Prosím o kontrolu logu předem děkuji.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [OneDrive] "C:\Users\jiří\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/s ... tor/sw.cab
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @oem16.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 10743 bytes
======Listing Processes======
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe"
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\windows\system32\CxAudMsg64.exe
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe" --
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe"
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\windows\SysWOW64\SAsrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe"
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-966e08c7-51ce-4ded-b0f8-13489989c850 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-74f8a6a3-3e85-43f7-a781-f830ff7c3140 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-942c32ef-b409-4f1a-bce9-86728c3cc4ba -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-10f62942-c342-48c2-bfa5-31e1ff19dbaf -LifetimeId:90d3222b-4b0e-4dd9-998f-eded6e8c102e -DeviceGroupId:WudfDefaultDevicePool
dashost.exe {919ca037-d9c2-477c-8081ce55ea886012}
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
"C:\Program Files\rempl\sedlauncher.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
"C:\Program Files\rempl\sedsvc.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
igfxHK.exe
igfxTray.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
"C:\WINDOWS\system32\igfxEM.exe" -Embedding
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"ctfmon.exe"
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Users\jiří\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
adb fork-server server
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 748 752 760 8192 756
C:\WINDOWS\system32\AUDIODG.EXE 0x478
"C:\Users\jiří\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Safe Web - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-11-22 131064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Safe Web - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-11-22 115192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26 255088]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Safe Web - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-11-22 131064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26 193136]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Safe Web - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-11-22 115192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2015-06-16 5060864]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-09-19 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-19 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-09-19 10841584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-27 3945672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-29 53282944]
"OneDrive"=C:\Users\jiří\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2019-02-27 1506912]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2018-09-19 18594760]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PSUAMain"=C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [2017-02-22 141760]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"MaxGPOScriptWait"=600
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2019-02-27 17:55:37 ----D---- C:\Program Files\trend micro
2019-02-27 17:55:36 ----D---- C:\rsit
2019-02-27 17:42:34 ----HD---- C:\OneDriveTemp
2019-02-12 21:36:45 ----D---- C:\WINDOWS\Minidump
2019-02-12 20:05:46 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-12 20:05:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-12 20:05:38 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-02-12 20:05:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-02-12 20:05:21 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2019-02-12 20:05:21 ----A---- C:\WINDOWS\system32\sppsvc.exe
2019-02-12 20:05:20 ----A---- C:\WINDOWS\system32\wininet.dll
2019-02-12 20:05:18 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-02-12 20:05:15 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-02-12 20:05:14 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-02-12 20:05:12 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-02-12 20:05:11 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-02-12 20:05:11 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-12 20:05:09 ----A---- C:\WINDOWS\system32\cdp.dll
2019-02-12 20:05:08 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-12 20:05:06 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-12 20:05:05 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-02-12 20:05:03 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-02-12 20:05:01 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-02-12 20:05:00 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-12 20:05:00 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-02-12 20:04:59 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-12 20:04:59 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-02-12 20:04:58 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-02-12 20:04:56 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2019-02-12 20:04:53 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-02-12 20:04:50 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2019-02-12 20:04:49 ----A---- C:\WINDOWS\system32\mfcore.dll
2019-02-12 20:04:49 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-02-12 20:04:48 ----A---- C:\WINDOWS\system32\msxml6.dll
2019-02-12 20:04:47 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-02-12 20:04:47 ----A---- C:\WINDOWS\system32\smartscreen.exe
