je to mozny vir?
Logfile of random's system information tool 1.10 (written by random/random)
Run by Blanka at 2019-12-23 12:04:42
Microsoft Windows 10 Enterprise
System drive C: has 82 GB (54%) free of 152 GB
Total RAM: 3992 MB (11% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:02, on 2019-12-23
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\87.4.138\QtWebEngineProcess.exe
C:\Program Files (x86)\Dropbox\Client\87.4.138\QtWebEngineProcess.exe
C:\Program Files (x86)\Dropbox\Client\87.4.138\QtWebEngineProcess.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileCoAuth.exe
C:\Program Files\trend micro\Blanka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Chromium] "c:\users\blanka\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
O4 - HKCU\..\Run: [Epson Stylus SX440] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Users\Blanka\AppData\Local\Temp\E_S65A0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [McAfeeSafeConnect] C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
O4 - HKCU\..\RunOnce: [Application Restart #9] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1" --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Tjänsten Dropbox-uppdatering (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Tjänsten Dropbox-uppdatering (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem13.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @oem13.inf,%Lenovo.svcDesc1%;Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\WINDOWS\system32\LPlatSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 11779 bytes
======Listing Processes======
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\LPlatSvc.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-02c97389-a998-432d-8639-b59fa2d51aa5 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0f4eb267-b450-4895-9b20-f55a12b966c0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-89866e6a-5390-47a8-8a9f-e05c764ba92f -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9a6038ed-eace-4fac-a32e-86f784eebc75 -LifetimeId:8068fac4-7c61-4ede-be09-b6e3f52c6b76 -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s PhoneSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
dashost.exe {687d316d-b930-4a50-88738b953744db4d}
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
C:\WINDOWS\system32\DbxSvc.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s DoSvc
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
AvastUI.exe /nogui
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s AppMgmt
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
"fontdrvhost.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\WINDOWS\system32\LPlatSvc.exe" -EM
"ctfmon.exe"
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1" --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /restore
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Blanka\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Blanka\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=79.0.3945.88 --initial-client-data=0x78,0x7c,0x80,0x70,0x84,0x7ffb7db5dd08,0x7ffb7db5dd18,0x7ffb7db5dd28
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --capture-python --no-identify-client-via-url --database=C:\Users\Blanka\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=host_int_account1_boot=54349892800 --annotation=machine_id=77049ee1-c4ad-4555-9ca7-29677e709a01 --annotation=platform=win "--annotation=platform_version=10 1803" --initial-client-data=0x210,0x214,0x218,0x20c,0x21c,0x68870560,0x68870588,0x68870570
AvastUI.exe /nogui
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -method:collectupload -session-token:77e33d0d-cacc-42ec-b763-eec6d23c5436 -target-handle:548 -target-shutdown-event:540 -target-restart-event:524 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:3.7.5 -handler-pipe:\\.\pipe\crashpad_5696_TXVQOZBSYCYIYXHI
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3324 --on-initialized-event-handle=376 --parent-handle=380 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=206643532983111380 --mojo-platform-channel-handle=1520 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --service-request-channel-token=15170410694951475081 --mojo-platform-channel-handle=1720 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --extension-process --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4028976798326880927 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --extension-process --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15922648394393005278 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=2779737615963739772 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=12029526872918205225 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --service-request-channel-token=9049970110400905437 --mojo-platform-channel-handle=4732 --ignored=" --type=renderer " /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16739334150956560870 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1384 /prefetch:1
"C:\Program Files (x86)\Dropbox\Client\87.4.138\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=14771863636271278882 --lang=sv --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14771863636271278882 --renderer-client-id=2 --mojo-platform-channel-handle=3048 /prefetch:1
"C:\Program Files (x86)\Dropbox\Client\87.4.138\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=3706375876928989759 --lang=sv --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=3706375876928989759 --renderer-client-id=3 --mojo-platform-channel-handle=4712 /prefetch:1
"C:\Program Files (x86)\Dropbox\Client\87.4.138\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=3005615527015747551 --lang=sv --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=3005615527015747551 --renderer-client-id=4 --mojo-platform-channel-handle=9456 /prefetch:1
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=8357762746777614202 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Blanka\Downloads\VAT for 2020.pdf"
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\Blanka\Downloads\VAT for 2020.pdf"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16828894609663519582 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15527097208599990476 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=17595603045481512041 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1736,14216693630155499097,5574114229979603919,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.21.20058 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=18149867514602343150 --renderer-client-id=7 --mojo-platform-channel-handle=2012 --allow-no-sandbox-job /prefetch:1
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1736,14216693630155499097,5574114229979603919,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.21.20058 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=7093924325160437729 --renderer-client-id=8 --mojo-platform-channel-handle=2072 --allow-no-sandbox-job /prefetch:1
