 13:46:26 ----D---- C:\SAOImageDS9

====== Список файлов и папок, измененных за последние 3 месяца ======

2021-08-03 20:02:19 ----D---- C:\Users\Janna\AppData\Roaming\.ACEStream
2021-08-03 20:01:08 ----D---- C:\Windows\inf
2021-08-03 19:58:42 ----D---- C:\Windows\System32
2021-08-03 19:58:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2021-08-03 19:57:05 ----SHD---- C:\Windows\Installer
2021-08-03 19:57:05 ----SHD---- C:\Config.Msi
2021-08-03 19:54:20 ----SHD---- C:\Recovery
2021-08-03 19:54:20 ----D---- C:\Windows\system32\Recovery
2021-08-03 19:54:18 ----D---- C:\Windows\Temp
2021-08-03 19:54:18 ----D---- C:\Windows\system32\config
2021-08-03 19:54:17 ----D---- C:\Windows
2021-08-03 19:54:12 ----D---- C:\Windows\system32\drivers
2021-08-03 19:22:50 ----D---- C:\Windows\Fonts
2021-08-03 18:06:39 ----D---- C:\Program Files\Mozilla Firefox
2021-08-03 17:51:53 ----RD---- C:\Program Files
2021-08-02 09:03:32 ----D---- C:\Windows\system32\Tasks
2021-07-04 22:59:02 ----D---- C:\Windows\system32\LogFiles
2021-07-03 22:11:58 ----D---- C:\Windows\SysWOW64
2021-07-03 22:10:43 ----HD---- C:\ProgramData
2021-07-03 21:46:15 ----RD---- C:\Program Files (x86)
2021-07-03 21:46:01 ----SD---- C:\ProgramData\Microsoft
2021-07-03 21:46:01 ----D---- C:\Program Files\Common Files\System
2021-07-03 21:46:00 ----D---- C:\Program Files\Internet Explorer
2021-07-03 21:45:43 ----D---- C:\Windows\Prefetch
2021-07-03 21:45:32 ----D---- C:\Windows\SYSWOW64\drivers
2021-07-01 14:22:45 ----D---- C:\Windows\system32\DriverStore
2021-06-21 22:10:50 ----D---- C:\Users\Janna\AppData\Roaming\AIMP3
2021-06-20 19:19:55 ----SHD---- C:\System Volume Information
2021-06-13 13:36:36 ----D---- C:\ProgramData\VMware
2021-06-13 12:28:59 ----D---- C:\Users\Janna\AppData\Roaming\VMware
2021-05-15 19:14:51 ----D---- C:\Users\Janna\AppData\Roaming\avidemux
2021-05-12 18:51:13 ----D---- C:\Program Files\Ghostgum
2021-05-06 20:16:57 ----D---- C:\Windows\Microsoft.NET
2021-05-06 20:16:50 ----RSD---- C:\Windows\assembly
2021-05-06 18:39:54 ----D---- C:\Windows\winsxs
2021-05-06 18:37:09 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено) ======

R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2019-10-18 102464]
R0 iusb3hcs;Драйвер хост-контроллера и коммутатора Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2016-12-21 32272]
R0 oem-drv64;OEM-SLP2.1 Driver (HPD64); C:\Windows\system32\DRIVERS\oem-drv64.sys [2021-08-03 42496]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2016-09-30 106560]
R0 vsock;vSockets Virtual Machine Communication Interface Sockets driver; C:\Windows\system32\DRIVERS\vsock.sys [2016-09-30 93248]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2019-10-18 149144]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2019-10-18 189232]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2019-10-18 76896]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2019-10-18 61360]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2019-10-18 113336]
R1 vmkbd3;VMware Input Filter and Injection Driver (vmkbd); C:\Windows\system32\DRIVERS\vmkbd.sys [2017-06-19 52288]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2019-10-18 50488]
R2 hcmon;VMware hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [2017-02-20 83008]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2017-06-19 66520]
R2 VMnetUserif;VMware Virtual Ethernet Userif for VMnet; C:\Windows\system32\DRIVERS\vmnetuserif.sys [2017-06-19 43992]
R2 vmx86;VMware vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [2017-06-19 88504]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 285696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2013-08-05 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2013-08-05 94208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-06-17 941272]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-03-02 53816]
S3 ALSysIO;ALSysIO; \??\C:\Users\Janna\AppData\Local\Temp\ALSysIO64.sys []
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2016-01-14 108768]
S3 amdhub31;AMD USB3.1 Hub Service; C:\Windows\system32\drivers\amdhub31.sys [2016-02-26 141528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2016-01-14 229088]
S3 amdxhc31;AMD XHCI Service; C:\Windows\system32\drivers\amdxhc31.sys [2016-02-26 440536]
S3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\drivers\asmthub3.sys [2016-10-13 149888]
S3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2016-10-13 450944]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 E1G60;Драйвер адаптера Intel(R) PRO/1000 NDIS 6; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver; C:\Windows\System32\Drivers\EtronSTOR.sys [2014-02-12 39296]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\drivers\FLxHCIc.sys [2016-12-09 273392]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\drivers\FLxHCIh.sys [2016-12-09 88016]
S3 iusb3hub;Драйвер концентратора Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hub.sys [2016-11-29 410128]
S3 iusb3xhc;Драйвер расширяемого хост-контроллера Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3xhc.sys [2016-11-29 824336]
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
S3 LVUVC64;Logitech Webcam C210(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2012-08-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2012-08-27 226696]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2018-03-15 7715648]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\drivers\rusb3hub.sys [2012-08-27 114568]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\drivers\rusb3xhc.sys [2012-08-27 230280]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tihub3;TI USB3 Hub Service; C:\Windows\system32\drivers\tihub3.sys [2016-05-12 145904]
S3 tixhci;TI XHCI Service; C:\Windows\system32\drivers\tixhci.sys [2016-05-12 422392]
S3 TRIXX;TRIXX; \??\C:\Users\Janna\AppData\Local\Temp\TRIXX.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2017-06-19 46040]
S3 vmusb;VMware USB Client Driver; C:\Windows\system32\DRIVERS\vmusb.sys [2017-02-20 60480]
S3 VUSB3HUB;VIA USB 3 Root Hub Service; C:\Windows\system32\drivers\ViaHub3.sys [2015-08-20 221696]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2014-11-24 140672]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]

====== Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено) ======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 203264]
R2 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 RunSwUSB;RunSwUSB; C:\Windows\runSW.exe [2020-12-25 44760]
R3 SystemExplorerHelpService;System Explorer Service; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [2014-12-20 820960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2019-10-18 2433232]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-03-28 82640]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2019-10-18 2433232]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2017-06-19 99816]
S3 VMnetDHCP;VMware DHCP Service; C:\Windows\SysWOW64\vmnetdhcp.exe [2017-06-19 366568]
S3 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2017-02-20 915944]
S3 VMware NAT Service;VMware NAT Service; C:\Windows\SysWOW64\vmnat.exe [2017-06-19 400872]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]

-----------------EOF-----------------