2019-02-12 20:04:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-02-12 20:04:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2019-02-12 20:04:44 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-12 20:04:44 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-12 20:04:43 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-02-12 20:04:41 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-02-12 20:04:38 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2019-02-12 20:04:38 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-02-12 20:04:37 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2019-02-12 20:04:37 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-02-12 20:04:37 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-02-12 20:04:36 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-02-12 20:04:36 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-12 20:04:36 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2019-02-12 20:04:35 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2019-02-12 20:04:35 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-02-12 20:04:35 ----A---- C:\WINDOWS\system32\ntdll.dll
2019-02-12 20:04:34 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-12 20:04:34 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-02-12 20:04:33 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-02-12 20:04:33 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-12 20:04:32 ----A---- C:\WINDOWS\SYSWOW64\msrd3x40.dll
2019-02-12 20:04:32 ----A---- C:\WINDOWS\system32\winhttp.dll
2019-02-12 20:04:32 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-12 20:04:32 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2019-02-12 20:04:32 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-12 20:04:31 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-02-12 20:04:31 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-12 20:04:31 ----A---- C:\WINDOWS\system32\kernel32.dll
2019-02-12 20:04:30 ----A---- C:\WINDOWS\system32\svchost.exe
2019-02-12 20:04:30 ----A---- C:\WINDOWS\system32\StorSvc.dll
2019-02-12 20:04:30 ----A---- C:\WINDOWS\system32\rmclient.dll
2019-02-12 20:04:27 ----A---- C:\WINDOWS\system32\oleaut32.dll
2019-02-12 20:04:27 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-02-12 20:04:25 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2019-02-12 20:04:25 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-02-12 20:04:25 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-02-12 20:04:24 ----A---- C:\WINDOWS\SYSWOW64\svchost.exe
2019-02-12 20:04:24 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2019-02-12 20:04:24 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2019-02-12 20:04:22 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2019-02-12 20:04:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2019-02-12 20:04:20 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-02-12 20:04:20 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2019-02-12 20:04:19 ----A---- C:\WINDOWS\system32\netprofmsvc.dll
2019-02-12 20:04:19 ----A---- C:\WINDOWS\system32\msi.dll
2019-02-12 20:04:19 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2019-02-12 20:04:18 ----A---- C:\WINDOWS\system32\winload.exe
2019-02-12 20:04:16 ----A---- C:\WINDOWS\SYSWOW64\msrd2x40.dll
2019-02-12 20:04:16 ----A---- C:\WINDOWS\system32\wldp.dll
2019-02-12 20:04:16 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-12 20:04:15 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2019-02-12 20:04:15 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2019-02-12 20:04:15 ----A---- C:\WINDOWS\system32\winresume.exe
2019-02-12 20:04:15 ----A---- C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 20:04:15 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-02-12 20:04:14 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2019-02-12 20:04:14 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-02-12 20:04:14 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2019-02-12 20:04:14 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2019-02-12 20:04:14 ----A---- C:\WINDOWS\system32\browserbroker.dll
2019-02-12 20:04:14 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-12 20:04:14 ----A---- C:\WINDOWS\system32\acmigration.dll
2019-02-12 20:04:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-12 20:04:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 20:04:13 ----A---- C:\WINDOWS\system32\wintrust.dll
2019-02-12 20:04:13 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2019-02-12 20:04:12 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2019-02-12 20:04:12 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-02-12 20:04:12 ----A---- C:\WINDOWS\system32\mfps.dll
2019-02-12 20:04:11 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2019-02-12 20:04:11 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2019-02-12 20:04:11 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2019-02-12 20:04:11 ----A---- C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-12 20:04:10 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-02-12 20:04:09 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-02-12 20:04:09 ----A---- C:\WINDOWS\system32\drivers\srvnet.sys
2019-02-12 20:04:09 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2019-02-12 20:04:09 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2019-02-12 20:04:08 ----A---- C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-12 20:04:08 ----A---- C:\WINDOWS\system32\hal.dll
2019-02-12 20:04:08 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2019-02-12 20:04:08 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2019-02-12 20:04:08 ----A---- C:\WINDOWS\HelpPane.exe
2019-02-12 20:04:07 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2019-02-12 20:04:07 ----A---- C:\WINDOWS\system32\drivers\spacedump.sys
2019-02-12 20:04:07 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-02-12 20:04:06 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2019-02-12 20:04:05 ----A---- C:\WINDOWS\system32\wuuhext.dll
2019-02-12 20:04:05 ----A---- C:\WINDOWS\system32\smss.exe
2019-02-12 20:04:05 ----A---- C:\WINDOWS\system32\mf3216.dll
2019-02-12 20:04:05 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-02-12 20:04:05 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2019-02-12 20:04:05 ----A---- C:\WINDOWS\system32\drivers\exfat.sys
2019-02-12 20:04:04 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-02-12 20:04:04 ----A---- C:\WINDOWS\SYSWOW64\NtlmShared.dll
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\NtlmShared.dll
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\npmproxy.dll
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2019-02-12 20:04:04 ----A---- C:\WINDOWS\system32\browser_broker.exe