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1736,14216693630155499097,5574114229979603919,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.21.20058 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=5725184945782537717 --renderer-client-id=9 --mojo-platform-channel-handle=2236 --allow-no-sandbox-job /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15118386704441240285 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4967423907818750027 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=17395193659802365848 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9864 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=3453944513105098676 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13080769255138651349 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10580 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13933157982204176222 --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11100 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14242288880978138852 --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9584 /prefetch:1
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13964343034344304922 --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1736,14216693630155499097,5574114229979603919,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.21.20058 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=14606546841022091174 --renderer-client-id=10 --mojo-platform-channel-handle=3468 --allow-no-sandbox-job /prefetch:1
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1736,14216693630155499097,5574114229979603919,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.21.20058 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=9903518675433776326 --renderer-client-id=11 --mojo-platform-channel-handle=3456 --allow-no-sandbox-job /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=15952629226566547401 --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11332 /prefetch:1
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=11872683598644402154 --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=17892932922923922719 --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11624 /prefetch:1
C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileCoAuth.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k NetworkService -p
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXass2jm06pp1n7aktd4dcj305y31qrc54.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=8718047154575342176 --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=17730928956868987288 --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,9031881508780334955,16389316355912195853,131072 --lang=en-GB --disable-oor-cors --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16105663591820562738 --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe175_ Global\UsGthrCtrlFltPipeMssGthrPipe175 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 744 748 756 8192 752
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s XblAuthManager
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\AUDIODG.EXE 0x2dc
"C:\Users\Blanka\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe /NOUACCHECK
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31 226984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [2016-03-16 2176816]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2016-03-15 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [2016-03-16 1522480]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-10-09 268680]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24 2963184]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2019-11-24 1585000]
"Chromium"=c:\users\blanka\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session []
"Epson Stylus SX440"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [2011-01-20 232448]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe []
"McAfeeSafeConnect"=C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #9"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2019-12-14 1704944]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2019-12-17 6268224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2019-12-17 20:30:10 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2019-12-17 20:30:10 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2019-12-17 20:30:10 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2019-12-17 20:30:10 ----A---- C:\WINDOWS\system32\DbxSvc.exe
2019-12-11 11:48:29 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-11 11:48:28 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-11 11:48:25 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-12-11 11:48:19 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-12-11 11:48:17 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-12-11 11:48:15 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-12-11 11:48:11 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-11 11:48:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-12-11 11:48:05 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-12-11 11:48:05 ----A---- C:\WINDOWS\system32\sppobjs.dll
2019-12-11 11:48:02 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-12-11 11:48:02 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-11 11:48:01 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-12-11 11:48:01 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-11 11:48:00 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2019-12-11 11:47:59 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-12-11 11:47:59 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-12-11 11:47:58 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-12-11 11:47:58 ----A---- C:\WINDOWS\system32\usocore.dll
2019-12-11 11:47:57 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-12-11 11:47:57 ----A---- C:\WINDOWS\system32\MusNotification.exe
2019-12-11 11:47:57 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-12-11 11:47:56 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-12-11 11:47:56 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2019-12-11 11:47:56 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-12-11 11:47:55 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.dll
2019-12-11 11:47:55 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-11 11:47:53 ----A---- C:\WINDOWS\system32\user32.dll
2019-12-11 11:47:53 ----A---- C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-11 11:47:53 ----A---- C:\WINDOWS\system32\oleaut32.dll
2019-12-11 11:47:53 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-11 11:47:53 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-11 11:47:52 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-12-11 11:47:52 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-12-11 11:47:51 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2019-12-11 11:47:51 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2019-12-11 11:47:51 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-12-11 11:47:51 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-12-11 11:47:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-11 11:47:50 ----A---- C:\WINDOWS\system32\winload.exe
2019-12-11 11:47:50 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-12-11 11:47:49 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-12-11 11:47:49 ----A---- C:\WINDOWS\system32\winresume.exe
2019-12-11 11:47:49 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-12-11 11:47:48 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-12-11 11:47:48 ----A---- C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-11 11:47:48 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-12-11 11:47:48 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2019-12-11 11:47:47 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2019-12-11 11:47:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Enumeration.dll
