Při zapnutí ntb chrome s ruskou stránkou
Napsal: 07 úno 2018 16:48
od popcorn
Ahoj, mám problém, že pokaždé když zapnu notebook at se mi otevře chrome a vyjede tam nějaká ruská stránka, ta se ale nenačte, protože ji blokuje můj antivirus - používám McAfee
LOG Z HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:31:34 PM, on 2/7/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Users\MoonP\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://lenovo17win10.msn.com/?pc=LCTER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://lenovo17win10.msn.com/?pc=LCTER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ycAutoLaunch_090066D048A76F96F2ED698D931607CE] "C:\Users\MoonP\AppData\Local\yc\Application\yc.exe" /prefetch:5
O4 - HKCU\..\Run: [lsfflqseat] explorer "http://klakali.ru/?utm_source=uoua03&utm_content=d584e28cdf7e9dfb58097da935e3a560&utm_term=57CC17D2580C68F0CDA999C30262FD4C&utm_d=20180203"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote -
res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone:
http://help.eset.com (HKLM)
O15 - ESC Trusted Zone:
http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{caddd320-331b-473d-ba1d-b34d8572e02a}: NameServer = 35.177.46.238,46.101.28.31,82.202.226.203,213.46.172.37,213.46.172.36
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe
O23 - Service: Dolby DAX2 API Service (DAX2API) - Unknown owner - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: GameRecorderSVC - Lenovo(beijing) Limited - C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem12.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe
O23 - Service: @oem16.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Online Connect - Intel Corporation - C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
O23 - Service: Intel(R) Online Connect Helper - Intel Corporation - C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe
O23 - Service: Intel(R) Online Connect Software Asset Manager - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: Intel(R) Online Connect Access Legacy CS Loader (Intel(R) TechnologyAccessLegacyCSLoader) - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
O23 - Service: Intel(R) Online Connect Access (Intel(R) TechnologyAccessService) - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service: PluginLoaderSvc - Lenovo(beijing) Limited - C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 15043 bytes
Re: Při zapnutí ntb chrome s ruskou stránkou
Napsal: 11 úno 2018 10:09
od popcorn
LOG Z RogueKilleru
{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.12.3.0",
"x64": true,
"date": "Feb 5 2018",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.16299) 64 bits version",
"boot": 0,
"winpe": false,
"user": "MoonP",
"user_admin": true,
"program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "02/10/2018 12:08:27",
"duration": 2840,
"debug": false,
"count": 8,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 460,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 728,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 716,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 832,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 716,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 844,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 824,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 904,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 832,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 924,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 832,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 284,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -p -s PlugPlay",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "",
"pid": 424,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-40c36c79-f211-410f-bfbd-a34a6dbf872a -SystemEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-64dc6313-dbc2-48f3-bbe0-e5ea3ec6a494 -IoCancelEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-89d87acc-76fe-4a2b-b1cf-c20984b781c1 -NonStateChangingEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-fd967c78-c532-4d4d-809f-950d1d0d8939 -LifetimeId:b4cdff81-beae-4bfa-91d3-7248705ab6fa -DeviceGroupId:",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 596,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "",
"pid": 660,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 832,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 756,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 824,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "winlogon.exe",
"pid": 1064,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 756,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1076,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k rpcss -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1144,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -p -s LSM",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 1220,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 756,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1280,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s gpsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1292,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s lmhosts",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1364,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Schedule",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1392,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s NcbService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1408,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s ProfSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1416,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1544,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s UserManager",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1552,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s hidserv",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1588,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s EventLog",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1736,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s nsi",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1760,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "NVDisplay.Container.exe",
"name_parent": "",
"pid": 1844,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe\" -s NVDisplay.ContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NVDisplay.ContainerLocalSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\LocalSystem\" -r -p 30000",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1884,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s Dhcp",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1936,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s SysMain",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1944,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s EventSystem",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1952,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Themes",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 1200,
