[*** System Idle Process ***]


[*** System ***]


[*** smss.exe ***]
CommandLine = \SystemRoot\System32\smss.exe


[*** csrss.exe ***]
CommandLine = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
ExecutablePath = C:\Windows\system32\csrss.exe
Version = 
Time = 14.07.2009 05:39:02


[*** wininit.exe ***]
CommandLine = wininit.exe
ExecutablePath = C:\Windows\system32\wininit.exe
Version = 
Time = 14.07.2009 05:39:52


[*** csrss.exe ***]
CommandLine = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
ExecutablePath = C:\Windows\system32\csrss.exe
Version = 
Time = 14.07.2009 05:39:02


[*** services.exe ***]
CommandLine = C:\Windows\system32\services.exe
ExecutablePath = C:\Windows\system32\services.exe
Version = 
Time = 13.04.2015 06:28:33


[*** winlogon.exe ***]
CommandLine = winlogon.exe
ExecutablePath = C:\Windows\system32\winlogon.exe
Version = 
Time = 17.07.2014 06:07:24


[*** lsass.exe ***]
CommandLine = C:\Windows\system32\lsass.exe
ExecutablePath = C:\Windows\system32\lsass.exe
Version = 
Time = 12.05.2016 17:57:27


[*** lsm.exe ***]
CommandLine = C:\Windows\system32\lsm.exe
ExecutablePath = C:\Windows\system32\lsm.exe
Version = 
Time = 21.11.2010 06:23:53


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k DcomLaunch
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k RPCSS
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** svchost.exe ***]
CommandLine = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
ExecutablePath = C:\Windows\System32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** svchost.exe ***]
CommandLine = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
ExecutablePath = C:\Windows\System32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k LocalService
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k netsvcs
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** igfxCUIService.exe ***]
CommandLine = C:\Windows\system32\igfxCUIService.exe
ExecutablePath = C:\Windows\system32\igfxCUIService.exe
Version = 
Time = 09.04.2014 06:03:39


[*** dwm.exe ***]
CommandLine = "C:\Windows\system32\Dwm.exe"
ExecutablePath = C:\Windows\system32\Dwm.exe
Version = 
Time = 14.07.2009 05:39:08


[*** spoolsv.exe ***]
CommandLine = C:\Windows\System32\spoolsv.exe
ExecutablePath = C:\Windows\System32\spoolsv.exe
Version = 
Time = 11.02.2012 10:36:02


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** svchost.exe ***]
CommandLine = C:\Windows\System32\svchost.exe -k utcsvc
ExecutablePath = C:\Windows\System32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** explorer.exe ***]
CommandLine = C:\Windows\Explorer.EXE
ExecutablePath = C:\Windows\Explorer.EXE
Version = 
Time = 09.04.2016 08:53:40


[*** RAVCpl64.exe ***]
CommandLine = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
ExecutablePath = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Version = 
Time = 14.03.2014 13:26:00


[*** taskhost.exe ***]
CommandLine = "taskhost.exe"
ExecutablePath = C:\Windows\system32\taskhost.exe
Version = 
Time = 23.11.2012 07:13:57


[*** tvnserver.exe ***]
CommandLine = "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
ExecutablePath = C:\Program Files\TightVNC\tvnserver.exe
Version = 
Time = 19.07.2013 13:21:14


[*** HeciServer.exe ***]
CommandLine = "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
ExecutablePath = C:\Program Files\Intel\iCLS Client\HeciServer.exe
Version = 1.31.8.1 sys_sysscbld
Time = 27.08.2013 14:32:14


[*** TCPSVCS.EXE ***]
CommandLine = C:\Windows\System32\tcpsvcs.exe
ExecutablePath = C:\Windows\System32\tcpsvcs.exe
Version = 
Time = 14.07.2009 05:39:47


[*** snmp.exe ***]
CommandLine = C:\Windows\System32\snmp.exe
ExecutablePath = C:\Windows\System32\snmp.exe
Version = 
Time = 21.11.2010 06:24:51


[*** TeamViewer_Service.exe ***]
CommandLine = "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
ExecutablePath = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Version = 
Time = 11.09.2015 18:34:16


[*** tvnserver.exe ***]
CommandLine = "C:\Program Files\TightVNC\tvnserver.exe" -service
ExecutablePath = C:\Program Files\TightVNC\tvnserver.exe
Version = 
Time = 19.07.2013 13:21:14


[*** iusb3mon.exe ***]
CommandLine = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" 
ExecutablePath = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
Version = 
Time = 21.02.2014 09:56:54


[*** reinstall_svc.exe ***]
CommandLine = "C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe"
ExecutablePath = C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
Version = 
Time = 12.12.2011 12:20:12