2019-12-11 11:47:46 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-12-11 11:47:46 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2019-12-11 11:47:46 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-12-11 11:47:46 ----A---- C:\WINDOWS\system32\services.exe
2019-12-11 11:47:46 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-12-11 11:47:45 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2019-12-11 11:47:45 ----A---- C:\WINDOWS\system32\t2embed.dll
2019-12-11 11:47:45 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2019-12-11 11:47:45 ----A---- C:\WINDOWS\system32\fontsub.dll
2019-12-11 11:47:45 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-12-11 11:47:44 ----A---- C:\WINDOWS\system32\wow64win.dll
2019-12-11 11:47:44 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2019-12-11 11:47:44 ----A---- C:\WINDOWS\system32\atmfd.dll
2019-12-11 11:47:43 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2019-12-11 11:47:43 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2019-12-11 11:47:43 ----A---- C:\WINDOWS\system32\rdpudd.dll
2019-12-11 11:47:43 ----A---- C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-11 11:47:42 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-11 11:47:42 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-12-11 11:47:42 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2019-12-11 11:47:42 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2019-12-11 11:47:42 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
======List of files/folders modified in the last 1 month======
2019-12-23 12:04:57 ----D---- C:\WINDOWS\system32\drivers\etc
2019-12-23 12:04:56 ----D---- C:\Program Files\trend micro
2019-12-23 11:59:36 ----D---- C:\WINDOWS\system32\SleepStudy
2019-12-23 11:59:33 ----D---- C:\WINDOWS\Temp
2019-12-23 11:13:24 ----D---- C:\WINDOWS\Prefetch
2019-12-23 11:10:07 ----D---- C:\WINDOWS\system32\sru
2019-12-23 10:54:37 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-12-23 09:39:35 ----SHD---- C:\System Volume Information
2019-12-23 09:36:08 ----RD---- C:\WINDOWS\Microsoft.NET
2019-12-21 19:03:49 ----D---- C:\WINDOWS\system32\LogFiles
2019-12-21 16:59:44 ----D---- C:\WINDOWS\Minidump
2019-12-21 16:13:23 ----D---- C:\Windows
2019-12-21 15:21:31 ----D---- C:\WINDOWS\LiveKernelReports
2019-12-21 15:20:02 ----HD---- C:\Program Files\WindowsApps
2019-12-21 15:11:39 ----D---- C:\WINDOWS\AppReadiness
2019-12-20 12:55:05 ----AD---- C:\Program Files (x86)\TeamViewer
2019-12-19 23:53:48 ----D---- C:\WINDOWS\CbsTemp
2019-12-19 22:24:36 ----SHD---- C:\WINDOWS\Installer
2019-12-19 22:24:34 ----SHD---- C:\Config.Msi
2019-12-19 22:19:28 ----D---- C:\WINDOWS\SysWOW64
2019-12-19 08:53:01 ----HD---- C:\OneDriveTemp
2019-12-18 22:32:46 ----D---- C:\Program Files (x86)\Dropbox
2019-12-18 22:28:05 ----D---- C:\WINDOWS\system32\drivers
2019-12-18 22:28:05 ----D---- C:\WINDOWS\System32
2019-12-18 19:09:07 ----D---- C:\WINDOWS\system32\catroot2
2019-12-18 19:07:41 ----D---- C:\WINDOWS\Logs
2019-12-16 19:46:49 ----D---- C:\WINDOWS\system32\Tasks
2019-12-12 14:10:47 ----D---- C:\WINDOWS\system32\config
2019-12-12 14:06:47 ----D---- C:\WINDOWS\WinSxS
2019-12-11 22:44:24 ----D---- C:\WINDOWS\INF
2019-12-11 22:44:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-11 22:34:24 ----D---- C:\WINDOWS\TextInput
2019-12-11 22:34:24 ----D---- C:\WINDOWS\SYSWOW64\uk-UA
2019-12-11 22:34:24 ----D---- C:\WINDOWS\SYSWOW64\pl-PL
2019-12-11 22:34:24 ----D---- C:\WINDOWS\SYSWOW64\en-GB
2019-12-11 22:34:23 ----D---- C:\WINDOWS\system32\uk-UA
2019-12-11 22:34:23 ----D---- C:\WINDOWS\system32\pl-PL
2019-12-11 22:34:22 ----D---- C:\WINDOWS\system32\migration
2019-12-11 22:34:22 ----D---- C:\WINDOWS\system32\en-GB
2019-12-11 22:34:22 ----D---- C:\WINDOWS\system32\Boot
2019-12-11 22:34:21 ----D---- C:\WINDOWS\ShellExperiences
2019-12-11 22:34:20 ----D---- C:\WINDOWS\bcastdvr
2019-12-11 22:34:18 ----D---- C:\WINDOWS\system32\DriverStore
2019-12-11 11:46:57 ----D---- C:\WINDOWS\system32\MRT
2019-12-11 11:39:51 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-11-26 11:21:47 ----D---- C:\Users\Blanka\AppData\Roaming\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswArDisk;aswArDisk; C:\WINDOWS\system32\drivers\aswArDisk.sys [2019-10-09 37616]
R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsh.sys [2019-10-09 209552]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniv.sys [2019-10-09 65120]
R0 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2019-10-09 16304]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2019-10-09 83792]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2019-10-09 316528]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2019-09-13 228152]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2019-10-09 204824]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriver.sys [2019-10-09 274456]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2019-10-09 276952]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2019-10-09 42736]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2019-10-09 110320]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2019-10-09 848432]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2019-10-09 460448]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2019-11-02 161544]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2019-10-09 236024]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-07-09 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 rismxdp;@oem14.inf,%DiskServiceDesc%;Ricoh xD-Picture Card Driver; C:\WINDOWS\System32\drivers\rixdpx64.sys [2006-11-18 55296]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2019-10-02 200192]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\WINDOWS\System32\drivers\BthHfAud.sys [2018-04-12 48640]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 e1yexpress;@net1yx64.inf,%E1YExpress.Service.DispName%;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\System32\drivers\e1y60x64.sys [2018-04-12 283136]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2016-07-13 82240]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2012-03-23 10627744]
R3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [2018-04-12 46592]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\WINDOWS\System32\drivers\NETwNs64.sys [2018-04-12 8604672]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 aftap0901;@oem19.inf,%DeviceDescription%;AnchorFree TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\aftap0901.sys [2018-03-06 48624]
S3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-01-13 11922944]
S3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-01-13 359936]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2018-04-12 127384]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2019-03-14 164664]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2018-04-12 143768]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-10-02 92472]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2019-10-02 1110016]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 dg_ssudbus;@oem12.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-11-28 76088]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-09-10 88136]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-10-09 996880]
R2 AvastWscReporter;AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2019-10-09 57504]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_38d7027;Connected Devices Platform User Service_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2019-12-17 51024]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 IBMPMSVC;@oem13.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2016-07-13 180736]