2019-02-12 20:04:03 ----A---- C:\WINDOWS\SYSWOW64\spacebridge.dll
2019-02-12 20:04:03 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-12 20:04:03 ----A---- C:\WINDOWS\system32\spacebridge.dll
2019-02-12 20:04:03 ----A---- C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\SYSWOW64\npmproxy.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\SYSWOW64\msjet40.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\SYSWOW64\CapabilityAccessManagerClient.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\system32\smartscreenps.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-12 20:04:02 ----A---- C:\WINDOWS\system32\itss.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\SYSWOW64\srpapi.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\SYSWOW64\smartscreenps.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\SYSWOW64\itss.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\system32\srpapi.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2019-02-12 20:04:01 ----A---- C:\WINDOWS\system32\drivers\udfs.sys
2019-02-12 20:04:01 ----A---- C:\WINDOWS\system32\drivers\cdfs.sys
2019-02-12 20:04:00 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2019-02-12 20:04:00 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-12 20:03:59 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2019-02-12 20:03:59 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2019-02-12 20:03:59 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2019-02-12 20:03:59 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
======List of files/folders modified in the last 1 month======
2019-02-27 17:55:37 ----RD---- C:\Program Files
2019-02-27 17:51:19 ----D---- C:\WINDOWS\Temp
2019-02-27 17:48:28 ----D---- C:\Users\jiří\AppData\Roaming\Skype
2019-02-27 17:40:38 ----D---- C:\WINDOWS\system32\sru
2019-02-27 17:40:11 ----D---- C:\WINDOWS\system32\SleepStudy
2019-02-27 17:40:11 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-02-27 17:33:16 ----D---- C:\WINDOWS\Prefetch
2019-02-27 17:24:20 ----D---- C:\WINDOWS\system32\Tasks
2019-02-27 17:17:29 ----D---- C:\WINDOWS\system32\LogFiles
2019-02-27 17:16:10 ----D---- C:\WINDOWS\AppReadiness
2019-02-27 17:14:02 ----AD---- C:\Program Files\Panda Security URL Filtering
2019-02-26 21:49:44 ----D---- C:\WINDOWS\system32\drivers
2019-02-26 21:49:18 ----D---- C:\Windows
2019-02-26 18:55:52 ----D---- C:\WINDOWS\INF
2019-02-26 18:44:52 ----HD---- C:\Program Files\WindowsApps
2019-02-26 18:40:53 ----D---- C:\WINDOWS\system32\drivers\wd
2019-02-26 18:40:29 ----RD---- C:\Program Files\Windows Defender
2019-02-26 18:39:16 ----D---- C:\WINDOWS\debug
2019-02-26 18:30:18 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2019-02-25 19:45:21 ----D---- C:\WINDOWS\Logs
2019-02-25 11:10:34 ----RD---- C:\WINDOWS\Microsoft.NET
2019-02-22 18:25:42 ----D---- C:\WINDOWS\system32\catroot2
2019-02-22 18:25:40 ----SHD---- C:\System Volume Information
2019-02-21 18:03:14 ----D---- C:\WINDOWS\SoftwareDistribution
2019-02-21 15:18:59 ----D---- C:\WINDOWS\System32
2019-02-21 15:18:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-19 21:13:35 ----D---- C:\WINDOWS\system32\config
2019-02-18 20:30:59 ----D---- C:\WINDOWS\WinSxS
2019-02-17 11:32:46 ----D---- C:\WINDOWS\system32\NDF
2019-02-15 19:05:40 ----SHD---- C:\WINDOWS\Installer
2019-02-15 19:05:36 ----D---- C:\Program Files\rempl
2019-02-14 18:38:03 ----RSD---- C:\WINDOWS\assembly
2019-02-12 21:17:03 ----D---- C:\WINDOWS\SysWOW64
2019-02-12 21:16:38 ----D---- C:\WINDOWS\system32\DriverStore
2019-02-12 21:15:27 ----AD---- C:\Program Files\CCleaner
2019-02-12 21:12:58 ----SD---- C:\WINDOWS\SYSWOW64\F12
2019-02-12 21:12:58 ----D---- C:\WINDOWS\TextInput
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\en-US
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-02-12 21:12:58 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-02-12 21:12:57 ----SD---- C:\WINDOWS\system32\F12
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\zu-ZA
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\yo-NG
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\xh-ZA
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\wo-SN
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\tn-ZA
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\ti-ET
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\rw-RW
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\nso-ZA
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\migration
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\ig-NG
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\en-US
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\drivers\UMDF
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\cs-CZ
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\Boot
2019-02-12 21:12:57 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-02-12 21:12:53 ----D---- C:\WINDOWS\ShellExperiences
2019-02-12 21:12:52 ----D---- C:\WINDOWS\bcastdvr
2019-02-12 21:12:52 ----D---- C:\WINDOWS\apppatch
2019-02-12 21:12:52 ----D---- C:\Program Files\internet explorer
2019-02-12 21:12:52 ----D---- C:\Program Files (x86)\Internet Explorer
2019-02-12 20:17:22 ----D---- C:\WINDOWS\CbsTemp
2019-02-12 20:01:57 ----D---- C:\WINDOWS\system32\MRT
2019-02-12 19:42:56 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-02-08 16:46:50 ----D---- C:\ProgramData\Packages
2019-02-03 18:42:33 ----D---- C:\ProgramData\panda_url_filtering
2019-02-02 23:53:16 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MBI;@oem56.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2013-10-10 29464]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R1 NNSALPC;NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [2017-02-08 107488]
R1 NNSHTTP;NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [2016-07-05 211376]
R1 NNSHTTPS;NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [2017-02-08 121312]
R1 NNSIDS;NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [2016-07-05 125872]
R1 NNSNAHSL;@oem14.inf,%NNSNAHSL_Desc%;Network Activity Hook Server LightWeight Filter Driver; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [2016-07-06 80152]
R1 NNSPICC;NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [2016-07-05 116656]