"path": "MemCompression",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "NVDisplay.Container.exe",
"name_parent": "NVDisplay.Container.exe",
"pid": 1860,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe\" -f \"C:\\ProgramData\\NVIDIA\\DisplaySessionContainer%d.log\" -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\Session\" -r -l 3 -p 30000 -c",
"pid_parent": 1844,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1932,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s SENS",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2092,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s NlaSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "igfxCUIService.exe",
"name_parent": "",
"pid": 2152,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxCUIService.exe",
"command_line": "C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxCUIService.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2188,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s Dnscache",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2248,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2256,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s FontCache",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2272,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s netprofm",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2400,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2476,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2496,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2524,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s SEMgrSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2612,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -p -s StateRepository",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2696,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2720,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s lfsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2728,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2784,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s fdPHost",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2808,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2088,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2128,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2488,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s ShellHWDetection",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 2804,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x38c",
"pid_parent": 2400,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 3108,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3208,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s LanmanWorkstation",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3324,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Winmgmt",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3484,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3492,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s CryptSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "IntelCpHDCPSvc.exe",
"name_parent": "",
"pid": 3500,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHDCPSvc.exe",
"command_line": "C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHDCPSvc.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3508,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -p -s DPS",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "OfficeClickToRun.exe",
"name_parent": "",
"pid": 3516,
"path": "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe",
"command_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe\" /service",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3528,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "ibtsiva.exe",
"name_parent": "",
"pid": 3548,
"path": "C:\\Windows\\System32\\ibtsiva.exe",
"command_line": "C:\\WINDOWS\\system32\\ibtsiva",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3556,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s IKEEXT",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.exe",
"name_parent": "",
"pid": 3576,
"path": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "LegacyCsLoaderService.exe",
"name_parent": "",
"pid": 3632,
"path": "C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\LegacyCsLoaderService.exe",
"command_line": "\"C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\LegacyCsLoaderService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "IntelTechnologyAccessService.exe",
"name_parent": "",
"pid": 3664,
"path": "C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\IntelTechnologyAccessService.exe",
"command_line": "\"C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\IntelTechnologyAccessService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3700,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s iphlpsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mfemms.exe",
"name_parent": "",
"pid": 3768,
"path": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfemms.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3780,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s LanmanServer",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "nvcontainer.exe",
"name_parent": "",
"pid": 3796,
"path": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -s NvContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NvContainerLocalSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\plugins\\LocalSystem\" -r -p 30000 -st \"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\NvContainerTelemetryApi.dll\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "NvTelemetryContainer.exe",
"name_parent": "",
"pid": 3828,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe\" -s NvTelemetryContainer -f \"C:\\ProgramData\\NVIDIA\\NvTelemetryContainer.log\" -l 3 -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\plugins\" -r",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "PluginLoaderSvc.exe",
"name_parent": "",
"pid": 3952,
"path": "C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\PluginLoaderSvc.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\PluginLoaderSvc.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3960,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s SstpSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SecurityHealthService.exe",
"name_parent": "",
"pid": 4000,
"path": "C:\\Windows\\System32\\SecurityHealthService.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4036,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SynTPEnhService.exe",
"name_parent": "",
"pid": 4060,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe",