R2 LPlatSvc;@oem13.inf,%Lenovo.svcDesc1%;Lenovo Platform Service; C:\WINDOWS\system32\LPlatSvc.exe [2016-07-13 710144]
R2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 OneSyncSvc_38d7027;Sync Host_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-12-19 6259592]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_38d7027;Contact Data_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 dbupdate;Tjänsten Dropbox-uppdatering (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-06-14 143144]
S2 gupdate;Tjänsten Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-12 153752]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08 335872]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_38d7027;GameDVR and Broadcast User Service_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_38d7027;Bluetooth User Support Service_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 CaptureService_38d7027;CaptureService_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dbupdatem;Tjänsten Dropbox-uppdatering (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-06-14 143144]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_38d7027;DevicePicker_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_38d7027;DevicesFlow_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-18 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe [2019-12-14 1113072]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Tjänsten Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-12 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_38d7027;MessagingService_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc_38d7027;PrintWorkflow_38d7027; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2019-09-13 5098408]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2019-07-09 827920]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zasadne se zpomalil laptop
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Blanka yahoo
- Návštěvník
- Příspěvky: 343
- Registrován: 02 úno 2006 13:03
-
Blanka yahoo
- Návštěvník
- Příspěvky: 343
- Registrován: 02 úno 2006 13:03
Re: zasadne se zpomalil laptop
info.txt logfile of random's system information tool 1.10 2018-03-15 00:13:26
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A5E620E2500008020210007CE1E430008000000A00F0000CE1F4307EFFFFF00A80F0000E89112000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{64FD3413-2EC3-44C2-97E1-172559B47B58}" "1033" "0"
Adobe Acrobat Reader DC-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
BankID säkerhetsprogram-->MsiExec.exe /X{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}
ByteFence Anti-Malware-->"C:\Program Files\ByteFence\uninstall.exe"
Definition Update for Microsoft Office 2016 (KB3114959) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{00910FD1-D832-425D-BBD1-79CC1AA01182}" "1033" "0"
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EPSON SX440 Series Printer Uninstall-->C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IINSHBE.EXE /R /APD /P:"EPSON SX440 Series"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Handelsbanken card reader-->C:\Program Files (x86)\InstallShield Installation Information\{1E08E4C7-69F9-4723-B05B-4FABEDF29AC2}\setup.exe -runfromtemp -l0x0009 -removeonly
Herramientas de corrección de Microsoft Office 2016: español-->MsiExec.exe /X{90160000-001F-0C0A-0000-0000000FF1CE}
Intel Security True Key-->C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe
Intel® RealSense™ SDK 2014 Runtime (x64): Core-->MsiExec.exe /X{37D41A97-6B02-4C30-8753-85107BE1D674}
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
McAfee WebAdvisor-->C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe
Microsoft Access MUI (English) 2016-->MsiExec.exe /X{90160000-0015-0409-0000-0000000FF1CE}
Microsoft Access Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0117-0409-0000-0000000FF1CE}
Microsoft DCF MUI (English) 2016-->MsiExec.exe /X{90160000-0090-0409-0000-0000000FF1CE}
Microsoft Excel MUI (English) 2016-->MsiExec.exe /X{90160000-0016-0409-0000-0000000FF1CE}
Microsoft Groove MUI (English) 2016-->MsiExec.exe /X{90160000-00BA-0409-0000-0000000FF1CE}
Microsoft InfoPath MUI (English) 2016-->MsiExec.exe /X{90160000-0044-0409-0000-0000000FF1CE}
Microsoft Office 64-bit Components 2016-->MsiExec.exe /X{90160000-002A-0000-1000-0000000FF1CE}
Microsoft Office OSM MUI (English) 2016-->MsiExec.exe /X{90160000-00E1-0409-0000-0000000FF1CE}
Microsoft Office OSM UX MUI (English) 2016-->MsiExec.exe /X{90160000-00E2-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2016-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2016-->MsiExec.exe /X{90160000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2016-->MsiExec.exe /X{90160000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2016 - English-->MsiExec.exe /X{90160000-001F-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2016-->MsiExec.exe /X{90160000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2016-->MsiExec.exe /X{90160000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0115-0409-0000-0000000FF1CE}
Microsoft OneNote MUI (English) 2016-->MsiExec.exe /X{90160000-00A1-0409-0000-0000000FF1CE}
Microsoft Outlook MUI (English) 2016-->MsiExec.exe /X{90160000-001A-0409-0000-0000000FF1CE}
Microsoft PowerPoint MUI (English) 2016-->MsiExec.exe /X{90160000-0018-0409-0000-0000000FF1CE}
Microsoft Publisher MUI (English) 2016-->MsiExec.exe /X{90160000-0019-0409-0000-0000000FF1CE}
Microsoft Skype for Business MUI (English) 2016-->MsiExec.exe /X{90160000-012B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215-->"C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215-->MsiExec.exe /X{69BCE4AC-9572-3271-A2FB-9423BDA36A43}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215-->MsiExec.exe /X{BBF2AC74-720C-3CB3-8291-5E34039232FA}
Microsoft Word MUI (English) 2016-->MsiExec.exe /X{90160000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox 50.1.0 (x86 en-GB)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0409-0000-0000000FF1CE}
Outils de vérification linguistique 2016 de Microsoft Office - Français-->MsiExec.exe /X{90160000-001F-040C-0000-0000000FF1CE}
Realtek High Definition Audio Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0016-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0018-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001B-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Office 2016 (KB2920727) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{ADA643B8-91E7-42FD-8339-3FDC73A3ABE4}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{57F91827-505E-4313-A3DF-EE6BD0B41A26}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{57F91827-505E-4313-A3DF-EE6BD0B41A26}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{CCBDE2CC-9498-4937-A88B-46FD248719C9}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3114690) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0431DE35-1781-4633-B69D-D547BB412C65}" "1033" "0"
Security Update for Microsoft Publisher 2016 (KB2920680) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{5182F11C-8D2E-4E2C-B36A-5B4AC5AE723C}" "1033" "0"
Security Update for Skype for Business 2016 (KB3114960) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{DB202A83-17AD-4FD5-94D6-0F69FEF8A8C7}" "1033" "0"
