Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

lapton zamrzava

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

lapton zamrzava

#1 Příspěvek od Blanka yahoo »

prosim, muzete mi zkontrolovat log, latop je pomaly a nekdy mi uplne zamrzne, dekuji.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Blanka at 2020-04-07 21:03:11
Microsoft Windows 10 Enterprise
System drive C: has 83 GB (55%) free of 152 GB
Total RAM: 3992 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:03:21, on 2020-04-07
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Blanka\AppData\Local\Programs\safe-watch\resources\app\swch_go_service\swch_go_service.exe
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\94.4.384\QtWebEngineProcess.exe
C:\Program Files (x86)\Dropbox\Client\94.4.384\QtWebEngineProcess.exe
C:\Program Files\trend micro\Blanka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Chromium] "c:\users\blanka\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
O4 - HKCU\..\Run: [Epson Stylus SX440] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Users\Blanka\AppData\Local\Temp\E_S65A0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [McAfeeSafeConnect] C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
O4 - HKCU\..\Run: [sws] C:\Users\Blanka\AppData\Local\Programs\safe-watch\resources\app\swch_go_service\swch_go_service.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Tjänsten Dropbox-uppdatering (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Tjänsten Dropbox-uppdatering (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\elevation_service.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem13.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: IncognitoVPN Service (IncognitoVPNSvc) - IncognitoVPN - C:\Program Files (x86)\IncognitoVPN\vpn_module.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @oem13.inf,%Lenovo.svcDesc1%;Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\WINDOWS\system32\LPlatSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 11222 bytes

======Listing Processes======









C:\WINDOWS\system32\lsass.exe
winlogon.exe
"fontdrvhost.exe"
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalService -p
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\LPlatSvc.exe

c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain

c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s fhsvc
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p

c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files (x86)\IncognitoVPN\vpn_module.exe"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService

c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Popcorn Time\Updater.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
dashost.exe {c3e1375f-d813-4dc8-98285e4e9d5895f1}
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"ctfmon.exe"
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Blanka\AppData\Local\Programs\safe-watch\resources\app\swch_go_service\swch_go_service.exe"
AvastUI.exe /nogui
"C:\WINDOWS\system32\LPlatSvc.exe" -EM
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /restore
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /restore
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1" --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Blanka\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Blanka\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=80.0.3987.149 --initial-client-data=0x84,0x88,0x8c,0x7c,0x90,0x7ffad156ed18,0x7ffad156ed28,0x7ffad156ed38
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --capture-python --no-identify-client-via-url --database=C:\Users\Blanka\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=host_int_account1_boot=54349892800 --annotation=machine_id=77049ee1-c4ad-4555-9ca7-29677e709a01 --annotation=platform=win "--annotation=platform_version=10 1803" --initial-client-data=0x228,0x22c,0x230,0x1f0,0x234,0x67c60560,0x67c60588,0x67c60570
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -method:collectupload -session-token:fecff56f-13ff-43e0-b352-171d4b490183 -target-handle:600 -target-shutdown-event:592 -target-restart-event:596 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:3.7.5 -handler-pipe:\\.\pipe\crashpad_8240_IKOPJTJJDFCANVLZ
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7472 --on-initialized-event-handle=488 --parent-handle=492 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1568 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
"C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
"C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe" /InvokerPRAID: App
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe -Embedding

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=7956,11788043680280941758,16078199663166780002,131072 --no-sandbox --disable-direct-composition --log-file="C:\Users\Blanka\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.1.2397)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAMAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=17162691205191580996 --mojo-platform-channel-handle=8160 /prefetch:2
"C:\Program Files (x86)\Dropbox\Client\94.4.384\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --use-gl=egl --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=BackgroundFetch,MojoVideoCapture,SurfaceSynchronization,UsePdfCompositorServiceForPrint,UserActivationV2,VizDisplayCompositor --disable-databases --service-pipe-token=7660174112171976887 --lang=sv --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=7660174112171976887 --renderer-client-id=3 --mojo-platform-channel-handle=6588 /prefetch:1
"C:\Program Files (x86)\Dropbox\Client\94.4.384\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --use-gl=egl --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=BackgroundFetch,MojoVideoCapture,SurfaceSynchronization,UsePdfCompositorServiceForPrint,UserActivationV2,VizDisplayCompositor --disable-databases --service-pipe-token=13957660927205560856 --lang=sv --webengine-schemes=dbx-local:hs;qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=13957660927205560856 --renderer-client-id=4 --mojo-platform-channel-handle=7744 /prefetch:1
"c:\program files\avast software\avast\aswEngSrv.exe" /pipename="2DD03C04-D75C-24DE-6073-EE34A7ADC17B" /binpath="c:\program files\avast software\avast"

