Prosím o kontrolu logu_velmi pomalý počítač

[ander-55]

Dobrý den, prosím o kontrolu logu, v poslední době se mi velmi zpomaluje počítač, už si nevím rady :/
Děkuji předem za pomoc!

Logfile of random's system information tool 1.10 (written by random/random)
Run by klark at 2019-08-07 08:54:38
Microsoft Windows 10 Home
System drive C: has 167 GB (38%) free of 437 GB
Total RAM: 3939 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:58, on 07.08.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\klark\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\klark\AppData\Local\Microsoft\OneDrive\19.126.0627.0002\FileCoAuth.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\trend micro\klark.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TeamsMachineInstaller] %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS
O4 - HKCU\..\Run: [OneDrive] "C:\Users\klark\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [PhotoMasterImportAgent] "C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe" importagent
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\klark\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] C:\Users\klark\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\klark\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\klark\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 19.123.0624.0002\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\klark\AppData\Local\Microsoft\OneDrive\19.123.0624.0002\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 19.123.0624.0002] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\klark\AppData\Local\Microsoft\OneDrive\19.123.0624.0002"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCSDK - Lenovo - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GDCAgent - Lenovo - C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxCUIService.exe
O23 - Service: @oem0.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: ymc - Lenovo - C:\ProgramData\LenovoTransition\Server\x64\ymc.exe

--
End of file - 13534 bytes

======Listing Processes======







winlogon.exe


C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-1a16f341-b29c-42c9-893a-96875aad49a5 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-eb8055b4-3ce6-4a15-8beb-e368c23f42b5 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-db97bea0-bc0e-4e4f-8202-d3ddbd8fef33 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-6b10ecd0-3e61-4f23-ae4e-5835b529d48e -LifetimeId:37d2c2ca-60d7-4d56-a45d-aad618594f63 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-21d11431-7815-404a-b07a-45d7a2239c73 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5d12e9f3-b3d8-40d8-a8a3-683d433fa67a -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-93fa6333-28f0-4c79-bf01-31c8058e25c3 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-550f3e05-3f12-4460-8a36-865c754338ce -LifetimeId:db7db0eb-5df2-462a-ac27-a834e8f8f277 -DeviceGroupId:
"fontdrvhost.exe"
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SensrSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxCUIService.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHDCPSvc.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc

c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
C:\WINDOWS\system32\rundll32.exe C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll,RunCustomMonitor
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxEM.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"ctfmon.exe"
/QuitInfo:00000000000001BC;0000000000000130;
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\svchost.exe -k LocalService -p
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan-8664 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe"
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --disable-databases --primordial-pipe-token=AC5585B0FF6365AFA402B8624BC04FF1 --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\klark\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/4.3.0.256" --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=AC5585B0FF6365AFA402B8624BC04FF1 --renderer-client-id=2 --mojo-platform-channel-handle=2940 /prefetch:1
c:\windows\system32\svchost.exe -k netsvcs -p
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --disable-databases --primordial-pipe-token=9AA814355885B2F2F904D2DAFDA2D5F5 --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\klark\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/4.3.0.256" --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=9AA814355885B2F2F904D2DAFDA2D5F5 --renderer-client-id=3 --mojo-platform-channel-handle=3684 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
taskhostw.exe
"C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe" -ServerName:AppexNews.AppX3vz52bd72d0ycrnwe6jysfgn7k1qcv00.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.30.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca


"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
/updateInstalled /background
C:\Users\klark\AppData\Local\Microsoft\OneDrive\19.126.0627.0002\FileCoAuth.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}