Security Update for Skype for Business 2016 (KB3114960) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-012B-0409-0000-0000000FF1CE}" "{DB202A83-17AD-4FD5-94D6-0F69FEF8A8C7}" "1033" "0"
Skype™ 7.40-->MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
TeamViewer 10 Host-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
ThinkPad UltraNav Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME-->MsiExec.exe /I{0E778C56-3A87-497E-BEF0-EF0D3EE4871C}
Update for Microsoft Access 2016 (KB3114850) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F5B70A9A-55A9-48CE-8D4A-1AEB9E406631}" "1033" "0"
Update for Microsoft Office 2016 (KB2910954) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{96EFDD2E-6496-4E0C-9EA2-034AF087211A}" "1033" "0"
Update for Microsoft Office 2016 (KB2910979) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{30BE8A1C-04BC-4CCD-942E-A10F3FA33E43}" "1033" "0"
Update for Microsoft Office 2016 (KB2920678) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{659F8DC4-0FD7-4C3C-9011-19B9FB400154}" "1033" "0"
Update for Microsoft Office 2016 (KB2920684) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{FA8D0376-1138-4DE0-81B4-AE2106D5ED4D}" "1033" "0"
Update for Microsoft Office 2016 (KB2920684) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{FA8D0376-1138-4DE0-81B4-AE2106D5ED4D}" "1033" "0"
Update for Microsoft Office 2016 (KB2920699) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{C07AAB5B-B29E-4568-A282-2DA560D3FFB1}" "1033" "0"
Update for Microsoft Office 2016 (KB2920699) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0016-0409-0000-0000000FF1CE}" "{C07AAB5B-B29E-4568-A282-2DA560D3FFB1}" "1033" "0"
Update for Microsoft Office 2016 (KB2920710) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6C521447-5A56-4071-9BF9-B7714966EEBF}" "1033" "0"
Update for Microsoft Office 2016 (KB2920712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0471C03C-B563-4F44-83E9-4D9AF243E1D3}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-0409-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-040C-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-0C0A-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920720) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{1471A699-A87C-454C-B227-00B48E5BA75B}" "1033" "0"
Update for Microsoft Office 2016 (KB2920724) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B5FD5FBF-150F-4BD7-A2D2-F015D1069FC5}" "1033" "0"
Update for Microsoft Office 2016 (KB3101352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{D5454C71-F9D3-4963-BFCA-C623819A3029}" "1033" "0"
Update for Microsoft Office 2016 (KB3114533) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{D9082A69-38B8-42BC-940D-61167D1C985E}" "1033" "0"
Update for Microsoft Office 2016 (KB3114535) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{27084D6E-0050-46D7-9F86-0529F47DAE43}" "1033" "0"
Update for Microsoft Office 2016 (KB3114535) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{27084D6E-0050-46D7-9F86-0529F47DAE43}" "1033" "0"
Update for Microsoft Office 2016 (KB3114689) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{ECCFA27B-A67E-4C7E-B984-8B20B9753A1D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114694) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{9C5B5C7D-E79A-41C8-9D29-748A5145281E}" "1033" "0"
Update for Microsoft Office 2016 (KB3114712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4E1AF32F-CAF6-42BF-94DE-1611FFCC1A0D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{4E1AF32F-CAF6-42BF-94DE-1611FFCC1A0D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114854) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{BA767A46-1772-4902-BFB8-5FF8F932AB61}" "1033" "0"
Update for Microsoft Office 2016 (KB3114854) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{BA767A46-1772-4902-BFB8-5FF8F932AB61}" "1033" "0"
Update for Microsoft Office 2016 (KB3114859) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4BF890A7-7EBF-4E24-A288-80723AE838CB}" "1033" "0"
Update for Microsoft Office 2016 (KB3114860) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B596FA5C-62FF-46C2-861A-CC09ACC4A312}" "1033" "0"
Update for Microsoft Office 2016 (KB3114903) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B557BEA1-7AB8-4CA4-B9EB-7011EB0EEB4B}" "1033" "0"
Update for Microsoft Office 2016 (KB3114958) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0091315A-4E30-4BD1-A4B9-FBBC03CFE926}" "1033" "0"
Update for Microsoft Office 2016 (KB3114965) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{7A7783ED-1C2A-41A7-B264-E3E5E27D82AA}" "1033" "0"
Update for Microsoft Office 2016 (KB3114965) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{7A7783ED-1C2A-41A7-B264-E3E5E27D82AA}" "1033" "0"
Update for Microsoft Office 2016 (KB3114968) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4049B5A4-5A41-42E9-9AA5-C141610193C3}" "1033" "0"
Update for Microsoft Office 2016 (KB3114968) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{4049B5A4-5A41-42E9-9AA5-C141610193C3}" "1033" "0"
Update for Microsoft Office 2016 (KB3114970) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{3CB7385E-CCCE-451D-9406-0C76C697AC91}" "1033" "0"
Update for Microsoft Office 2016 (KB3114970) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{3CB7385E-CCCE-451D-9406-0C76C697AC91}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0409-1000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-00BA-0409-0000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-00A1-0409-0000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft Outlook 2016 (KB3114972) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B55D2CDF-BD96-4997-B071-87530ACF600B}" "1033" "0"
Update for Microsoft Outlook 2016 (KB3114972) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001A-0409-0000-0000000FF1CE}" "{B55D2CDF-BD96-4997-B071-87530ACF600B}" "1033" "0"
Update for Microsoft PowerPoint 2016 (KB3114961) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{E9189AA9-3DA6-451F-A8C0-5CB439C1B681}" "1033" "0"
Update for Microsoft PowerPoint 2016 (KB3114961) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0018-0409-0000-0000000FF1CE}" "{E9189AA9-3DA6-451F-A8C0-5CB439C1B681}" "1033" "0"
Update for Microsoft Project 2016 (KB3114973) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{CDE1A23B-D9D6-4369-8C83-2AC39DABF641}" "1033" "0"
Update for Microsoft Project 2016 (KB3114973) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{CDE1A23B-D9D6-4369-8C83-2AC39DABF641}" "1033" "0"
Update for Microsoft Visio 2016 (KB3114957) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6AAC0DBB-9379-40E8-B2FA-D320C734772F}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001A-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001B-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-012B-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}
UpdateAssistant-->MsiExec.exe /I{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}
Windows 10 Update Assistant-->"C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall
Windows Setup Remediations (x64) (KB4023057)-->%windir%\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\CustomSDB\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb"
WinRAR 5.40 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
======Hosts File======
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
======System event log======
Computer Name: DESKTOP-PTIL1G8
Event Code: 7023
Message: The iphlpsvc service terminated with the following error:
The device is not ready.