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservice -p -s PhoneSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=3248 --ignored=" --type=renderer " /prefetch:8
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x5d8

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s XblAuthManager
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1232,10303793660732412550,16862449162502571497,131072 --lang=en-GB --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 744 748 756 8192 752
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Blanka\Downloads\RSITx64 (1).exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

======Scheduled tasks folder======

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe /NOUACCHECK
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31 226984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [2016-03-16 2176816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2016-03-15 161448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [2016-03-16 1522480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2020-02-25 277664]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24 2963184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2020-03-20 1579368]
"Chromium"=c:\users\blanka\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session []
"Epson Stylus SX440"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [2011-01-20 232448]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe []
"McAfeeSafeConnect"=C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe []
"sws"=C:\Users\Blanka\AppData\Local\Programs\safe-watch\resources\app\swch_go_service\swch_go_service.exe [2019-12-05 10179912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2020-04-01 6287872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-04-07 21:03:11 ----D---- C:\rsit
2020-04-01 14:20:52 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2020-04-01 14:20:52 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2020-04-01 14:20:52 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2020-04-01 14:20:52 ----A---- C:\WINDOWS\system32\DbxSvc.exe
2020-03-11 16:31:55 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-11 16:31:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2020-03-11 16:31:47 ----A---- C:\WINDOWS\system32\edgehtml.dll
2020-03-11 16:31:42 ----A---- C:\WINDOWS\system32\mshtml.dll
2020-03-11 16:31:29 ----A---- C:\WINDOWS\system32\shell32.dll
2020-03-11 16:31:27 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2020-03-11 16:31:27 ----A---- C:\WINDOWS\system32\wininet.dll
2020-03-11 16:31:24 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2020-03-11 16:31:22 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2020-03-11 16:31:16 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2020-03-11 16:31:15 ----A---- C:\WINDOWS\system32\Chakra.dll
2020-03-11 16:31:13 ----A---- C:\WINDOWS\system32\windows.storage.dll
2020-03-11 16:31:11 ----A---- C:\WINDOWS\system32\ieframe.dll
2020-03-11 16:31:06 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-03-11 16:31:05 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2020-03-11 16:31:04 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2020-03-11 16:31:04 ----A---- C:\WINDOWS\system32\cdp.dll
2020-03-11 16:31:02 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2020-03-11 16:31:01 ----A---- C:\WINDOWS\system32\sppobjs.dll
2020-03-11 16:31:00 ----A---- C:\WINDOWS\SYSWOW64\rtmpltfm.dll
2020-03-11 16:30:59 ----A---- C:\WINDOWS\system32\jscript9.dll
2020-03-11 16:30:58 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-03-11 16:30:57 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2020-03-11 16:30:56 ----A---- C:\WINDOWS\system32\win32kfull.sys
2020-03-11 16:30:55 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2020-03-11 16:30:55 ----A---- C:\WINDOWS\explorer.exe
2020-03-11 16:30:54 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2020-03-11 16:30:54 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2020-03-11 16:30:52 ----A---- C:\WINDOWS\system32\twinui.dll
2020-03-11 16:30:52 ----A---- C:\WINDOWS\system32\combase.dll
2020-03-11 16:30:50 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2020-03-11 16:30:50 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2020-03-11 16:30:49 ----A---- C:\WINDOWS\system32\diagtrack.dll