C:\WINDOWS\System32\svchost.exe -k netsvcs -p
"C:\Program Files\rempl\sedsvc.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\WINDOWS\system32\AUDIODG.EXE 0x7b4
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
"C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe"
C:\WINDOWS\system32\wermgr.exe -upload
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Program Files\rempl\sedlauncher.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe33_ Global\UsGthrCtrlFltPipeMssGthrPipe33 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /frequentupdate SCHEDULEDTASK displaylevel=False
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /WatchService
C:\WINDOWS\system32\devicecensus.exe
C:\WINDOWS\system32\compattelrunner.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
-name 98b3f624-80c9-4e20-acbb-83790e687861 -runas -pluginName DolbyAudioPlugin -pluginVersion 1.2.235.5
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\MusNotification.exe Display
C:\WINDOWS\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:lvvE1P9gkkeKVXkn.1
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\klark\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\klark\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\klark\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.142 --initial-client-data=0x1c4,0x1c8,0x1cc,0x1c0,0x1d0,0x7ffbb80a3ef8,0x7ffbb80a3f08,0x7ffbb80a3f18
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=15948 --on-initialized-event-handle=648 --parent-handle=652 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4971407042122087720 --mojo-platform-channel-handle=1664 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=8614062006095244069 --mojo-platform-channel-handle=1872 /prefetch:8
"C:\Users\klark\AppData\Local\Google\Chrome\User Data\SwReporter\42.206.200.3\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=FaSP256lMbbELJA3oI2x/LCdc0VY75EH6YroFJGg --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment
"c:\users\klark\appdata\local\google\chrome\user data\swreporter\42.206.200.3\software_reporter_tool.exe" --crash-handler "--database=c:\users\klark\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=42.206.200 --initial-client-data=0x228,0x230,0x238,0x22c,0x234,0x7ff67493b710,0x7ff67493b720,0x7ff67493b730
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15579303448862460802 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15657434539726141844 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3584321945121044364 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6695197844662352316 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,2695588524611560655,13463810920506684268,131072 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=813967183552976069 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 764 768 776 8192 772
"C:\Users\klark\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-14 221664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2018-05-26 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2018-05-26 212904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-14 166360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2016-09-20 71168]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-22 16695816]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-22 1462792]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-22 1462792]
"LenovoUtility"=C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [2017-07-27 911272]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2019-07-04 2849872]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2018-03-25 298296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\klark\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2019-07-31 1591416]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]
"PhotoMasterImportAgent"=C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [2016-04-22 675608]
"BitTorrent"=C:\Users\klark\AppData\Roaming\BitTorrent\BitTorrent.exe [2019-01-26 1744064]
"com.squirrel.Teams.Teams"=C:\Users\klark\AppData\Local\Microsoft\Teams\Update.exe [2019-07-15 1790192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Delete Cached Update Binary"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]
"Delete Cached Standalone Update Binary"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]
"Uninstall 19.123.0624.0002\amd64"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]
"Uninstall 19.123.0624.0002"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-09-20 2407008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-12-16 601424]
"TeamsMachineInstaller"=C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-08-07 08:54:39 ----D---- C:\Program Files\trend micro
2019-08-07 08:54:38 ----D---- C:\rsit
2019-07-15 17:57:34 ----D---- C:\Users\klark\AppData\Roaming\Microsoft Teams
2019-07-15 12:51:01 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-15 12:50:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-15 12:50:55 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-07-15 12:50:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-07-15 12:50:40 ----A---- C:\WINDOWS\system32\shell32.dll
2019-07-15 12:50:38 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-07-15 12:50:36 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-07-15 12:50:30 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-07-15 12:50:28 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-07-15 12:50:26 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-07-15 12:50:23 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-07-15 12:50:21 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-07-15 12:50:21 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-07-15 12:50:21 ----A---- C:\WINDOWS\system32\appraiser.dll
2019-07-15 12:50:20 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-15 12:50:19 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-07-15 12:50:18 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-07-15 12:50:17 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-07-15 12:50:17 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-15 12:50:16 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-07-15 12:50:16 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-15 12:50:15 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-07-15 12:50:15 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-07-15 12:50:14 ----A---- C:\WINDOWS\system32\combase.dll
2019-07-15 12:50:13 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-07-15 12:50:13 ----A---- C:\WINDOWS\explorer.exe
2019-07-15 12:50:12 ----A---- C:\WINDOWS\system32\twinui.dll
2019-07-15 12:50:11 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-07-15 12:50:11 ----A---- C:\WINDOWS\system32\aepic.dll
2019-07-15 12:50:11 ----A---- C:\WINDOWS\system32\aeinv.dll
2019-07-15 12:50:10 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2019-07-15 12:50:10 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-15 12:50:08 ----A---- C:\WINDOWS\system32\InputService.dll
2019-07-15 12:50:08 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-07-15 12:50:07 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2019-07-15 12:50:07 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2019-07-15 12:50:06 ----A---- C:\WINDOWS\system32\aitstatic.exe
2019-07-15 12:50:05 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-07-15 12:50:05 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2019-07-15 12:50:05 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-15 12:50:04 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2019-07-15 12:50:04 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-07-15 12:50:04 ----A---- C:\WINDOWS\system32\generaltel.dll
2019-07-15 12:50:04 ----A---- C:\WINDOWS\system32\DWrite.dll
2019-07-15 12:50:03 ----A---- C:\WINDOWS\SYSWOW64\sppcext.dll
2019-07-15 12:50:03 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-07-15 12:50:03 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-15 12:50:03 ----A---- C:\WINDOWS\system32\dwmcore.dll
2019-07-15 12:50:02 ----A---- C:\WINDOWS\system32\audiosrv.dll
2019-07-15 12:50:01 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-07-15 12:50:01 ----A---- C:\WINDOWS\system32\sppcext.dll
2019-07-15 12:50:01 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2019-07-15 12:50:00 ----A---- C:\WINDOWS\system32\wuaueng.dll
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\sppcommdlg.dll
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\slui.exe
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\mstscax.dll
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\devinv.dll
2019-07-15 12:49:59 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-15 12:49:58 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2019-07-15 12:49:58 ----A---- C:\WINDOWS\system32\dcntel.dll
2019-07-15 12:49:57 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-07-15 12:49:57 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2019-07-15 12:49:57 ----A---- C:\WINDOWS\system32\rpcss.dll
2019-07-15 12:49:56 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2019-07-15 12:49:56 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2019-07-15 12:49:56 ----A---- C:\WINDOWS\system32\NotificationController.dll
2019-07-15 12:49:56 ----A---- C:\WINDOWS\system32\invagent.dll
2019-07-15 12:49:55 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-07-15 12:49:55 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2019-07-15 12:49:54 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-07-15 12:49:54 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-07-15 12:49:53 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2019-07-15 12:49:53 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-15 12:49:53 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-15 12:49:53 ----A---- C:\WINDOWS\system32\acmigration.dll
2019-07-15 12:49:52 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2019-07-15 12:49:52 ----A---- C:\WINDOWS\system32\wlansvc.dll
2019-07-15 12:49:52 ----A---- C:\WINDOWS\system32\FntCache.dll
2019-07-15 12:49:52 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-07-15 12:49:51 ----A---- C:\WINDOWS\system32\ole32.dll