Record Number: 40
Source Name: Service Control Manager
Time Written: 20180223125831.702744-000
Event Type: Error
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 22
Message: The event logging service encountered an error while initializing publishing resources for channel Microsoft-RMS-MSIPC/Debug. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
Record Number: 39
Source Name: Microsoft-Windows-Eventlog
Time Written: 20180223125822.769365-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: DESKTOP-PTIL1G8
Event Code: 22
Message: The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
Record Number: 38
Source Name: Microsoft-Windows-Eventlog
Time Written: 20180223125822.544021-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: DESKTOP-PTIL1G8
Event Code: 22
Message: The event logging service encountered an error while initializing publishing resources for channel AirSpaceChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
Record Number: 37
Source Name: Microsoft-Windows-Eventlog
Time Written: 20180223125822.173333-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: DESKTOP-PTIL1G8
Event Code: 16953
Message: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
Record Number: 24
Source Name: Microsoft-Windows-Directory-Services-SAM
Time Written: 20180223125708.330999-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: DESKTOP-PTIL1G8
Event Code: 4104
Message: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Record Number: 39
Source Name: Microsoft-Windows-MSDTC 2
Time Written: 20180223131503.590833-000
Event Type: Error
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4104
Message: Failed trying to get the state of the cluster node: DESKTOP-PTIL1G8.The error code returned: 0x8007085A
Record Number: 38
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20180223131503.122028-000
Event Type: Warning
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4104
Message: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Record Number: 37
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20180223131503.059512-000
Event Type: Error
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 1534
Message: Profile notification of event Create for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified.
.
Record Number: 11
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180223130148.824558-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: DESKTOP-PTIL1G8
Event Code: 1534
Message: Profile notification of event Create for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified.
.
Record Number: 9
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180223130146.744000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x1cc
New Process Name: C:\Windows\System32\smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x168
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125702.132010-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x1c0
New Process Name: C:\Windows\System32\setupcl.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x168
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125700.976666-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x174
New Process Name: C:\Windows\System32\autochk.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x168
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125655.920644-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x168
New Process Name: C:\Windows\System32\smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x4
Creator Process Name:
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125647.856041-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4826
Message: Boot Configuration Data loaded.
Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
General Settings:
Load Options: -
Advanced Options: No
Configuration Access Policy: Default
System Event Logging: No
Kernel Debugging: No
VSM Launch Type: Off
Signature Settings:
Test Signing: No
Flight Signing: No
Disable Integrity Checks: No
HyperVisor Settings:
HyperVisor Load Options: -
HyperVisor Launch Type: Off
HyperVisor Debugging: No
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125647.784251-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
-----------------EOF-----------------
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A5E620E2500008020210007CE1E430008000000A00F0000CE1F4307EFFFFF00A80F0000E89112000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{64FD3413-2EC3-44C2-97E1-172559B47B58}" "1033" "0"
Adobe Acrobat Reader DC-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
BankID säkerhetsprogram-->MsiExec.exe /X{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}
ByteFence Anti-Malware-->"C:\Program Files\ByteFence\uninstall.exe"
Definition Update for Microsoft Office 2016 (KB3114959) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{00910FD1-D832-425D-BBD1-79CC1AA01182}" "1033" "0"
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EPSON SX440 Series Printer Uninstall-->C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IINSHBE.EXE /R /APD /P:"EPSON SX440 Series"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Handelsbanken card reader-->C:\Program Files (x86)\InstallShield Installation Information\{1E08E4C7-69F9-4723-B05B-4FABEDF29AC2}\setup.exe -runfromtemp -l0x0009 -removeonly
Herramientas de corrección de Microsoft Office 2016: español-->MsiExec.exe /X{90160000-001F-0C0A-0000-0000000FF1CE}
Intel Security True Key-->C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe
Intel® RealSense™ SDK 2014 Runtime (x64): Core-->MsiExec.exe /X{37D41A97-6B02-4C30-8753-85107BE1D674}
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
McAfee WebAdvisor-->C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe
Microsoft Access MUI (English) 2016-->MsiExec.exe /X{90160000-0015-0409-0000-0000000FF1CE}
Microsoft Access Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0117-0409-0000-0000000FF1CE}
Microsoft DCF MUI (English) 2016-->MsiExec.exe /X{90160000-0090-0409-0000-0000000FF1CE}
Microsoft Excel MUI (English) 2016-->MsiExec.exe /X{90160000-0016-0409-0000-0000000FF1CE}
Microsoft Groove MUI (English) 2016-->MsiExec.exe /X{90160000-00BA-0409-0000-0000000FF1CE}
Microsoft InfoPath MUI (English) 2016-->MsiExec.exe /X{90160000-0044-0409-0000-0000000FF1CE}
Microsoft Office 64-bit Components 2016-->MsiExec.exe /X{90160000-002A-0000-1000-0000000FF1CE}
Microsoft Office OSM MUI (English) 2016-->MsiExec.exe /X{90160000-00E1-0409-0000-0000000FF1CE}
Microsoft Office OSM UX MUI (English) 2016-->MsiExec.exe /X{90160000-00E2-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2016-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2016-->MsiExec.exe /X{90160000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2016-->MsiExec.exe /X{90160000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2016 - English-->MsiExec.exe /X{90160000-001F-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2016-->MsiExec.exe /X{90160000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2016-->MsiExec.exe /X{90160000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0115-0409-0000-0000000FF1CE}