[*** SearchIndexer.exe ***]
CommandLine = C:\Windows\system32\SearchIndexer.exe /Embedding
ExecutablePath = C:\Windows\system32\SearchIndexer.exe
Version = 
Time = 04.05.2011 09:19:28


[*** PresentationFontCache.exe ***]
CommandLine = C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
ExecutablePath = C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Version = 
Time = 21.11.2010 06:24:52


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** igfxHK.exe ***]
CommandLine = igfxHK.exe 
ExecutablePath = C:\Windows\system32\igfxHK.exe
Version = 
Time = 09.04.2014 06:03:43


[*** igfxTray.exe ***]
CommandLine = igfxTray.exe 
ExecutablePath = C:\Windows\system32\igfxTray.exe
Version = 
Time = 09.04.2014 06:03:44


[*** svchost.exe ***]
CommandLine = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ExecutablePath = C:\Windows\system32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** igfxEM.exe ***]
CommandLine = "C:\Windows\system32\igfxEM.exe" -Embedding
ExecutablePath = C:\Windows\system32\igfxEM.exe
Version = 
Time = 09.04.2014 06:03:40


[*** wmpnetwk.exe ***]
CommandLine = "C:\Program Files\Windows Media Player\wmpnetwk.exe"
ExecutablePath = C:\Program Files\Windows Media Player\wmpnetwk.exe
Version = 
Time = 21.11.2010 06:25:05


[*** TeamViewer.exe ***]
CommandLine = "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
ExecutablePath = C:\Program Files (x86)\TeamViewer\TeamViewer.exe
Version = 
Time = 11.09.2015 18:34:16


[*** tv_w32.exe ***]
CommandLine = "C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log  
ExecutablePath = C:\Program Files (x86)\TeamViewer\tv_w32.exe
Version = 
Time = 11.09.2015 18:22:54


[*** tv_x64.exe ***]
CommandLine = "C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log  
ExecutablePath = C:\Program Files (x86)\TeamViewer\tv_x64.exe
Version = 
Time = 11.09.2015 18:22:55


[*** IAStorIcon.exe ***]
CommandLine = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
ExecutablePath = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Version = 
Time = 11.04.2014 09:31:06


[*** IAStorDataMgrSvc.exe ***]
CommandLine = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
ExecutablePath = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Version = 
Time = 11.04.2014 09:31:04


[*** jhi_service.exe ***]
CommandLine = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
ExecutablePath = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
Version = 
Time = 16.09.2013 12:17:42


[*** LMS.exe ***]
CommandLine = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
ExecutablePath = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Version = 9.5.10.1628
Time = 16.09.2013 12:18:28


[*** svchost.exe ***]
CommandLine = C:\Windows\System32\svchost.exe -k secsvcs
ExecutablePath = C:\Windows\System32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** taskhost.exe ***]
CommandLine = "taskhost.exe"
ExecutablePath = C:\Windows\system32\taskhost.exe
Version = 
Time = 23.11.2012 07:13:57


[*** svchost.exe ***]
CommandLine = C:\Windows\System32\svchost.exe -k NetworkService
ExecutablePath = C:\Windows\System32\svchost.exe
Version = 
Time = 14.07.2009 05:39:46


[*** csrss.exe ***]
CommandLine = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
ExecutablePath = C:\Windows\system32\csrss.exe
Version = 
Time = 14.07.2009 05:39:02


[*** winlogon.exe ***]
CommandLine = winlogon.exe
ExecutablePath = C:\Windows\system32\winlogon.exe
Version = 
Time = 17.07.2014 06:07:24


[*** taskhost.exe ***]
CommandLine = "taskhost.exe"
ExecutablePath = C:\Windows\system32\taskhost.exe
Version = 
Time = 23.11.2012 07:13:57


[*** rdpclip.exe ***]
CommandLine = rdpclip
ExecutablePath = C:\Windows\System32\rdpclip.exe
Version = 
Time = 17.03.2017 14:21:54


[*** dwm.exe ***]
CommandLine = "C:\Windows\system32\Dwm.exe"
ExecutablePath = C:\Windows\system32\Dwm.exe
Version = 
Time = 14.07.2009 05:39:08


[*** explorer.exe ***]
CommandLine = C:\Windows\Explorer.EXE
ExecutablePath = C:\Windows\Explorer.EXE
Version = 
Time = 09.04.2016 08:53:40


[*** RAVCpl64.exe ***]
CommandLine = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
ExecutablePath = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Version = 
Time = 14.03.2014 13:26:00


[*** tvnserver.exe ***]
CommandLine = "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
ExecutablePath = C:\Program Files\TightVNC\tvnserver.exe
Version = 
Time = 19.07.2013 13:21:14