2020-03-11 16:30:48 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2020-03-11 16:30:47 ----A---- C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-03-11 16:30:47 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-03-11 16:30:44 ----A---- C:\WINDOWS\system32\mssrch.dll
2020-03-11 16:30:44 ----A---- C:\WINDOWS\system32\iertutil.dll
2020-03-11 16:30:43 ----A---- C:\WINDOWS\system32\tquery.dll
2020-03-11 16:30:42 ----A---- C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2020-03-11 16:30:41 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2020-03-11 16:30:41 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2020-03-11 16:30:40 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2020-03-11 16:30:39 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2020-03-11 16:30:37 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2020-03-11 16:30:37 ----A---- C:\WINDOWS\system32\mfcore.dll
2020-03-11 16:30:36 ----A---- C:\WINDOWS\system32\hvix64.exe
2020-03-11 16:30:36 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-11 16:30:35 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2020-03-11 16:30:35 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2020-03-11 16:30:35 ----A---- C:\WINDOWS\system32\ortcengine.dll
2020-03-11 16:30:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2020-03-11 16:30:34 ----A---- C:\WINDOWS\system32\win32kbase.sys
2020-03-11 16:30:34 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2020-03-11 16:30:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2020-03-11 16:30:33 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2020-03-11 16:30:32 ----A---- C:\WINDOWS\system32\workfolderssvc.dll
2020-03-11 16:30:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2020-03-11 16:30:32 ----A---- C:\WINDOWS\system32\rtmpal.dll
2020-03-11 16:30:31 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2020-03-11 16:30:30 ----A---- C:\WINDOWS\system32\KernelBase.dll
2020-03-11 16:30:30 ----A---- C:\WINDOWS\system32\esent.dll
2020-03-11 16:30:29 ----A---- C:\WINDOWS\system32\msctf.dll
2020-03-11 16:30:28 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2020-03-11 16:30:28 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2020-03-11 16:30:28 ----A---- C:\WINDOWS\system32\usocore.dll
2020-03-11 16:30:28 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2020-03-11 16:30:28 ----A---- C:\WINDOWS\system32\hvax64.exe
2020-03-11 16:30:27 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2020-03-11 16:30:27 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2020-03-11 16:30:27 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2020-03-11 16:30:26 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2020-03-11 16:30:26 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-11 16:30:26 ----A---- C:\WINDOWS\system32\D3D12.dll
2020-03-11 16:30:25 ----A---- C:\WINDOWS\SYSWOW64\rtmpal.dll
2020-03-11 16:30:25 ----A---- C:\WINDOWS\SYSWOW64\rtmcodecs.dll
2020-03-11 16:30:25 ----A---- C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2020-03-11 16:30:25 ----A---- C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2020-03-11 16:30:24 ----A---- C:\WINDOWS\SYSWOW64\ortcengine.dll
2020-03-11 16:30:24 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2020-03-11 16:30:23 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2020-03-11 16:30:23 ----A---- C:\WINDOWS\system32\gdi32full.dll
2020-03-11 16:30:23 ----A---- C:\WINDOWS\system32\FaceProcessor.dll
2020-03-11 16:30:23 ----A---- C:\WINDOWS\system32\AgentService.exe
2020-03-11 16:30:22 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2020-03-11 16:30:22 ----A---- C:\WINDOWS\system32\qmgr.dll
2020-03-11 16:30:22 ----A---- C:\WINDOWS\system32\ntdll.dll
2020-03-11 16:30:22 ----A---- C:\WINDOWS\system32\MusNotification.exe
2020-03-11 16:30:22 ----A---- C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2020-03-11 16:30:21 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2020-03-11 16:30:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2020-03-11 16:30:20 ----A---- C:\WINDOWS\SYSWOW64\Microsoft.Uev.AppAgent.dll
2020-03-11 16:30:20 ----A---- C:\WINDOWS\system32\winhttp.dll
2020-03-11 16:30:20 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2020-03-11 16:30:20 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2020-03-11 16:30:19 ----A---- C:\WINDOWS\system32\uDWM.dll