2019-07-15 12:49:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-15 12:49:50 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2019-07-15 12:49:50 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2019-07-15 12:49:50 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2019-07-15 12:49:49 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-07-15 12:49:49 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-07-15 12:49:49 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2019-07-15 12:49:48 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2019-07-15 12:49:48 ----A---- C:\WINDOWS\system32\lsasrv.dll
2019-07-15 12:49:48 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-15 12:49:47 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-15 12:49:47 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-15 12:49:47 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-15 12:49:47 ----A---- C:\WINDOWS\system32\daxexec.dll
2019-07-15 12:49:46 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-07-15 12:49:46 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2019-07-15 12:49:46 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-15 12:49:46 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-15 12:49:44 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2019-07-15 12:49:44 ----A---- C:\WINDOWS\system32\winload.exe
2019-07-15 12:49:44 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-15 12:49:43 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2019-07-15 12:49:43 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2019-07-15 12:49:43 ----A---- C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-15 12:49:43 ----A---- C:\WINDOWS\system32\policymanager.dll
2019-07-15 12:49:43 ----A---- C:\WINDOWS\system32\nettrace.dll
2019-07-15 12:49:43 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2019-07-15 12:49:42 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-07-15 12:49:42 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2019-07-15 12:49:42 ----A---- C:\WINDOWS\system32\wer.dll
2019-07-15 12:49:42 ----A---- C:\WINDOWS\system32\hal.dll
2019-07-15 12:49:42 ----A---- C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\wldp.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\winresume.exe
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\sppwinob.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\QuietHours.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-07-15 12:49:41 ----A---- C:\WINDOWS\system32\dnsapi.dll
2019-07-15 12:49:40 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2019-07-15 12:49:40 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2019-07-15 12:49:40 ----A---- C:\WINDOWS\system32\wpx.dll
2019-07-15 12:49:40 ----A---- C:\WINDOWS\system32\pkeyhelper.dll
2019-07-15 12:49:40 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-07-15 12:49:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-15 12:49:39 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-07-15 12:49:39 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-07-15 12:49:39 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-07-15 12:49:39 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2019-07-15 12:49:39 ----A---- C:\WINDOWS\system32\ci.dll
2019-07-15 12:49:39 ----A---- C:\WINDOWS\system32\AcGenral.dll
2019-07-15 12:49:38 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2019-07-15 12:49:38 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2019-07-15 12:49:37 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2019-07-15 12:49:37 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-15 12:49:37 ----A---- C:\WINDOWS\system32\tdh.dll
2019-07-15 12:49:37 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2019-07-15 12:49:36 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2019-07-15 12:49:36 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2019-07-15 12:49:36 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2019-07-15 12:49:36 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-07-15 12:49:36 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-15 12:49:35 ----A---- C:\WINDOWS\system32\Unistore.dll
2019-07-15 12:49:35 ----A---- C:\WINDOWS\system32\TDLMigration.dll
2019-07-15 12:49:35 ----A---- C:\WINDOWS\system32\securekernel.exe
2019-07-15 12:49:35 ----A---- C:\WINDOWS\system32\rdpcore.dll
2019-07-15 12:49:35 ----A---- C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-15 12:49:34 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2019-07-15 12:49:34 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2019-07-15 12:49:34 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-15 12:49:34 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-15 12:49:34 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-15 12:49:34 ----A---- C:\WINDOWS\system32\efscore.dll
2019-07-15 12:49:34 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2019-07-15 12:49:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2019-07-15 12:49:33 ----A---- C:\WINDOWS\system32\rmclient.dll
2019-07-15 12:49:33 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-15 12:49:33 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-15 12:49:32 ----A---- C:\WINDOWS\system32\pcasvc.dll
2019-07-15 12:49:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-15 12:49:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-15 12:49:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-15 12:49:31 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2019-07-15 12:49:31 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-07-15 12:49:30 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-07-15 12:49:30 ----A---- C:\WINDOWS\system32\wc_storage.dll
2019-07-15 12:49:30 ----A---- C:\WINDOWS\system32\rdpclip.exe
2019-07-15 12:49:30 ----A---- C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-15 12:49:30 ----A---- C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-15 12:49:30 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-15 12:49:30 ----A---- C:\WINDOWS\system32\dssvc.dll
2019-07-15 12:49:29 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2019-07-15 12:49:29 ----A---- C:\WINDOWS\SYSWOW64\rmclient.dll
2019-07-15 12:49:29 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2019-07-15 12:49:29 ----A---- C:\WINDOWS\SYSWOW64\dmenrollengine.dll
2019-07-15 12:49:29 ----A---- C:\WINDOWS\system32\wermgr.exe
2019-07-15 12:49:29 ----A---- C:\WINDOWS\system32\nltest.exe
2019-07-15 12:49:29 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2019-07-15 12:49:28 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2019-07-15 12:49:28 ----A---- C:\WINDOWS\system32\skci.dll
2019-07-15 12:49:28 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-07-15 12:49:27 ----A---- C:\WINDOWS\SYSWOW64\nshwfp.dll
2019-07-15 12:49:26 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2019-07-15 12:49:26 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2019-07-15 12:49:26 ----A---- C:\WINDOWS\system32\rastls.dll
2019-07-15 12:49:26 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\wlanapi.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\vdsbas.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\nshwfp.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2019-07-15 12:49:25 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-15 12:49:24 ----A---- C:\WINDOWS\SYSWOW64\wlanapi.dll
2019-07-15 12:49:24 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-07-15 12:49:24 ----A---- C:\WINDOWS\SYSWOW64\profext.dll
2019-07-15 12:49:24 ----A---- C:\WINDOWS\system32\rdpudd.dll
2019-07-15 12:49:24 ----A---- C:\WINDOWS\system32\LicensingUI.exe
2019-07-15 12:49:24 ----A---- C:\WINDOWS\system32\drivers\dumpfve.sys
2019-07-15 12:49:24 ----A---- C:\WINDOWS\system32\bcdedit.exe
2019-07-15 12:49:23 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2019-07-15 12:49:23 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2019-07-15 12:49:23 ----A---- C:\WINDOWS\system32\offreg.dll
2019-07-15 12:49:23 ----A---- C:\WINDOWS\system32\KdsCli.dll
2019-07-15 12:49:23 ----A---- C:\WINDOWS\system32\kdnet.dll
2019-07-15 12:49:23 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2019-07-15 12:49:23 ----A---- C:\WINDOWS\system32\changepk.exe
2019-07-15 12:49:23 ----A---- C:\WINDOWS\system32\bcrypt.dll
2019-07-15 12:49:21 ----A---- C:\WINDOWS\SYSWOW64\TokenBrokerUI.dll
2019-07-15 12:49:21 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2019-07-15 12:49:21 ----A---- C:\WINDOWS\SYSWOW64\AppxAllUserStore.dll
2019-07-15 12:49:21 ----A---- C:\WINDOWS\system32\profext.dll
2019-07-15 12:49:21 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2019-07-15 12:49:21 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\SYSWOW64\dmvdsitf.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\system32\wlanmsm.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\system32\wkssvc.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-15 12:49:19 ----A---- C:\WINDOWS\system32\dmvdsitf.dll
2019-07-15 12:49:18 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-07-15 12:49:18 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2019-07-15 12:49:18 ----A---- C:\WINDOWS\system32\WSReset.exe
2019-07-15 12:49:18 ----A---- C:\WINDOWS\system32\TpmTasks.dll
2019-07-15 12:49:18 ----A---- C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-15 12:49:18 ----A---- C:\WINDOWS\splwow64.exe
2019-07-15 12:49:17 ----A---- C:\WINDOWS\system32\drivers\PEAuth.sys
2019-07-15 12:49:16 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2019-07-15 12:49:16 ----A---- C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-15 12:49:16 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2019-07-15 12:49:16 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2019-07-15 12:49:16 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-15 12:49:15 ----A---- C:\WINDOWS\SYSWOW64\enrollmentapi.dll
2019-07-15 12:49:15 ----A---- C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-15 12:49:15 ----A---- C:\WINDOWS\system32\MDMAgent.exe
2019-07-15 12:49:15 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2019-07-15 12:49:15 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-15 12:29:35 ----D---- C:\Program Files (x86)\Teams Installer