"command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4084,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3244,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s WpnService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3452,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "MsMpEng.exe",
"name_parent": "",
"pid": 4296,
"path": "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.12.17007.18011-0\\MsMpEng.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4356,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s TapiSrv",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4372,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s WdiServiceHost",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "dasHost.exe",
"name_parent": "svchost.exe",
"pid": 4400,
"path": "C:\\Windows\\System32\\dasHost.exe",
"command_line": "dashost.exe {27492849-67ae-4a04-983fa70aae807146}",
"pid_parent": 3484,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "IntelCpHeciSvc.exe",
"name_parent": "",
"pid": 4688,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHeciSvc.exe",
"command_line": "C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHeciSvc.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 5020,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5124,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mfevtps.exe",
"name_parent": "mfemms.exe",
"pid": 5308,
"path": "C:\\Windows\\System32\\mfevtps.exe",
"command_line": "\"C:\\Windows\\system32\\mfevtps.exe\" -mms",
"pid_parent": 3768,
"path_parent": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5752,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
Re: Při zapnutí ntb chrome s ruskou stránkou
Napsal: 11 úno 2018 10:09
od popcorn
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5816,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6244,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Browser",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6252,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6724,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s CDPSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mfefire.exe",
"name_parent": "mfemms.exe",
"pid": 6796,
"path": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfefire.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfefire.exe\" -mms",
"pid_parent": 3768,
"path_parent": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"is_64": true
},
{
"name": "MMSSHOST.exe",
"name_parent": "mfemms.exe",
"pid": 6944,
"path": "C:\\Program Files\\Common Files\\mcafee\\MMSSHost\\MMSSHOST.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\MMSSHost\\MMSSHOST.EXE\" MMSCOM mmscom",
"pid_parent": 3768,
"path_parent": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5476,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s wlidsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "nvcontainer.exe",
"name_parent": "nvcontainer.exe",
"pid": 7120,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -f \"C:\\ProgramData\\NVIDIA\\NvContainerUser%dSPUser.log\" -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\plugins\\SPUser\" -r -l 3 -p 30000 -c",
"pid_parent": 3796,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"is_64": false
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 6684,
"path": "c:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 1544,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7140,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s CDPUserSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "PresentationFontCache.exe",
"name_parent": "",
"pid": 7192,
"path": "C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "nvcontainer.exe",
"name_parent": "nvcontainer.exe",
"pid": 7216,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -f \"C:\\ProgramData\\NVIDIA\\NvContainerUser%d.log\" -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\plugins\\User\" -r -l 3 -p 30000 -st \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\NvContainerTelemetryApi.dll\" -c",
"pid_parent": 3796,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7272,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s BDESVC",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7384,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7420,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s TokenBroker",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 7500,
"path": "c:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 1364,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "LenovoNerveCenterUpdateAgent.exe",
"name_parent": "svchost.exe",
"pid": 7672,
"path": "C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\LenovoNerveCenterUpdateAgent.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\LenovoNerveCenterUpdateAgent.exe\"",
"pid_parent": 1364,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "nvnodejslauncher.exe",
"name_parent": "svchost.exe",
"pid": 7692,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\nvnodejslauncher.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\nvnodejslauncher.exe\" --launcher=TaskScheduler",
"pid_parent": 1364,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7764,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "ctfmon.exe",
"name_parent": "svchost.exe",
"pid": 7892,
"path": "C:\\Windows\\System32\\ctfmon.exe",
"command_line": "\"ctfmon.exe\"",
"pid_parent": 7764,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SynTPEnh.exe",
"name_parent": "SynTPEnhService.exe",
"pid": 8100,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe",
"command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\"",
"pid_parent": 4060,
"path_parent": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe",
"is_64": true
},
{
"name": "ioc.exe",
"name_parent": "",
"pid": 8140,
"path": "C:\\Program Files\\Intel\\Intel(R) Online Connect\\ioc.exe",
"command_line": "\"C:\\Program Files\\Intel\\Intel(R) Online Connect\\ioc.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6424,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 8420,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 8272,
"path_parent": "",
"is_64": true
},
{
"name": "SynTPHelper.exe",
"name_parent": "",
"pid": 8584,
"path": "C:\\PROGRAM FILES\\SYNAPTICS\\SynTP\\SYNTPHELPER.EXE",
"command_line": "\"C:\\PROGRAM FILES\\SYNAPTICS\\SYNTP\\SYNTPHELPER.EXE\" ",
"pid_parent": 7292,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 8592,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NisSrv.exe",
"name_parent": "",
"pid": 8680,
"path": "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.12.17007.18011-0\\NisSrv.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 8972,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 9108,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "unsecapp.exe",
"name_parent": "svchost.exe",
"pid": 9140,