2020-03-11 16:30:19 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-03-11 16:30:19 ----A---- C:\WINDOWS\system32\FaceProcessorCore.dll
2020-03-11 16:30:19 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-11 16:30:18 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2020-03-11 16:30:18 ----A---- C:\WINDOWS\system32\user32.dll
2020-03-11 16:30:18 ----A---- C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2020-03-11 16:30:18 ----A---- C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-03-11 16:30:17 ----A---- C:\WINDOWS\system32\netprofmsvc.dll
2020-03-11 16:30:17 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-03-11 16:30:17 ----A---- C:\WINDOWS\system32\mfplat.dll
2020-03-11 16:30:16 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2020-03-11 16:30:16 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2020-03-11 16:30:16 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2020-03-11 16:30:15 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2020-03-11 16:30:15 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2020-03-11 16:30:14 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2020-03-11 16:30:14 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2020-03-11 16:30:14 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-11 16:30:14 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-03-11 16:30:13 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2020-03-11 16:30:13 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2020-03-11 16:30:13 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2020-03-11 16:30:12 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-11 16:30:12 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-03-11 16:30:11 ----A---- C:\WINDOWS\system32\wer.dll
2020-03-11 16:30:11 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2020-03-11 16:30:11 ----A---- C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2020-03-11 16:30:11 ----A---- C:\WINDOWS\system32\mfsvr.dll
2020-03-11 16:30:10 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2020-03-11 16:30:10 ----A---- C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-03-11 16:30:10 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-11 16:30:08 ----A---- C:\WINDOWS\system32\msi.dll
2020-03-11 16:30:07 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2020-03-11 16:30:06 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2020-03-11 16:30:05 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2020-03-11 16:30:05 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-11 16:30:05 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-03-11 16:30:04 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-03-11 16:30:03 ----A---- C:\WINDOWS\system32\winload.exe
2020-03-11 16:30:03 ----A---- C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2020-03-11 16:30:02 ----A---- C:\WINDOWS\system32\winmde.dll
2020-03-11 16:30:02 ----A---- C:\WINDOWS\system32\werconcpl.dll
2020-03-11 16:30:02 ----A---- C:\WINDOWS\system32\mf.dll
2020-03-11 16:30:01 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2020-03-11 16:30:01 ----A---- C:\WINDOWS\SYSWOW64\ContentDeliveryManager.Utilities.dll
2020-03-11 16:30:01 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-11 16:30:00 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2020-03-11 16:30:00 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2020-03-11 16:30:00 ----A---- C:\WINDOWS\system32\mfreadwrite.dll
2020-03-11 16:29:59 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-11 16:29:59 ----A---- C:\WINDOWS\system32\vbscript.dll
2020-03-11 16:29:59 ----A---- C:\WINDOWS\system32\edgeIso.dll
2020-03-11 16:29:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2020-03-11 16:29:58 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2020-03-11 16:29:58 ----A---- C:\WINDOWS\SYSWOW64\mfreadwrite.dll
2020-03-11 16:29:58 ----A---- C:\WINDOWS\system32\winresume.exe
2020-03-11 16:29:57 ----A---- C:\WINDOWS\SYSWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-03-11 16:29:57 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2020-03-11 16:29:57 ----A---- C:\WINDOWS\system32\wlidprov.dll
2020-03-11 16:29:57 ----A---- C:\WINDOWS\system32\msvproc.dll