======List of files/folders modified in the last 1 month======

2019-08-07 08:54:55 ----D---- C:\WINDOWS\Temp
2019-08-07 08:54:40 ----D---- C:\WINDOWS\Prefetch
2019-08-07 08:54:39 ----RD---- C:\Program Files
2019-08-07 08:53:55 ----D---- C:\WINDOWS\system32\catroot2
2019-08-07 08:48:32 ----D---- C:\WINDOWS\system32\sru
2019-08-07 08:47:53 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-08-07 08:47:22 ----D---- C:\WINDOWS\system32\SleepStudy
2019-08-06 21:08:10 ----HD---- C:\Program Files\WindowsApps
2019-08-06 21:07:36 ----D---- C:\WINDOWS\AppReadiness
2019-08-02 14:16:10 ----SHDC---- C:\WINDOWS\Installer
2019-08-02 14:16:10 ----SHD---- C:\Config.Msi
2019-08-02 14:16:00 ----AD---- C:\Program Files\rempl
2019-08-02 14:14:11 ----SHD---- C:\System Volume Information
2019-08-01 17:05:12 ----D---- C:\Users\klark\AppData\Roaming\vlc
2019-08-01 14:46:08 ----RD---- C:\WINDOWS\Microsoft.NET
2019-08-01 09:15:44 ----D---- C:\WINDOWS\system32\config
2019-08-01 09:09:02 ----D---- C:\WINDOWS\system32\Tasks
2019-07-28 19:11:48 ----D---- C:\WINDOWS\WinSxS
2019-07-28 18:39:07 ----DC---- C:\WINDOWS\Panther
2019-07-28 18:35:46 ----HD---- C:\$WINDOWS.~BT
2019-07-28 15:46:42 ----AD---- C:\Program Files (x86)\Microsoft Office
2019-07-28 15:46:37 ----D---- C:\WINDOWS\System32
2019-07-28 15:38:01 ----D---- C:\WINDOWS\system32\drivers\wd
2019-07-15 17:57:35 ----SD---- C:\Users\klark\AppData\Roaming\Microsoft
2019-07-15 17:55:50 ----D---- C:\WINDOWS\INF
2019-07-15 17:54:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-15 17:48:14 ----D---- C:\WINDOWS\system32\DriverStore
2019-07-15 17:44:18 ----D---- C:\WINDOWS\TextInput
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\oobe
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\en-US
2019-07-15 17:44:18 ----D---- C:\WINDOWS\SYSWOW64\Dism
2019-07-15 17:44:17 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-07-15 17:44:17 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2019-07-15 17:44:17 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-07-15 17:44:17 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-07-15 17:44:17 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-07-15 17:44:17 ----D---- C:\WINDOWS\SysWOW64
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\zu-ZA
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\yo-NG
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\xh-ZA
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\wo-SN
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\tn-ZA
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\ti-ET
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-07-15 17:44:11 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\rw-RW
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\oobe
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\nso-ZA
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\migration
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\ig-NG
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\en-US
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\drivers
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\Dism
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\cs-CZ
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\Boot
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-07-15 17:44:10 ----D---- C:\WINDOWS\system32\appraiser
2019-07-15 17:44:06 ----D---- C:\WINDOWS\ShellComponents
2019-07-15 17:44:05 ----D---- C:\WINDOWS\Provisioning
2019-07-15 17:43:59 ----D---- C:\WINDOWS\bcastdvr
2019-07-15 17:43:59 ----D---- C:\WINDOWS\apppatch
2019-07-15 17:43:59 ----D---- C:\Windows
2019-07-15 13:10:37 ----D---- C:\WINDOWS\CbsTemp
2019-07-15 12:47:41 ----D---- C:\WINDOWS\system32\MRT
2019-07-15 12:29:35 ----RD---- C:\Program Files (x86)
2019-07-15 12:23:49 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-07-14 15:06:01 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2019-07-09 09:39:25 ----D---- C:\WINDOWS\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2016-09-20 795640]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-03-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2019-03-14 82432]
R3 ACPIVPC;@oem2.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-07-29 42328]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-08-29 605592]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
R3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
R3 igfx;igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igdkmd64.sys [2016-12-16 11039720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2016-08-22 5276168]
R3 IntcDAud;@oem6.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-10-07 822248]
R3 iwdbus;@oem20.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-07 39920]
R3 MEIx64;@oem43.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2016-08-23 204912]
R3 Qcamain10x64;@netathr10x.inf,%ATHR.Service.DispName%;Qualcomm Extensible Wireless LAN 11AC device driver; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2018-04-12 2344448]
R3 RSP2STOR;@oem18.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2016-08-15 329184]
R3 rt640x64;@oem53.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-08-01 943112]
R3 rtsuvc;@oem36.inf,%rtsuvc.DeviceDesc%;EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2016-08-04 3138056]
R3 SensorsHIDClassDriver;@SensorsHidClassDriver.inf,%WudfSensorsHIDClassDriverDisplayName%;UMDF Reflector service for Sensors HID Class Driver; C:\WINDOWS\System32\drivers\WUDFRd.sys [2018-04-12 264192]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2017-01-23 72800]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-06-15 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2019-06-07 1102336]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;@oem4.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2018-01-31 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2018-01-31 47672]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-06-07 76304]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-07 51704]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 Netaapl;@oem24.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\WINDOWS\System32\drivers\netaapl64.sys [2018-02-01 23040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 ssudmdm;@oem46.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2017-05-18 166288]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-12-16 83984]
R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-09-20 817760]
R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2019-07-04 3117648]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2019-07-04 2888272]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-03-14 83768]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2016-08-31 338312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CCSDK;CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [2016-03-22 666608]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_789bc;Uživatelská služba platformy připojených zařízení_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2019-07-26 11469920]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHDCPSvc.exe [2016-12-16 480232]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 GDCAgent;GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [2016-03-23 1210352]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2016-09-20 17976]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxCUIService.exe [2016-12-16 341984]
R2 ImControllerService;@oem0.inf,%ImcSvcDisplayName%;System Interface Foundation Service; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-04-24 76968]
R2 OneSyncSvc_789bc;Hostitel synchronizace_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-07-30 357896]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHeciSvc.exe [2016-12-16 301536]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-26 43648]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_789bc;Data kontaktů_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-15 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_789bc;Uživatelská služba pro GameDVR a vysílání her_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_789bc;Služba pro podporu uživatelů Bluetooth_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_789bc;DevicePicker_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_789bc;Tok zařízení_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe [2019-07-13 1098224]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-15 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2018-03-25 673592]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_789bc;Služba zasílání zpráv_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-16 194512]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-02-01 226752]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_789bc;PrintWorkflow_789bc; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[ander-55]

Zde je log z 28.05. 2019

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-28-2019
# Duration: 00:00:15
# OS: Windows 10 Home
# Cleaned: 19
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\klark\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Not Deleted C:\Users\klark\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKU\S-1-5-19\Software\Host App Service
Deleted HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKU\S-1-5-20\Software\Host App Service
Deleted HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

***** [ Chromium (and derivatives) ] *****

Deleted EasyPDFCombine
Deleted Search Extension by Ask
Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2908 octets] - [28/05/2019 10:14:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[ander-55]