R1 NNSPIHSW;NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [2017-02-08 91104]
R1 NNSPOP3;NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [2016-07-05 135088]
R1 NNSPROT;NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [2016-07-05 335792]
R1 NNSPRV;NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [2017-02-08 197600]
R1 NNSSMTP;NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [2016-07-05 123312]
R1 NNSSTRM;NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [2016-07-05 278960]
R1 NNSTLSC;NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [2016-07-05 125360]
R1 PSINKNC;PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [2017-02-20 205584]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 PSINAflt;PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [2017-02-12 177424]
R2 PSINFile;PSINFile; C:\WINDOWS\system32\DRIVERS\PSINFile.sys [2017-02-12 129296]
R2 PSINProc;PSINProc; C:\WINDOWS\system32\DRIVERS\PSINProc.sys [2017-02-12 131344]
R2 PSINProt;PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [2017-02-12 144656]
R2 PSINReg;PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [2017-02-12 114960]
R3 ACPIVPC;@oem34.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2014-09-19 35576]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 CnxtHdAudService;@oem44.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-05-19 1543912]
R3 ibtusb;@oem16.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2017-01-13 231168]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-05-03 3811288]
R3 IntcDAud;@oem9.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem39.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 38896]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2018-04-12 3485696]
R3 panda_url_filteringd;panda_url_filteringd driver; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [2014-03-19 51288]
R3 PSKMAD;PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [2016-08-09 72112]
R3 rt640x64;@oem28.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSUER;@oem46.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-07-03 410880]
R3 rtsuvc;@oem32.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2015-06-16 3068160]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-07-27 42696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dot4;@oem11.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem22.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem11.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-26 498512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-30 157520]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-02-06 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2015-10-05 64216]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-02-06 945680]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_380285;Uživatelská služba platformy připojených zařízení_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 ibtsiva;@oem16.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-05-03 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-09-19 198192]
R2 NanoServiceMain;Panda Protection Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2017-02-14 110384]
R2 OneSyncSvc_380285;Hostitel synchronizace_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2018-04-25 3028808]
R2 panda_url_filtering;panda_url_filtering Service; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [2016-11-22 246256]
R2 PandaAgent;Panda Devices Agent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-07-19 86104]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-09-19 288240]
R2 PSUAService;Panda Product Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2017-04-26 47096]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-04-24 390632]
R2 SAService;Conexant SmartAudio service; C:\WINDOWS\syswow64\SAsrv.exe [2011-09-01 447104]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-02-13 332088]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-08 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_380285;Data kontaktů_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-08 107848]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_380285;Uživatelská služba pro GameDVR a vysílání her_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_380285;Služba pro podporu uživatelů Bluetooth_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-05-03 299488]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_380285;DevicePicker_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_380285;Tok zařízení_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe [2019-02-20 1271280]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-08 107848]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-07-28 194032]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-12-10 272864]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_380285;Služba zasílání zpráv_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2018-04-25 2158400]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-09-19 305136]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_380285;PrintWorkflow_380285; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.10 2019-02-27 17:55:50
======MBR======
0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D95B735A000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
Lenovo Photo Master-->"C:\Program Files (x86)\InstallShield Installation Information\{BC94C56A-3649-420C-8756-2ADEBE399D33}\Setup.exe" /z-uninstall
Lenovo Photo Master-->"C:\Program Files (x86)\InstallShield Installation Information\{BC94C56A-3649-420C-8756-2ADEBE399D33}\Setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16
-->C:\Program Files\Conexant\CxAudMsg\SETUP64.EXE -U -ICxAudMsg
-->C:\Program Files\Conexant\DolbyGUI\SETUP64.EXE -U -IDolbyGUI
-->C:\Program Files\CONEXANT\ForteConfig\SETUP64.EXE -U -IForteConfig -SM=fmapp.exe,16
-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SWTM="HDAudioAPI-D9A3021B-9BCE-458C-B667-9029C4EF4050,1801"
-->C:\Program Files\Panda Security URL Filtering\uninstall.exe
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{F5B72D9E-D86C-4002-BCF1-C2EDDEB1A661}
Adobe Shockwave Player 12.1-->"C:\windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IG14Plmwa.inf
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