Microsoft OneNote MUI (English) 2016-->MsiExec.exe /X{90160000-00A1-0409-0000-0000000FF1CE}
Microsoft Outlook MUI (English) 2016-->MsiExec.exe /X{90160000-001A-0409-0000-0000000FF1CE}
Microsoft PowerPoint MUI (English) 2016-->MsiExec.exe /X{90160000-0018-0409-0000-0000000FF1CE}
Microsoft Publisher MUI (English) 2016-->MsiExec.exe /X{90160000-0019-0409-0000-0000000FF1CE}
Microsoft Skype for Business MUI (English) 2016-->MsiExec.exe /X{90160000-012B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215-->"C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215-->MsiExec.exe /X{69BCE4AC-9572-3271-A2FB-9423BDA36A43}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215-->MsiExec.exe /X{BBF2AC74-720C-3CB3-8291-5E34039232FA}
Microsoft Word MUI (English) 2016-->MsiExec.exe /X{90160000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox 50.1.0 (x86 en-GB)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0409-0000-0000000FF1CE}
Outils de vérification linguistique 2016 de Microsoft Office - Français-->MsiExec.exe /X{90160000-001F-040C-0000-0000000FF1CE}
Realtek High Definition Audio Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0016-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0018-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001B-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Office 2016 (KB2920727) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{ADA643B8-91E7-42FD-8339-3FDC73A3ABE4}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{57F91827-505E-4313-A3DF-EE6BD0B41A26}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{57F91827-505E-4313-A3DF-EE6BD0B41A26}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{CCBDE2CC-9498-4937-A88B-46FD248719C9}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3114690) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0431DE35-1781-4633-B69D-D547BB412C65}" "1033" "0"
Security Update for Microsoft Publisher 2016 (KB2920680) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{5182F11C-8D2E-4E2C-B36A-5B4AC5AE723C}" "1033" "0"
Security Update for Skype for Business 2016 (KB3114960) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{DB202A83-17AD-4FD5-94D6-0F69FEF8A8C7}" "1033" "0"
Security Update for Skype for Business 2016 (KB3114960) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-012B-0409-0000-0000000FF1CE}" "{DB202A83-17AD-4FD5-94D6-0F69FEF8A8C7}" "1033" "0"
Skype™ 7.40-->MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
TeamViewer 10 Host-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
ThinkPad UltraNav Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME-->MsiExec.exe /I{0E778C56-3A87-497E-BEF0-EF0D3EE4871C}
Update for Microsoft Access 2016 (KB3114850) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F5B70A9A-55A9-48CE-8D4A-1AEB9E406631}" "1033" "0"
Update for Microsoft Office 2016 (KB2910954) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{96EFDD2E-6496-4E0C-9EA2-034AF087211A}" "1033" "0"
Update for Microsoft Office 2016 (KB2910979) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{30BE8A1C-04BC-4CCD-942E-A10F3FA33E43}" "1033" "0"
Update for Microsoft Office 2016 (KB2920678) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{659F8DC4-0FD7-4C3C-9011-19B9FB400154}" "1033" "0"
Update for Microsoft Office 2016 (KB2920684) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{FA8D0376-1138-4DE0-81B4-AE2106D5ED4D}" "1033" "0"
Update for Microsoft Office 2016 (KB2920684) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{FA8D0376-1138-4DE0-81B4-AE2106D5ED4D}" "1033" "0"
Update for Microsoft Office 2016 (KB2920699) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{C07AAB5B-B29E-4568-A282-2DA560D3FFB1}" "1033" "0"
Update for Microsoft Office 2016 (KB2920699) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0016-0409-0000-0000000FF1CE}" "{C07AAB5B-B29E-4568-A282-2DA560D3FFB1}" "1033" "0"
Update for Microsoft Office 2016 (KB2920710) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6C521447-5A56-4071-9BF9-B7714966EEBF}" "1033" "0"
Update for Microsoft Office 2016 (KB2920712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0471C03C-B563-4F44-83E9-4D9AF243E1D3}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-0409-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-040C-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-0C0A-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920720) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{1471A699-A87C-454C-B227-00B48E5BA75B}" "1033" "0"
Update for Microsoft Office 2016 (KB2920724) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B5FD5FBF-150F-4BD7-A2D2-F015D1069FC5}" "1033" "0"
Update for Microsoft Office 2016 (KB3101352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{D5454C71-F9D3-4963-BFCA-C623819A3029}" "1033" "0"
Update for Microsoft Office 2016 (KB3114533) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{D9082A69-38B8-42BC-940D-61167D1C985E}" "1033" "0"
Update for Microsoft Office 2016 (KB3114535) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{27084D6E-0050-46D7-9F86-0529F47DAE43}" "1033" "0"
Update for Microsoft Office 2016 (KB3114535) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{27084D6E-0050-46D7-9F86-0529F47DAE43}" "1033" "0"
Update for Microsoft Office 2016 (KB3114689) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{ECCFA27B-A67E-4C7E-B984-8B20B9753A1D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114694) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{9C5B5C7D-E79A-41C8-9D29-748A5145281E}" "1033" "0"
Update for Microsoft Office 2016 (KB3114712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4E1AF32F-CAF6-42BF-94DE-1611FFCC1A0D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{4E1AF32F-CAF6-42BF-94DE-1611FFCC1A0D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114854) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{BA767A46-1772-4902-BFB8-5FF8F932AB61}" "1033" "0"
Update for Microsoft Office 2016 (KB3114854) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{BA767A46-1772-4902-BFB8-5FF8F932AB61}" "1033" "0"
Update for Microsoft Office 2016 (KB3114859) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4BF890A7-7EBF-4E24-A288-80723AE838CB}" "1033" "0"
Update for Microsoft Office 2016 (KB3114860) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B596FA5C-62FF-46C2-861A-CC09ACC4A312}" "1033" "0"
Update for Microsoft Office 2016 (KB3114903) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B557BEA1-7AB8-4CA4-B9EB-7011EB0EEB4B}" "1033" "0"
Update for Microsoft Office 2016 (KB3114958) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0091315A-4E30-4BD1-A4B9-FBBC03CFE926}" "1033" "0"
Update for Microsoft Office 2016 (KB3114965) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{7A7783ED-1C2A-41A7-B264-E3E5E27D82AA}" "1033" "0"
Update for Microsoft Office 2016 (KB3114965) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{7A7783ED-1C2A-41A7-B264-E3E5E27D82AA}" "1033" "0"
Update for Microsoft Office 2016 (KB3114968) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4049B5A4-5A41-42E9-9AA5-C141610193C3}" "1033" "0"