Zde je ze dneška

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-07-2019
# Duration: 00:01:50
# OS: Windows 10 Home
# Cleaned: 20
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\klark\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoCCSDK
Deleted Preinstalled.LenovoIMController
Deleted Preinstalled.LenovoPhotoMaster
Deleted Preinstalled.LenovoUtility


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2908 octets] - [28/05/2019 10:14:37]
AdwCleaner[C00].txt - [2728 octets] - [28/05/2019 10:15:15]
AdwCleaner[S01].txt - [1670 octets] - [07/08/2019 11:06:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Rudy]

OK. Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

[ander-55]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02
Ran by klark (administrator) on DESKTOP-2F59R0M (LENOVO 80VB) (08-08-2019 08:49:23)
Running from C:\Users\klark\Desktop
Loaded Profiles: klark (Available Profiles: klark)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\klark\AppData\Local\Microsoft\OneDrive\19.126.0627.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\klark\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [81165544 2019-06-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\Run: [BitTorrent] => C:\Users\klark\AppData\Roaming\BitTorrent\BitTorrent.exe [1744064 2019-01-26] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\klark\AppData\Local\Microsoft\Teams\Update.exe [1790192 2019-07-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-18] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02DBE202-8669-421C-8A34-D29FFA9D3D12} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-07-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1058F1E1-2F40-4E0D-95CA-D86A54311176} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18B63B30-20D0-4979-8271-60E6D4635069} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-07-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {2516D017-0C32-43A6-BD97-AF6B11F059EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {326D1FB7-DCA0-415A-AC27-00AA99F81AAA} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-klarka.polanska@seznam.cz => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {354BCE51-8B34-489C-9428-0CDC215C4E22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-07-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {3809E7B4-E5E5-4185-846F-C32BD3878FB2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {48FF340A-7DD2-4B7D-9222-85B53B13FB81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4B4FA921-8E2A-4D73-A634-FFA96349CBD5} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-klarka.polanska@seznam.cz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4ED79756-66B7-49BB-83CE-36CF9AB0D8F8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {5B3CF227-2DCF-4C47-98B4-6CC7277EEAE9} - \Lenovo\ImController\TimeBasedEvents\b1065a77-158c-4c63-93c5-a68bec9dec5e -> No File <==== ATTENTION
Task: {66C68BAE-F623-4206-AC82-9A651F496607} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-09-15] (Google Inc -> Google Inc.)
Task: {73DFB023-E4FE-48EF-AC49-D9F628B9DA61} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {97D8E269-2F17-4122-9A0C-6A6A5F7B742D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A17F4BDD-0744-408B-9369-CD8255BA0887} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {B2BB7B2B-00B7-45BE-A4B8-E08455E97B87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA300CE9-9E70-44E5-9D6D-BD456BBB5CE9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C3767F87-7F87-4832-88FE-BE8A7800E03D} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
Task: {C38E3A67-E40A-4534-AF12-09EF5BB7F04A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {C64E9141-F0AD-48FB-83AA-C6C7CA9C06C2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-07-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0107E01-1BE3-442A-B952-2EC25AD97DBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D234FE78-14C5-42E3-B4D2-CF940AB1F677} - \Lenovo\ImController\TimeBasedEvents\b3df525c-7d3e-409f-956a-87a938b181c6 -> No File <==== ATTENTION
Task: {D45CB309-D684-4C6B-9BF3-4AE875B8CC77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-07-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6F28C5A-F47D-49A8-9853-A523B5CCF170} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551488 2019-07-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {E50C4A95-D693-4562-A3FA-7B9D229336D7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E95F2B87-0763-4EF6-B486-5C0B8C813D88} - \Lenovo\ImController\TimeBasedEvents\8b7dfb34-dfa1-4ed9-9104-a82c403f88ea -> No File <==== ATTENTION
Task: {EE84E5AA-6A29-4103-BB3F-17683018DE66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-09-15] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{60931df5-dbfa-40bf-8aff-51f2711e3d47}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ca1f2759-3a6c-4e0b-820e-9c901dc26ea7}: [DhcpNameServer] 146.102.41.11 146.102.41.12
Tcpip\..\Interfaces\{e1aed8d2-a7a5-4539-a571-753c2caf8fc5}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> DefaultScope {D5FE566E-4F57-40DA-BE7F-D0F582BFB572} URL =
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {1C1AE7F3-E6A1-4D34-974A-5EAFD2590AF1} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {28C94F82-1EA4-4DE6-8BAC-6CCD352058E1} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {62FFFCE9-06A0-4C80-A987-72F123E5BA8E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {800CA54F-B1CC-47C3-8BB2-4187CDDFF688} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {82D5A99C-7C9E-49EC-9C7D-5C8E6E28EAFD} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {985D6548-4881-438E-B222-C7A7B3B6C7BF} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10444__171110__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {CE086AE1-6C76-4FC2-9D65-6C9D7CDEB489} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {D5FE566E-4F57-40DA-BE7F-D0F582BFB572} URL =
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {DFFF8AFB-9BB4-40CB-AB9D-9ABD7CA0D369} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {F89BA618-B7C0-49C6-ABFD-8F8231CA08A0} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2018-05-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2018-05-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: elmddzfk.default
FF ProfilePath: C:\Users\klark\AppData\Roaming\Mozilla\Firefox\Profiles\elmddzfk.default [2019-05-11]
FF Homepage: Mozilla\Firefox\Profiles\elmddzfk.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10444__171110__yaff
FF NewTab: Mozilla\Firefox\Profiles\elmddzfk.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10444__171110__yaff
FF NewTabOverride: Mozilla\Firefox\Profiles\elmddzfk.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\klark\AppData\Roaming\Mozilla\Firefox\Profiles\elmddzfk.default\Extensions\sko-extension@firma.seznam.cz [2017-11-11]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\klark\AppData\Roaming\Mozilla\Firefox\Profiles\elmddzfk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-11-11]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2018-05-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2018-05-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-DC0C5589B222D33E - C:\Users\klark\AppData\Local\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\klark\AppData\Local\Google\Chrome\User Data\Default [2019-08-08]
CHR Extension: (Seznam doplněk - Email) - C:\Users\klark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2019-08-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\klark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\klark\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2019-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\klark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-08]
CHR HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-23] (LENOVO -> Lenovo)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267360 2017-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (LENOVO -> Lenovo)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [X]
S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-01-31] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-01-31] (Disc Soft Ltd -> Disc Soft Ltd)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek Semiconductor Corp. -> Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3138056 2016-08-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72800 2017-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-28] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-08 08:49 - 2019-08-08 08:52 - 000030602 _____ C:\Users\klark\Desktop\FRST.txt
2019-08-08 08:48 - 2019-08-08 08:49 - 000000000 ____D C:\FRST
2019-08-08 08:47 - 2019-08-08 08:47 - 002096640 _____ (Farbar) C:\Users\klark\Desktop\FRST64.exe
2019-08-07 11:34 - 2019-02-13 07:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-08-07 11:03 - 2019-08-07 11:04 - 007623880 _____ (Malwarebytes) C:\Users\klark\Desktop\adwcleaner_7.4.exe
2019-08-07 08:54 - 2019-08-07 08:55 - 000000000 ____D C:\rsit
2019-08-07 08:54 - 2019-08-07 08:54 - 000000000 ____D C:\Program Files\trend micro
2019-08-07 08:53 - 2019-08-07 08:54 - 001222144 _____ C:\Users\klark\Desktop\RSITx64.exe
2019-07-28 15:47 - 2019-07-28 15:47 - 000002566 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-07-28 15:47 - 2019-07-28 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-07-19 09:41 - 2019-08-07 17:35 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-15 17:57 - 2019-07-15 17:57 - 000002367 _____ C:\Users\klark\Desktop\Microsoft Teams.lnk
2019-07-15 17:57 - 2019-07-15 17:57 - 000000000 ____D C:\Users\klark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2019-07-15 17:57 - 2019-07-15 17:57 - 000000000 ____D C:\Users\klark\AppData\Roaming\Microsoft Teams
2019-07-15 17:51 - 2019-07-15 17:57 - 000000000 ____D C:\Users\klark\AppData\Local\SquirrelTemp
2019-07-15 12:51 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-15 12:50 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-15 12:50 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-15 12:50 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-15 12:50 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-15 12:50 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-15 12:50 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-15 12:50 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-15 12:50 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-15 12:50 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-15 12:50 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-15 12:50 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-15 12:50 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-15 12:50 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-15 12:50 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-15 12:50 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-15 12:50 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-15 12:50 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-15 12:50 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-15 12:50 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-15 12:50 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-15 12:50 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-15 12:50 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-15 12:50 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-15 12:50 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-15 12:50 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-15 12:50 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-15 12:50 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-15 12:50 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-15 12:50 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-15 12:50 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-15 12:50 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-15 12:50 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-15 12:50 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-15 12:50 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-15 12:50 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-15 12:50 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-15 12:50 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-15 12:50 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-15 12:50 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-15 12:50 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-15 12:50 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-15 12:50 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-15 12:50 