Dependency Package Update-->MsiExec.exe /X{0788641D-D31A-478D-BB34-C41564AE9F93}
Dependency Package Update-->MsiExec.exe /X{5252431C-288E-409D-ADCF-24407E0E6F70}
Dependency Package Update-->MsiExec.exe /X{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}
Dolby Digital Plus Advanced Audio-->MsiExec.exe /X{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}
Drakensang Online-->C:\Program Files (x86)\Drakensang Online\Uninstall.exe
Energy Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{AC768037-7079-4658-AC24-2897650E0ABE}\setup.exe" -runfromtemp -l0x0409 -removeonly
Energy Manager-->MsiExec.exe /I{AC768037-7079-4658-AC24-2897650E0ABE}
Google Earth Pro-->MsiExec.exe /I{BF354C72-AC4C-4A87-8D42-B089862BAE58}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34D47CD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Hightail for Lenovo-->MsiExec.exe /I{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}
Intel(R) C++ Redistributables on IA-32-->MsiExec.exe /X{F3FBDF69-A811-41C4-A2E5-50E3D72482EB}
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Sideband Fabric Device Driver-->C:\Program Files (x86)\Intel\Intel(R) MBI Driver\Uninstall\setup.exe -uninstall
Intel(R) Trusted Execution Engine Driver-->MsiExec.exe /I{6307E820-0317-4DCE-AAE0-7B6CAD867055}
Intel(R) Trusted Execution Engine-->"C:\ProgramData\Intel\Package Cache\{176E2755-0A17-42C6-88E2-192AB2131278}\Setup.exe" -uninstall
Intel(R) Trusted Execution Engine-->MsiExec.exe /I{2D6248C0-4693-4CAB-9922-F05E4015F62A}
Intel® PROSet/Wireless Software-->"C:\ProgramData\Package Cache\{2f4d8103-e601-4d48-b81d-d508d760aaba}\Setup.exe" /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{62DE858A-A2A5-452F-B067-C5F104358AD6}
Lenovo Dependency Package-->"C:\Program Files\lenovo\iMController\unins000.exe"
Lenovo EasyCamera-->"C:\Program Files (x86)\InstallShield Installation Information\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}\setup.exe" /runfromtemp /removeonly /s /f1"C:\Program Files (x86)\InstallShield Installation Information\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}\usetup.iss"
Lenovo EasyCamera-->C:\WINDOWS\RtCamU64.exe /u /s
Lenovo FusionEngine -->C:\Program Files (x86)\Lenovo\FusionEngine\uninst.exe
Lenovo Mobile Phone Wireless Import-->"C:\Program Files (x86)\InstallShield Installation Information\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}\setup.exe" -runfromtemp -l0x0409 -removeonly
Lenovo Mobile Phone Wireless Import-->MsiExec.exe /I{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo PhoneCompanion-->"C:\Program Files (x86)\InstallShield Installation Information\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}\setup.exe" -runfromtemp -l0x0409 -removeonly
Lenovo PhoneCompanion-->MsiExec.exe /I{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}
Lenovo PowerDVD10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
Lenovo PowerDVD10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
Lenovo SHAREit-->"C:\Program Files (x86)\Lenovo\SHAREit\unins000.exe"
Lenovo Solution Center-->MsiExec.exe /X{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}
Malwarebytes Anti-Malware verze 2.2.0.1024-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Metric Collection SDK 35-->MsiExec.exe /X{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}
Microsoft Office-->MsiExec.exe /X{90150000-0138-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106-->"C:\ProgramData\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212-->"C:\ProgramData\Package Cache\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212-->"C:\ProgramData\Package Cache\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212-->MsiExec.exe /X{F20396E5-D84E-3505-A7A8-7358F0155F6C}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{FAAD7243-0141-3987-AA2F-E56B20F80E41}
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212-->MsiExec.exe /X{844ECB74-9B63-3D5C-958C-30BD23F19EE4}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{37B55901-995A-3650-80B1-BBFD047E2911}
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
Panda Devices Agent-->MsiExec.exe /X{3F9548B2-0B34-4453-A92E-35056B053F19}
Panda Devices Agent-->MsiExec.exe /X{3F9548B2-0B34-4453-A92E-35056B053F19}
Panda Protection-->"C:\Program Files (x86)\Panda Security\Panda Security Protection\Setup.exe" /X{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}
Panda Protection-->MsiExec.exe /X{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}
Panda Safe Web-->C:\Program Files (x86)\pandasecuritytb\uninstall.exe
PandaMania-->"C:\Program Files (x86)\Extreme Reality\PandaMania\uninstall.exe"
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Skype™ 7.6-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims 4-->"C:\Program Files (x86)\The Sims 4\unins000.exe"
The Sims™ 4 Create A Sim Demo-->"C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4 Create A Sim Demo\Cleanup.exe" uninstall_game -autologging
The Sims™ 4-->"C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4\Cleanup.exe" uninstall_game -autologging
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}
User Manuals-->"C:\Program Files (x86)\InstallShield Installation Information\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\setup.exe" -runfromtemp -l0x0409 -removeonly
User Manuals-->MsiExec.exe /X{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}
Vlak 1.5-->C:\WINDOWS\unins000.exe
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34)-->C:\Program Files\DIFX\8C657473004ED4CD\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\acpivpc.inf_amd64_096f446edcbd01f6\acpivpc.inf
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288)-->C:\Program Files\DIFX\8C657473004ED4CD\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\wudfvhidmini.inf_amd64_7d883db511b20660\wudfvhidmini.inf
WinRAR 5.30 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
======System event log======
Computer Name: Lenovo-PC
Event Code: 25
Message: Zásada spouštěcí nabídky byla 0x1.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256998-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256996-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 20
Message: Poslední stav úspěšného vypnutí byl false. Poslední stav úspěšného spuštění byl true.