[*** iusb3mon.exe ***]
CommandLine = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" 
ExecutablePath = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
Version = 
Time = 21.02.2014 09:56:54


[*** IAStorIcon.exe ***]
CommandLine = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
ExecutablePath = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Version = 
Time = 11.04.2014 09:31:06


[*** kernel.exe ***]
CommandLine = "C:\Program Files\DevLine\Line\kernel.exe" /i /Service
ExecutablePath = C:\Program Files\DevLine\Line\kernel.exe
Version = 7.3.1_x64
Time = 17.01.2017 09:25:46


[*** dumper.exe ***]
CommandLine = -e 444
ExecutablePath = C:\Program Files\DevLine\Line\dumper.exe
Version = 
Time = 17.01.2017 09:06:08


[*** observer.exe ***]
CommandLine = "C:\Program Files\DevLine\Line\observer.exe" 
ExecutablePath = C:\Program Files\DevLine\Line\observer.exe
Version = 7.3.1_x64
Time = 17.01.2017 09:27:32


[*** dumper.exe ***]
CommandLine = -e 664
ExecutablePath = C:\Program Files\DevLine\Line\dumper.exe
Version = 
Time = 17.01.2017 09:06:08


[*** iexplore.exe ***]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" 
ExecutablePath = C:\Program Files\Internet Explorer\iexplore.exe
Version = 
Time = 24.05.2016 02:37:53


[*** iexplore.exe ***]
CommandLine = "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3776 CREDAT:275457 /prefetch:2
ExecutablePath = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Version = 
Time = 24.05.2016 01:54:22


[*** observer.exe ***]
CommandLine = "C:\Program Files\DevLine\Line\observer.exe" -m
ExecutablePath = C:\Program Files\DevLine\Line\observer.exe
Version = 7.3.1_x64
Time = 17.01.2017 09:27:32


[*** observer.exe ***]
CommandLine = observer.exe  -c 2
ExecutablePath = C:\Program Files\DevLine\Line\observer.exe
Version = 7.3.1_x64
Time = 17.01.2017 09:27:32


[*** dumper.exe ***]
CommandLine = -e 608
ExecutablePath = C:\Program Files\DevLine\Line\dumper.exe
Version = 
Time = 17.01.2017 09:06:08


[*** observer.exe ***]
CommandLine = "C:\Program Files\DevLine\Line\observer.exe" 
ExecutablePath = C:\Program Files\DevLine\Line\observer.exe
Version = 7.3.1_x64
Time = 17.01.2017 09:27:32


[*** taskeng.exe ***]
CommandLine = taskeng.exe {51C2F074-2468-4047-9899-C7B68E259D75}
ExecutablePath = C:\Windows\system32\taskeng.exe
Version = 
Time = 21.11.2010 06:24:27


[*** observer.exe ***]
CommandLine = "C:\Program Files\DevLine\Line\observer.exe" 
ExecutablePath = C:\Program Files\DevLine\Line\observer.exe
Version = 7.3.1_x64
Time = 17.01.2017 09:27:32


[*** taskmgr.exe ***]
CommandLine = "C:\Windows\system32\taskmgr.exe" /4
ExecutablePath = C:\Windows\system32\taskmgr.exe
Version = 
Time = 21.11.2010 06:24:24


[*** LiniaSysInfo.exe ***]
CommandLine = "C:\Program Files\DevLine\Line\LiniaSysInfo.exe" 
ExecutablePath = C:\Program Files\DevLine\Line\LiniaSysInfo.exe
Version = 
Time = 17.01.2017 09:07:48


[*** WmiPrvSE.exe ***]
CommandLine = C:\Windows\system32\wbem\wmiprvse.exe
ExecutablePath = C:\Windows\system32\wbem\wmiprvse.exe
Version = 
Time = 21.11.2010 06:24:15


[*** MpCmdRun.exe ***]
CommandLine = "c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey C1D7F6C5-7146-4289-6539-5AC577D0A7C3 -Reinvoke
ExecutablePath = c:\program files\windows defender\MpCmdRun.exe
Version = 
Time = 14.07.2009 05:39:20


[*** WmiPrvSE.exe ***]
CommandLine = C:\Windows\system32\wbem\wmiprvse.exe
ExecutablePath = C:\Windows\system32\wbem\wmiprvse.exe
Version = 
Time = 21.11.2010 06:24:15


[*** perfmon.exe ***]
CommandLine = "C:\Windows\System32\perfmon.exe" /res
ExecutablePath = C:\Windows\System32\perfmon.exe
Version = 
Time = 21.11.2010 06:24:19