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-15 12:50 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-15 12:50 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-15 12:50 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-15 12:50 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-15 12:50 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-15 12:50 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-15 12:50 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-15 12:50 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-15 12:50 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-15 12:49 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-15 12:49 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-15 12:49 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-15 12:49 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-15 12:49 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-15 12:49 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-15 12:49 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-15 12:49 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-15 12:49 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-15 12:49 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-15 12:49 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-15 12:49 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-15 12:49 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-15 12:49 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-15 12:49 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-15 12:49 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-15 12:49 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-15 12:49 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-15 12:49 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-15 12:49 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-15 12:49 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-15 12:49 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-15 12:49 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-15 12:49 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-15 12:49 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-15 12:49 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-15 12:49 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-15 12:49 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-15 12:49 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-15 12:49 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-15 12:49 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-15 12:49 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-15 12:49 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-15 12:49 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-15 12:49 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-15 12:49 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-15 12:49 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-15 12:49 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-15 12:49 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-15 12:49 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-15 12:49 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-15 12:49 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-15 12:49 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-15 12:49 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-15 12:49 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-15 12:49 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-15 12:49 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-15 12:49 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-15 12:49 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-15 12:49 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-15 12:49 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-15 12:49 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-15 12:49 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-15 12:49 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-15 12:49 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-15 12:49 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-15 12:49 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-15 12:49 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-15 12:49 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-15 12:49 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-15 12:49 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-15 12:49 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-15 12:49 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-15 12:49 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-15 12:49 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-15 12:49 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-15 12:49 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-15 12:49 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-15 12:49 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-15 12:49 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-15 12:49 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-15 12:49 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-15 12:49 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-15 12:49 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-15 12:49 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-15 12:49 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-15 12:49 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-15 12:49 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-15 12:49 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-15 12:49 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-15 12:49 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-15 12:49 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-15 12:49 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-15 12:49 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-15 12:49 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-15 12:49 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-15 12:49 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-15 12:49 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-15 12:49 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-15 12:49 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-15 12:49 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-15 12:49 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-15 12:49 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-15 12:49 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-15 12:49 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-15 12:49 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-15 12:49 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-15 12:49 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-15 12:49 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-15 12:49 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-15 12:49 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-15 12:49 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-15 12:49 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-15 12:49 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-15 12:49 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-15 12:49 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-15 12:49 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-15 12:49 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-15 12:49 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-15 12:49 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-15 12:49 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-15 12:49 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-15 12:49 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-15 12:49 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-15 12:49 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-15 12:49 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-15 12:49 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-15 12:49 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-15 12:49 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-15 12:49 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-15 12:49 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-15 12:49 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-15 12:49 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-15 12:49 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-15 12:49 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-15 12:49 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-15 12:49 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-15 12:49 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-15 12:49 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-15 12:49 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-15 12:49 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-15 12:49 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-15 12:49 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-15 12:49 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-15 12:49 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-15 12:49 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-15 12:49 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-15 12:49 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-15 12:49 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-15 12:49 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-15 12:49 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-15 12:49 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-15 12:49 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-15 12:49 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-15 12:49 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-15 12:49 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-15 12:49 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-15 12:49 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-15 12:49 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-15 12:49 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-15 12:49 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-15 12:49 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-15 12:49 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-15 12:49 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-15 12:49 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-15 12:49 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-15 12:49 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-15 12:49 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-15 12:49 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-15 12:49 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-15 12:49 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-15 12:49 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-15 12:49 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-15 12:49 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-15 12:49 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-15 12:49 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-15 12:49 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-15 12:49 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-15 12:49 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-15 12:49 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-15 12:49 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-15 12:49 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-15 12:49 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-15 12:49 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-15 12:49 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-15 12:49 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-15 12:49 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-15 12:49 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-15 12:49 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-15 12:49 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-15 12:49 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-15 12:49 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-15 12:49 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-15 12:49 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-15 12:49 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-15 12:49 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-15 12:49 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-15 12:49 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-15 12:49 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-15 12:29 - 2019-07-15 12:29 - 000000000 ____D C:\Program Files (x86)\Teams Installer