Record Number: 3
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256798-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 153
Message: Zabezpečení založené na virtualizaci (zásady: 0) je disabled.
Record Number: 2
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256619-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 12
Message: Operační systém se spustil v systémovém čase 2018-06-09T10:42:46.494807300Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20180609104247.256503-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Lenovo-PC
Event Code: 0
Message:
Record Number: 3267
Source Name: SynTPEnhService
Time Written: 20180628195745.602258-000
Event Type: Informace
User:
Computer Name: Lenovo-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně. Není nutná žádná akce uživatele.
PODROBNOSTI –
5 user registry handles leaked from \Registry\User\S-1-5-21-441833104-3594470175-1327339323-1001_Classes:
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes\Local Settings
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes\Local Settings\Software\Microsoft
Record Number: 3266
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180628195741.315613-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 3265
Source Name: Microsoft-Windows-Winlogon
Time Written: 20180628195741.519949-000
Event Type: Informace
User:
Computer Name: Lenovo-PC
Event Code: 916
Message: svchost (3324,G,98) Beta verze funkce EseDiskFlushConsistency je povolená v: ESENT v důsledku nastavení režimu beta verze webu 0x800000.
Record Number: 3264
Source Name: ESENT
Time Written: 20180628195741.316833-000
Event Type: Informace
User:
Computer Name: Lenovo-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně. Není nutná žádná akce uživatele.
PODROBNOSTI –
52 user registry handles leaked from \Registry\User\S-1-5-21-441833104-3594470175-1327339323-1001:
Process 6912 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001
Process 1140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\System\GameConfigStore\Parents
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 1140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\System\GameConfigStore
Process 3288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CloudContent
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications
Process 6420 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment1$windows.data.notifications.quietmoment\Current
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.notifications.quiethourssettings\Current
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment0$windows.data.notifications.quietmoment\Current
Process 3288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\DataCollection
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment2$windows.data.notifications.quietmoment\Current
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment3$windows.data.notifications.quietmoment\Current
Process 9612 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 2124 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 1140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\System\GameConfigStore\Children
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Security
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Security
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Security
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
Process 8316 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Control Panel\International\User Profile
Record Number: 3263
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180628195740.743660-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-503
Název účtu: DefaultAccount
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331315
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.449350-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-500
Název účtu: Administrator
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331314
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.447418-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-1001
Název účtu: jiří
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331313
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.436793-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-501
Název účtu: Guest
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331312
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.434762-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-503
Název účtu: DefaultAccount
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331311
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.432690-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"Path"=%INTEL_DEV_REDIST%redist\ia32\compiler;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
"configsetroot"=%SystemRoot%\ConfigSetRoot
"easyplussdk"="C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin"
"INTEL_DEV_REDIST"=C:\Program Files (x86)\Common Files\Intel\Shared Libraries\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 55 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=3708
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.10 2019-02-27 17:55:50
======MBR======
0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D95B735A000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
Lenovo Photo Master-->"C:\Program Files (x86)\InstallShield Installation Information\{BC94C56A-3649-420C-8756-2ADEBE399D33}\Setup.exe" /z-uninstall
Lenovo Photo Master-->"C:\Program Files (x86)\InstallShield Installation Information\{BC94C56A-3649-420C-8756-2ADEBE399D33}\Setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16
-->C:\Program Files\Conexant\CxAudMsg\SETUP64.EXE -U -ICxAudMsg
-->C:\Program Files\Conexant\DolbyGUI\SETUP64.EXE -U -IDolbyGUI
-->C:\Program Files\CONEXANT\ForteConfig\SETUP64.EXE -U -IForteConfig -SM=fmapp.exe,16
-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SWTM="HDAudioAPI-D9A3021B-9BCE-458C-B667-9029C4EF4050,1801"
-->C:\Program Files\Panda Security URL Filtering\uninstall.exe
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{F5B72D9E-D86C-4002-BCF1-C2EDDEB1A661}
Adobe Shockwave Player 12.1-->"C:\windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IG14Plmwa.inf
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