2020-03-11 16:29:56 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2020-03-11 16:29:56 ----A---- C:\WINDOWS\system32\lpksetup.exe
2020-03-11 16:29:56 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2020-03-11 16:29:55 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2020-03-11 16:29:54 ----A---- C:\WINDOWS\system32\provops.dll
2020-03-11 16:29:54 ----A---- C:\WINDOWS\system32\provengine.dll
2020-03-11 16:29:54 ----A---- C:\WINDOWS\system32\drivers\storport.sys
2020-03-11 16:29:54 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-11 16:29:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2020-03-11 16:29:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2020-03-11 16:29:53 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2020-03-11 16:29:53 ----A---- C:\WINDOWS\system32\WinTypes.dll
2020-03-11 16:29:53 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2020-03-11 16:29:53 ----A---- C:\WINDOWS\system32\profsvc.dll
2020-03-11 16:29:52 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2020-03-11 16:29:51 ----A---- C:\WINDOWS\system32\winlogon.exe
2020-03-11 16:29:51 ----A---- C:\WINDOWS\system32\uxtheme.dll
2020-03-11 16:29:51 ----A---- C:\WINDOWS\system32\mfps.dll
2020-03-11 16:29:50 ----A---- C:\WINDOWS\SYSWOW64\wlidprov.dll
2020-03-11 16:29:50 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2020-03-11 16:29:50 ----A---- C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-03-11 16:29:49 ----A---- C:\WINDOWS\SYSWOW64\AppxAllUserStore.dll
2020-03-11 16:29:49 ----A---- C:\WINDOWS\system32\OpenWith.exe
2020-03-11 16:29:49 ----A---- C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-11 16:29:49 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-11 16:29:48 ----A---- C:\WINDOWS\SYSWOW64\OpenWith.exe
2020-03-11 16:29:48 ----A---- C:\WINDOWS\SYSWOW64\MsSpellCheckingFacility.dll
2020-03-11 16:29:48 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2020-03-11 16:29:47 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-11 16:29:47 ----A---- C:\WINDOWS\system32\netman.dll
2020-03-11 16:29:47 ----A---- C:\WINDOWS\system32\DiagSvc.dll
2020-03-11 16:29:46 ----A---- C:\WINDOWS\SYSWOW64\rtmmvrortc.dll
2020-03-11 16:29:46 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2020-03-11 16:29:46 ----A---- C:\WINDOWS\system32\wermgr.exe
2020-03-11 16:29:46 ----A---- C:\WINDOWS\system32\wercplsupport.dll
2020-03-11 16:29:45 ----A---- C:\WINDOWS\system32\win32spl.dll
2020-03-11 16:29:45 ----A---- C:\WINDOWS\system32\upnphost.dll
2020-03-11 16:29:44 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2020-03-11 16:29:44 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2020-03-11 16:29:44 ----A---- C:\WINDOWS\system32\systemreset.exe
2020-03-11 16:29:44 ----A---- C:\WINDOWS\system32\mssph.dll
2020-03-11 16:29:44 ----A---- C:\WINDOWS\system32\mf3216.dll
2020-03-11 16:29:44 ----A---- C:\WINDOWS\system32\cscsvc.dll
2020-03-11 16:29:42 ----A---- C:\WINDOWS\system32\reseteng.dll
2020-03-11 16:29:42 ----A---- C:\WINDOWS\system32\provisioningcsp.dll
2020-03-11 16:29:42 ----A---- C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2020-03-11 16:29:42 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2020-03-11 16:29:42 ----A---- C:\WINDOWS\system32\AxInstSv.dll
2020-03-11 16:29:41 ----A---- C:\WINDOWS\system32\MSFlacDecoder.dll
2020-03-11 16:29:41 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2020-03-11 16:29:40 ----A---- C:\WINDOWS\SYSWOW64\uxtheme.dll
2020-03-11 16:29:40 ----A---- C:\WINDOWS\SYSWOW64\MicrosoftAccountTokenProvider.dll
2020-03-11 16:29:40 ----A---- C:\WINDOWS\system32\ProvSysprep.dll
2020-03-11 16:29:40 ----A---- C:\WINDOWS\system32\provhandlers.dll
2020-03-11 16:29:40 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2020-03-11 16:29:40 ----A---- C:\WINDOWS\system32\DTUHandler.exe
2020-03-11 16:29:39 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2020-03-11 16:29:39 ----A---- C:\WINDOWS\system32\weretw.dll
2020-03-11 16:29:38 ----A---- C:\WINDOWS\SYSWOW64\upnphost.dll
2020-03-11 16:29:38 ----A---- C:\WINDOWS\system32\mssvp.dll
2020-03-11 16:29:38 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2020-03-11 16:29:37 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2020-03-11 16:29:37 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2020-03-11 16:29:37 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2020-03-11 16:29:36 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2020-03-11 16:29:36 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2020-03-11 16:29:35 ----A---- C:\WINDOWS\SYSWOW64\profext.dll