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-08 08:49 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-08 08:27 - 2018-01-31 11:46 - 000000000 ____D C:\Users\klark\AppData\Local\Adobe
2019-08-08 08:23 - 2018-05-26 15:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-07 17:39 - 2017-09-15 19:53 - 000000000 ___RD C:\Users\klark\OneDrive
2019-08-07 17:36 - 2017-09-15 19:46 - 000000000 __SHD C:\Users\klark\IntelGraphicsProfiles
2019-08-07 17:35 - 2018-05-26 18:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-07 17:34 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-07 13:12 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-07 11:19 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-07 11:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-07 11:13 - 2018-05-26 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2019-08-07 11:13 - 2018-03-17 22:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2019-08-07 11:13 - 2017-09-17 13:19 - 000000000 ____D C:\Users\klark\AppData\Local\Lenovo
2019-08-07 11:13 - 2017-02-08 00:12 - 000000000 ____D C:\ProgramData\Lenovo
2019-08-07 11:13 - 2017-02-07 23:48 - 000000000 ____D C:\Program Files\Lenovo
2019-08-07 11:13 - 2017-02-07 23:48 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-08-02 14:16 - 2017-09-16 22:03 - 000000000 ____D C:\Program Files\rempl
2019-08-01 17:05 - 2017-11-10 11:38 - 000000000 ____D C:\Users\klark\AppData\Roaming\vlc
2019-08-01 09:09 - 2018-05-26 18:38 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1038098819-2331215063-2644396150-1001
2019-08-01 09:08 - 2018-05-26 15:27 - 000002372 _____ C:\Users\klark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-28 18:39 - 2018-05-24 18:25 - 000000000 ___DC C:\WINDOWS\Panther
2019-07-28 18:35 - 2019-03-19 14:27 - 000000000 ___HD C:\$WINDOWS.~BT
2019-07-28 15:46 - 2017-02-07 23:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-28 15:38 - 2018-02-14 22:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-19 09:55 - 2017-09-15 20:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 17:55 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-15 17:54 - 2018-05-26 15:39 - 001692472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-15 17:54 - 2018-04-12 17:50 - 000717314 _____ C:\WINDOWS\system32\perfh005.dat
2019-07-15 17:54 - 2018-04-12 17:50 - 000145070 _____ C:\WINDOWS\system32\perfc005.dat
2019-07-15 17:49 - 2017-12-02 12:58 - 000000000 ___RD C:\Users\klark\3D Objects
2019-07-15 17:49 - 2016-07-29 19:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-15 17:48 - 2018-05-26 15:19 - 000402448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-15 17:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-15 17:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-15 17:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-15 12:47 - 2017-09-16 22:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-15 12:23 - 2017-09-16 22:09 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-14 15:06 - 2017-11-10 12:40 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-09 09:39 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ================

2018-03-23 22:39 - 2018-03-23 22:39 - 039210952 _____ (Mozilla) C:\Users\klark\FirefoxSetup59.0.1cz64 (1).exe
2018-03-23 21:39 - 2018-03-23 21:39 - 039210952 _____ (Mozilla) C:\Users\klark\FirefoxSetup59.0.1cz64.exe
2017-11-11 18:43 - 2017-11-11 18:55 - 080567272 _____ (ZONER software ) C:\Users\klark\zps17_en_free.exe
2017-11-11 18:08 - 2017-11-11 18:08 - 087241784 _____ () C:\Users\klark\zpsx_cz.exe
2018-10-03 20:32 - 2018-10-03 20:32 - 000000000 _____ () C:\Users\klark\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

[ander-55]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by klark (08-08-2019 08:54:36)
Running from C:\Users\klark\Desktop
Windows 10 Home Version 1803 17134.885 (X64) (2018-05-26 16:40:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1038098819-2331215063-2644396150-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1038098819-2331215063-2644396150-503 - Limited - Disabled)
Guest (S-1-5-21-1038098819-2331215063-2644396150-501 - Limited - Disabled)
klark (S-1-5-21-1038098819-2331215063-2644396150-1001 - Administrator - Enabled) => C:\Users\klark
WDAGUtilityAccount (S-1-5-21-1038098819-2331215063-2644396150-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

adobe (HKLM\...\{04E1CC38-0E5B-4AE7-BF20-7C9266AF9702}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_1) (Version: 7.1 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audio By Harman (HKLM\...\{F2DA805F-3FBD-4A4E-970F-5EE7027107EB}) (Version: 1.4.0.0 - Harman, Inc.)
BitTorrent (HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C:\Program Files\Adobe\Adobe Lightroom Classic CC\LRcestina_uninstall.exe (HKLM-x32\...\CZ Lokalizace pro Lightroom CC 2015.8 a 6.8_is1) (Version: 1.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
iTunes (HKLM\...\{565C813A-F1E1-4A1B-91D8-B2112D0D5518}) (Version: 12.7.4.76 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\OneDriveSetup.exe) (Version: 19.126.0627.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\Teams) (Version: 1.2.00.17057 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 59.0.1 (x64 cs)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
PDF Editor 5 (HKLM-x32\...\PDF Editor 5) (Version: - )
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{63a6f017-3511-4ba6-9435-25949790033f}) (Version: 4.1.1808.3370 - Lavasoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_EN_is1) (Version: 17.0.1.12 - ZONER software)