Update for Microsoft Office 2016 (KB3114968) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{4049B5A4-5A41-42E9-9AA5-C141610193C3}" "1033" "0"
Update for Microsoft Office 2016 (KB3114970) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{3CB7385E-CCCE-451D-9406-0C76C697AC91}" "1033" "0"
Update for Microsoft Office 2016 (KB3114970) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{3CB7385E-CCCE-451D-9406-0C76C697AC91}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0409-1000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-00BA-0409-0000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-00A1-0409-0000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft Outlook 2016 (KB3114972) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B55D2CDF-BD96-4997-B071-87530ACF600B}" "1033" "0"
Update for Microsoft Outlook 2016 (KB3114972) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001A-0409-0000-0000000FF1CE}" "{B55D2CDF-BD96-4997-B071-87530ACF600B}" "1033" "0"
Update for Microsoft PowerPoint 2016 (KB3114961) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{E9189AA9-3DA6-451F-A8C0-5CB439C1B681}" "1033" "0"
Update for Microsoft PowerPoint 2016 (KB3114961) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0018-0409-0000-0000000FF1CE}" "{E9189AA9-3DA6-451F-A8C0-5CB439C1B681}" "1033" "0"
Update for Microsoft Project 2016 (KB3114973) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{CDE1A23B-D9D6-4369-8C83-2AC39DABF641}" "1033" "0"
Update for Microsoft Project 2016 (KB3114973) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{CDE1A23B-D9D6-4369-8C83-2AC39DABF641}" "1033" "0"
Update for Microsoft Visio 2016 (KB3114957) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6AAC0DBB-9379-40E8-B2FA-D320C734772F}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001A-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001B-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-012B-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}
UpdateAssistant-->MsiExec.exe /I{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}
Windows 10 Update Assistant-->"C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall
Windows Setup Remediations (x64) (KB4023057)-->%windir%\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\CustomSDB\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb"
WinRAR 5.40 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
======Hosts File======
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
======System event log======
Computer Name: DESKTOP-PTIL1G8
Event Code: 7023
Message: The iphlpsvc service terminated with the following error:
The device is not ready.
Record Number: 40
Source Name: Service Control Manager
Time Written: 20180223125831.702744-000
Event Type: Error
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 22
Message: The event logging service encountered an error while initializing publishing resources for channel Microsoft-RMS-MSIPC/Debug. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
Record Number: 39
Source Name: Microsoft-Windows-Eventlog
Time Written: 20180223125822.769365-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: DESKTOP-PTIL1G8
Event Code: 22
Message: The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
Record Number: 38
Source Name: Microsoft-Windows-Eventlog
Time Written: 20180223125822.544021-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: DESKTOP-PTIL1G8
Event Code: 22
Message: The event logging service encountered an error while initializing publishing resources for channel AirSpaceChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
Record Number: 37
Source Name: Microsoft-Windows-Eventlog
Time Written: 20180223125822.173333-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: DESKTOP-PTIL1G8
Event Code: 16953
Message: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
Record Number: 24
Source Name: Microsoft-Windows-Directory-Services-SAM
Time Written: 20180223125708.330999-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: DESKTOP-PTIL1G8
Event Code: 4104
Message: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Record Number: 39
Source Name: Microsoft-Windows-MSDTC 2
Time Written: 20180223131503.590833-000
Event Type: Error
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4104
Message: Failed trying to get the state of the cluster node: DESKTOP-PTIL1G8.The error code returned: 0x8007085A
Record Number: 38
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20180223131503.122028-000
Event Type: Warning
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4104
Message: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Record Number: 37
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20180223131503.059512-000
Event Type: Error
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 1534
Message: Profile notification of event Create for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified.
.
Record Number: 11
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180223130148.824558-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: DESKTOP-PTIL1G8
Event Code: 1534
Message: Profile notification of event Create for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified.
.
Record Number: 9
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180223130146.744000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x1cc
New Process Name: C:\Windows\System32\smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x168
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125702.132010-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x1c0
New Process Name: C:\Windows\System32\setupcl.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x168
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125700.976666-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x174
New Process Name: C:\Windows\System32\autochk.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x168
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125655.920644-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4688
Message: A new process has been created.
Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x168
New Process Name: C:\Windows\System32\smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x4
Creator Process Name:
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125647.856041-000
Event Type: Audit Success
User:
Computer Name: DESKTOP-PTIL1G8
Event Code: 4826
Message: Boot Configuration Data loaded.
Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7
General Settings:
Load Options: -
Advanced Options: No
Configuration Access Policy: Default
System Event Logging: No
Kernel Debugging: No
VSM Launch Type: Off
Signature Settings:
Test Signing: No
Flight Signing: No
Disable Integrity Checks: No
HyperVisor Settings:
HyperVisor Load Options: -
HyperVisor Launch Type: Off
HyperVisor Debugging: No
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180223125647.784251-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
-----------------EOF-----------------
Re: zasadne se zpomalil laptop
ahoj,
prescanuj PC s MBAM
prescanuj PC s MBAM
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?