Dependency Package Update-->MsiExec.exe /X{0788641D-D31A-478D-BB34-C41564AE9F93}
Dependency Package Update-->MsiExec.exe /X{5252431C-288E-409D-ADCF-24407E0E6F70}
Dependency Package Update-->MsiExec.exe /X{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}
Dolby Digital Plus Advanced Audio-->MsiExec.exe /X{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}
Drakensang Online-->C:\Program Files (x86)\Drakensang Online\Uninstall.exe
Energy Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{AC768037-7079-4658-AC24-2897650E0ABE}\setup.exe" -runfromtemp -l0x0409 -removeonly
Energy Manager-->MsiExec.exe /I{AC768037-7079-4658-AC24-2897650E0ABE}
Google Earth Pro-->MsiExec.exe /I{BF354C72-AC4C-4A87-8D42-B089862BAE58}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34D47CD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Hightail for Lenovo-->MsiExec.exe /I{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}
Intel(R) C++ Redistributables on IA-32-->MsiExec.exe /X{F3FBDF69-A811-41C4-A2E5-50E3D72482EB}
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Sideband Fabric Device Driver-->C:\Program Files (x86)\Intel\Intel(R) MBI Driver\Uninstall\setup.exe -uninstall
Intel(R) Trusted Execution Engine Driver-->MsiExec.exe /I{6307E820-0317-4DCE-AAE0-7B6CAD867055}
Intel(R) Trusted Execution Engine-->"C:\ProgramData\Intel\Package Cache\{176E2755-0A17-42C6-88E2-192AB2131278}\Setup.exe" -uninstall
Intel(R) Trusted Execution Engine-->MsiExec.exe /I{2D6248C0-4693-4CAB-9922-F05E4015F62A}
Intel® PROSet/Wireless Software-->"C:\ProgramData\Package Cache\{2f4d8103-e601-4d48-b81d-d508d760aaba}\Setup.exe" /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{62DE858A-A2A5-452F-B067-C5F104358AD6}
Lenovo Dependency Package-->"C:\Program Files\lenovo\iMController\unins000.exe"
Lenovo EasyCamera-->"C:\Program Files (x86)\InstallShield Installation Information\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}\setup.exe" /runfromtemp /removeonly /s /f1"C:\Program Files (x86)\InstallShield Installation Information\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}\usetup.iss"
Lenovo EasyCamera-->C:\WINDOWS\RtCamU64.exe /u /s
Lenovo FusionEngine -->C:\Program Files (x86)\Lenovo\FusionEngine\uninst.exe
Lenovo Mobile Phone Wireless Import-->"C:\Program Files (x86)\InstallShield Installation Information\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}\setup.exe" -runfromtemp -l0x0409 -removeonly
Lenovo Mobile Phone Wireless Import-->MsiExec.exe /I{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo PhoneCompanion-->"C:\Program Files (x86)\InstallShield Installation Information\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}\setup.exe" -runfromtemp -l0x0409 -removeonly
Lenovo PhoneCompanion-->MsiExec.exe /I{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}
Lenovo PowerDVD10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
Lenovo PowerDVD10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
Lenovo SHAREit-->"C:\Program Files (x86)\Lenovo\SHAREit\unins000.exe"
Lenovo Solution Center-->MsiExec.exe /X{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}
Malwarebytes Anti-Malware verze 2.2.0.1024-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Metric Collection SDK 35-->MsiExec.exe /X{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}
Microsoft Office-->MsiExec.exe /X{90150000-0138-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106-->"C:\ProgramData\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212-->"C:\ProgramData\Package Cache\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212-->"C:\ProgramData\Package Cache\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212-->MsiExec.exe /X{F20396E5-D84E-3505-A7A8-7358F0155F6C}
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{FAAD7243-0141-3987-AA2F-E56B20F80E41}
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212-->MsiExec.exe /X{844ECB74-9B63-3D5C-958C-30BD23F19EE4}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{37B55901-995A-3650-80B1-BBFD047E2911}
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
Panda Devices Agent-->MsiExec.exe /X{3F9548B2-0B34-4453-A92E-35056B053F19}
Panda Devices Agent-->MsiExec.exe /X{3F9548B2-0B34-4453-A92E-35056B053F19}
Panda Protection-->"C:\Program Files (x86)\Panda Security\Panda Security Protection\Setup.exe" /X{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}
Panda Protection-->MsiExec.exe /X{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}
Panda Safe Web-->C:\Program Files (x86)\pandasecuritytb\uninstall.exe
PandaMania-->"C:\Program Files (x86)\Extreme Reality\PandaMania\uninstall.exe"
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Skype™ 7.6-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims 4-->"C:\Program Files (x86)\The Sims 4\unins000.exe"
The Sims™ 4 Create A Sim Demo-->"C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4 Create A Sim Demo\Cleanup.exe" uninstall_game -autologging
The Sims™ 4-->"C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4\Cleanup.exe" uninstall_game -autologging
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}
User Manuals-->"C:\Program Files (x86)\InstallShield Installation Information\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\setup.exe" -runfromtemp -l0x0409 -removeonly
User Manuals-->MsiExec.exe /X{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}
Vlak 1.5-->C:\WINDOWS\unins000.exe
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34)-->C:\Program Files\DIFX\8C657473004ED4CD\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\acpivpc.inf_amd64_096f446edcbd01f6\acpivpc.inf
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288)-->C:\Program Files\DIFX\8C657473004ED4CD\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\wudfvhidmini.inf_amd64_7d883db511b20660\wudfvhidmini.inf
WinRAR 5.30 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
======System event log======
Computer Name: Lenovo-PC
Event Code: 25
Message: Zásada spouštěcí nabídky byla 0x1.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256998-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256996-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 20
Message: Poslední stav úspěšného vypnutí byl false. Poslední stav úspěšného spuštění byl true.