Packages:
=========
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2017-09-19] (Adobe Systems Incorporated)
Aerize Explorer -> C:\Program Files\WindowsApps\37960Aerize.AerizeExplorer_8.1.0.569_neutral__cmwngt68pf618 [2017-10-07] (Aerize)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.2.0.9_x86__h6adky7gbf63m [2019-08-01] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-15] (Microsoft Studios)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-06] (Microsoft Corporation) [MS Ad]
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-09-15] (LENOVO INCORPORATED.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\klark\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\klark\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\klark\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxDTCM.dll [2016-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-08-28 11:36 - 2018-01-31 13:00 - 000004096 _____ (painter) [File not signed] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\IMSLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\klark\OneDrive\Dokumenty\otázky:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\sharepoint.com -> hxxps://vse-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2018-01-31 13:15 - 000001022 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\klark\Desktop\Summer-grass-flowers_1920x1200.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{531D20CD-D766-4091-98D1-7DBD8AF848EA}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{312F8DEF-D08F-4213-9B73-B1498061020E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{856882C3-6E7B-42AE-9B8B-244BA15CAEF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0226496F-F42C-45C3-94E5-8E33DDF29FA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C66024A0-B45D-4D25-BB22-6F2B4FA7FCF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF720D78-2CB9-42F1-A4E6-D83005A8A42B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8290409D-20A4-44BD-9623-CEFAD60BBBD5}] => (Allow) C:\Users\klark\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8F27D34B-CE76-4B06-A198-4981EA9144C0}] => (Allow) C:\Users\klark\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{18F7F6E9-6185-43EE-895B-2F34809F6292}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe No File
FirewallRules: [{6A7ADC80-E4ED-4D3B-8636-E17408032574}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe No File
FirewallRules: [{46BB926D-493D-4A82-AC9E-ECC943BBBACE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{6FD9578E-C6A5-48A8-BC8F-F192421C46C2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{C3F955FF-467A-4ECA-9A98-4179D76277BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{75BDE3A7-6CBE-42BF-A9CE-C6FF7DC6A976}] => (Allow) C:\Users\klark\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F4425464-FC81-458F-842C-9EC557A586CD}] => (Allow) C:\Users\klark\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DD2D17E7-6D83-4300-A81A-ED7D9CF09D74}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [TCP Query User{9B1A5678-AB65-4E95-9C48-FDD6C88676A1}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{8B676639-7937-4643-9B2B-5C6FE897CBCE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{563367AA-1D0B-434A-957F-14F13BAA76BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3559D30-933A-4B1A-AF10-95A1CD47D3AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B86E1D9-FEA4-4215-8369-7730E152C6A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D9ACE25-A4E8-4F9F-8C9A-B200CFB3EC77}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBEB8FEB-EE2A-484F-AA0D-092A11C5985F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D75403B6-2559-44E7-BBDF-6365F537851C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

28-07-2019 17:33:24 Windows Update
02-08-2019 14:12:55 Windows Update
07-08-2019 13:11:32 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2019 06:07:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3516

Error: (08/07/2019 06:07:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3516

Error: (08/07/2019 06:07:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/07/2019 06:07:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1656

Error: (08/07/2019 06:07:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1656

Error: (08/07/2019 06:07:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/07/2019 02:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2485

Error: (08/07/2019 02:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2485


System errors:
=============
Error: (08/08/2019 08:25:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2F59R0M)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli DESKTOP-2F59R0M\klark (SID: S-1-5-21-1038098819-2331215063-2644396150-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/07/2019 05:51:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (08/07/2019 05:41:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/07/2019 05:41:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (08/07/2019 05:39:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (08/07/2019 05:39:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2F59R0M)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscCloudBackupProvider
a APPID
Není k dispozici
uživateli DESKTOP-2F59R0M\klark (SID: S-1-5-21-1038098819-2331215063-2644396150-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/07/2019 05:38:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2F59R0M)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-2F59R0M\klark (SID: S-1-5-21-1038098819-2331215063-2644396150-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/07/2019 05:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CCSDK neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
===================================
Date: 2019-08-07 17:33:30.778
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {3ADE56A4-CFAC-4E16-9E4B-6AEC3178C910}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-08-01 14:54:16.424
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5E268D56-1F19-4DD7-B214-033CB2DA2FC2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-07-05 14:38:02.927
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5C92043D-F82C-430F-84CA-7E1046BE0340}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-07-05 13:59:02.941
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {4F0AAA92-A526-44A7-BDE9-182F246C4C0D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-06-24 23:19:35.604
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {4EB1103F-D2C0-4419-BE25-5833F24C4FE1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-07-18 20:42:25.077
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.297.1333.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16100.4
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-06-30 14:56:49.946
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.297.190.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16100.4
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-06-28 11:43:47.797
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1457.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16100.4
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-06-24 15:31:12.880
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1123.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-06-16 21:44:33.612
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.836.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

==================== Memory info ===========================

BIOS: LENOVO 2SCN27WW(V2.07) 03/15/2018
Motherboard: LENOVO Lenovo YOGA 510-14IKB
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 84%
Total physical RAM: 3939.01 MB
Available physical RAM: 608.84 MB
Total Virtual: 6627.01 MB
Available Virtual: 2625.03 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:426.49 GB) (Free:162.77 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:8.65 GB) NTFS

\\?\Volume{73fb9195-54bd-4073-97a7-98b89b9b08ef}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.53 GB) NTFS
\\?\Volume{a99837f9-6a65-4d88-815d-d595a2af13da}\ (LENOVO_PART) (Fixed) (Total:12.05 GB) (Free:1.77 GB) NTFS
\\?\Volume{2a631cc7-ee4b-4a7d-ae63-31049a8b140e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8DD6F445)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\klark\OneDrive\Dokumenty\otázky:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
FirewallRules: [{18F7F6E9-6185-43EE-895B-2F34809F6292}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe No File
FirewallRules: [{6A7ADC80-E4ED-4D3B-8636-E17408032574}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe No File
FirewallRules: [{46BB926D-493D-4A82-AC9E-ECC943BBBACE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{6FD9578E-C6A5-48A8-BC8F-F192421C46C2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{C3F955FF-467A-4ECA-9A98-4179D76277BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
Task: {4ED79756-66B7-49BB-83CE-36CF9AB0D8F8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {5B3CF227-2DCF-4C47-98B4-6CC7277EEAE9} - \Lenovo\ImController\TimeBasedEvents\b1065a77-158c-4c63-93c5-a68bec9dec5e -> No File <==== ATTENTION
Task: {A17F4BDD-0744-408B-9369-CD8255BA0887} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {66C68BAE-F623-4206-AC82-9A651F496607} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-09-15] (Google Inc -> Google Inc.)
Task: {BA300CE9-9E70-44E5-9D6D-BD456BBB5CE9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C38E3A67-E40A-4534-AF12-09EF5BB7F04A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {D234FE78-14C5-42E3-B4D2-CF940AB1F677} - \Lenovo\ImController\TimeBasedEvents\b3df525c-7d3e-409f-956a-87a938b181c6 -> No File <==== ATTENTION
Task: {E95F2B87-0763-4EF6-B486-5C0B8C813D88} - \Lenovo\ImController\TimeBasedEvents\8b7dfb34-dfa1-4ed9-9104-a82c403f88ea -> No File <==== ATTENTION
Task: {EE84E5AA-6A29-4103-BB3F-17683018DE66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-09-15] (Google Inc -> Google Inc.)
HKU\S-1-5-21-1038098819-2331215063-2644396150-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> DefaultScope {D5FE566E-4F57-40DA-BE7F-D0F582BFB572} URL =
SearchScopes: HKU\S-1-5-21-1038098819-2331215063-2644396150-1001 -> {D5FE566E-4F57-40DA-BE7F-D0F582BFB572} URL =
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.