"path": "C:\\Windows\\System32\\wbem\\unsecapp.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\unsecapp.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 3572,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name 26078413-7a04-405a-a660-a1749c7f005c -runas -pluginName DolbyAudioPlugin -pluginVersion 1.2.227.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "igfxEM.exe",
"name_parent": "",
"pid": 4772,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxEM.exe",
"command_line": "\"C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxEM.exe\" ",
"pid_parent": 1616,
"path_parent": "",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 8656,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name 63ff25fb-9d5a-41eb-a373-b169fc3a937e -runas -pluginName LenovoAppScenarioPlugin -pluginVersion 1.2.177.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 9280,
"path": "C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name a2be9447-ccd7-4f1f-8aa2-3949843fa08b -runas -pluginName GenericDisplayPlugin -pluginVersion 1.2.159.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": false
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 10092,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "DolbyDAX2API.exe",
"name_parent": "",
"pid": 9272,
"path": "C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_API\\DolbyDAX2API.exe",
"command_line": "\"C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_API\\DolbyDAX2API.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 9556,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 9776,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "jhi_service.exe",
"name_parent": "",
"pid": 10160,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 7728,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RemindersServer.exe",
"name_parent": "svchost.exe",
"pid": 10376,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\RemindersServer.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\RemindersServer.exe\" -ServerName:RemindersServer",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 10400,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 10464,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 11064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SettingSyncHost.exe",
"name_parent": "svchost.exe",
"pid": 984,
"path": "C:\\Windows\\System32\\SettingSyncHost.exe",
"command_line": "C:\\WINDOWS\\system32\\SettingSyncHost.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 2556,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 2336,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 4056,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 11012,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "Video.UI.exe",
"name_parent": "svchost.exe",
"pid": 11240,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\\Video.UI.exe",
"command_line": "",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 9064,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXass2jm06pp1n7aktd4dcj305y31qrc54.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 7468,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchProtocolHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 11692,
"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe1_ Global\\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ",
"pid_parent": 10464,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "utility.exe",
"name_parent": "Explorer.EXE",
"pid": 11796,
"path": "C:\\Program Files\\Lenovo\\LenovoUtility\\utility.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\LenovoUtility\\utility.exe\" ",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "SearchFilterHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 11972,
"path": "C:\\Windows\\System32\\SearchFilterHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchFilterHost.exe\" 0 724 740 752 8192 748 ",
"pid_parent": 10464,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "RAVCpl64.exe",
"name_parent": "Explorer.EXE",
"pid": 11996,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "Explorer.EXE",
"pid": 12032,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /FORPCEE4",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 12144,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "Explorer.EXE",
"pid": 12172,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /LENOVO_DOLBYDRAGON",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "Explorer.EXE",
"pid": 12284,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /LENOVO_MICPKEY",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "DolbyDAX2TrayIcon.exe",
"name_parent": "Explorer.EXE",
"pid": 11356,
"path": "C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_APP\\DolbyDAX2TrayIcon.exe",
"command_line": "\"C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_APP\\DolbyDAX2TrayIcon.exe\" -Hide",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 10580,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "jusched.exe",
"name_parent": "",
"pid": 7656,
"path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" ",
"pid_parent": 9124,
"path_parent": "",
"is_64": false
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 8696,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name 0aba9867-d073-4031-a75c-7239593dc75e -runas -pluginName LenovoAppPromotionPlugin -pluginVersion 1.2.100.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 12228,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name c005a79c-8c02-494b-85bd-6d17ef2e7c36 -runas -pluginName LenovoSettingsAppPlugin -pluginVersion 1.2.129.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.Device.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 12244,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.Device.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.Device.exe\" -name 2a8187b2-c7a5-41df-bb2c-b496cf154719 -runas SYSTEM -pluginName LenovoAuthenticationPlugin -pluginVersion 1.2.88.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.Device.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 9504,
"path": "C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.Device.exe",
"command_line": "-name 7a50bb66-842f-4f0b-acd3-7c3e7a00f972 -runas -pluginName LenovoDeviceMetricsPlugin -pluginVersion 2.7.1.4",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": false
},
{
"name": "Lenovo.Modern.ImController.PluginHost.CompanionApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 1248,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe",
"command_line": "-name b44f6e51-9eac-4d04-bde8-ede0f7966970 -runas -pluginName LenovoContextEnginePlugin -pluginVersion 2.0.1.1",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "SkypeHost.exe",
"name_parent": "svchost.exe",
"pid": 12384,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\\SkypeHost.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 12400,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s BITS",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},