Record Number: 3
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256798-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 153
Message: Zabezpečení založené na virtualizaci (zásady: 0) je disabled.
Record Number: 2
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180609104247.256619-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 12
Message: Operační systém se spustil v systémovém čase 2018-06-09T10:42:46.494807300Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20180609104247.256503-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Lenovo-PC
Event Code: 0
Message:
Record Number: 3267
Source Name: SynTPEnhService
Time Written: 20180628195745.602258-000
Event Type: Informace
User:
Computer Name: Lenovo-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně. Není nutná žádná akce uživatele.
PODROBNOSTI –
5 user registry handles leaked from \Registry\User\S-1-5-21-441833104-3594470175-1327339323-1001_Classes:
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes\Local Settings
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001_Classes\Local Settings\Software\Microsoft
Record Number: 3266
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180628195741.315613-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Lenovo-PC
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 3265
Source Name: Microsoft-Windows-Winlogon
Time Written: 20180628195741.519949-000
Event Type: Informace
User:
Computer Name: Lenovo-PC
Event Code: 916
Message: svchost (3324,G,98) Beta verze funkce EseDiskFlushConsistency je povolená v: ESENT v důsledku nastavení režimu beta verze webu 0x800000.
Record Number: 3264
Source Name: ESENT
Time Written: 20180628195741.316833-000
Event Type: Informace
User:
Computer Name: Lenovo-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně. Není nutná žádná akce uživatele.
PODROBNOSTI –
52 user registry handles leaked from \Registry\User\S-1-5-21-441833104-3594470175-1327339323-1001:
Process 6912 (\Device\HarddiskVolume5\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001
Process 1140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\System\GameConfigStore\Parents
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 1140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\System\GameConfigStore
Process 3288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CloudContent
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications
Process 6420 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment1$windows.data.notifications.quietmoment\Current
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.notifications.quiethourssettings\Current
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment0$windows.data.notifications.quietmoment\Current
Process 3288 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\DataCollection
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Main
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 3308 (\Device\HarddiskVolume5\Program Files\Lenovo\iMController\SystemAgentService.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Lenovo\E046963F.LenovoSupport_k1h2ywk1493x8
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment2$windows.data.notifications.quietmoment\Current
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$quietmoment3$windows.data.notifications.quietmoment\Current
Process 9612 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 2124 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 1140 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\System\GameConfigStore\Children
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Security
Process 3056 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Security
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Internet Explorer\Security
Process 11508 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 11296 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
Process 8316 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 5912 (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe) has opened key \REGISTRY\USER\S-1-5-21-441833104-3594470175-1327339323-1001\Control Panel\International\User Profile
Record Number: 3263
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180628195740.743660-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-503
Název účtu: DefaultAccount
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331315
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.449350-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-500
Název účtu: Administrator
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331314
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.447418-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-1001
Název účtu: jiří
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331313
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.436793-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-501
Název účtu: Guest
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331312
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.434762-000
Event Type: Úspěšný audit
User:
Computer Name: Lenovo-PC
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7
Uživatel:
ID zabezpečení: S-1-5-21-441833104-3594470175-1327339323-503
Název účtu: DefaultAccount
Doména účtu: Lenovo-PC
Informace o procesu:
ID procesu: 0x868
Název procesu: C:\Windows\System32\svchost.exe
Record Number: 331311
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20190126140807.432690-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"Path"=%INTEL_DEV_REDIST%redist\ia32\compiler;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
"configsetroot"=%SystemRoot%\ConfigSetRoot
"easyplussdk"="C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin"
"INTEL_DEV_REDIST"=C:\Program Files (x86)\Common Files\Intel\Shared Libraries\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 55 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=3708
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu (trochu zpomalenej ntb)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu (trochu zpomalenej ntb)
Zdravím!
Jelikož jste nedal hlavičku logu, nevím, jaký máte oper. systém.
Jelikož jste nedal hlavičku logu, nevím, jaký máte oper. systém.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?