2020-03-11 16:29:35 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2020-03-11 16:29:35 ----A---- C:\WINDOWS\system32\provtool.exe
2020-03-11 16:29:35 ----A---- C:\WINDOWS\system32\provpackageapidll.dll
2020-03-11 16:29:34 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-11 16:29:34 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2020-03-11 16:29:34 ----A---- C:\WINDOWS\system32\DictationManager.dll
2020-03-11 16:29:34 ----A---- C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-11 16:29:33 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2020-03-11 16:29:33 ----A---- C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-11 16:29:33 ----A---- C:\WINDOWS\system32\profext.dll
2020-03-11 16:29:33 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2020-03-11 16:29:32 ----A---- C:\WINDOWS\SYSWOW64\MSFlacDecoder.dll
2020-03-11 16:29:32 ----A---- C:\WINDOWS\SYSWOW64\iprtrmgr.dll
2020-03-11 16:29:32 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-11 16:29:32 ----A---- C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-11 16:29:32 ----A---- C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-11 16:29:31 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2020-03-11 16:29:31 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2020-03-11 16:29:31 ----A---- C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-11 16:29:31 ----A---- C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-11 16:29:30 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2020-03-11 16:29:30 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2020-03-11 16:29:30 ----A---- C:\WINDOWS\SYSWOW64\MSFlacEncoder.dll
2020-03-11 16:29:30 ----A---- C:\WINDOWS\system32\VPNv2CSP.dll
2020-03-11 16:29:29 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2020-03-11 16:29:29 ----A---- C:\WINDOWS\system32\wincorlib.dll
2020-03-11 16:29:29 ----A---- C:\WINDOWS\system32\utcutil.dll
2020-03-11 16:29:29 ----A---- C:\WINDOWS\system32\mpnotify.exe
2020-03-11 16:29:29 ----A---- C:\WINDOWS\system32\drivers\agilevpn.sys
2020-03-11 16:29:28 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2020-03-11 16:29:28 ----A---- C:\WINDOWS\SYSWOW64\mprdim.dll
2020-03-11 16:29:28 ----A---- C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-11 16:29:26 ----A---- C:\WINDOWS\system32\WorkfoldersControl.dll
2020-03-11 16:29:26 ----A---- C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-11 16:29:26 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2020-03-11 16:29:25 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2020-03-11 16:29:25 ----A---- C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-11 16:29:25 ----A---- C:\WINDOWS\system32\mssprxy.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\SYSWOW64\werdiagcontroller.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\SYSWOW64\mciwave.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\SYSWOW64\DictationManager.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-11 16:29:24 ----A---- C:\WINDOWS\system32\mciwave.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2020-03-11 16:29:24 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2020-03-11 16:29:23 ----A---- C:\WINDOWS\SYSWOW64\msauserext.dll
2020-03-11 16:29:23 ----A---- C:\WINDOWS\system32\provdatastore.dll
2020-03-11 16:29:23 ----A---- C:\WINDOWS\system32\msauserext.dll
2020-03-11 16:29:23 ----A---- C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-11 16:29:23 ----A---- C:\WINDOWS\system32\LanguageComponentsInstallerComHandler.exe
2020-03-11 16:29:23 ----A---- C:\WINDOWS\system32\DTUHandlerPS.dll

======List of files/folders modified in the last 1 month======

2020-04-07 21:03:17 ----D---- C:\Program Files\trend micro
2020-04-07 20:59:02 ----D---- C:\WINDOWS\system32\sru
2020-04-07 20:58:55 ----D---- C:\WINDOWS\Prefetch
2020-04-07 20:58:42 ----D---- C:\WINDOWS\Temp
2020-04-07 20:58:42 ----D---- C:\WINDOWS\system32\SleepStudy
2020-04-07 19:43:27 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2020-04-07 12:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2020-04-07 10:26:20 ----D---- C:\WINDOWS\system32\config
2020-04-07 10:09:52 ----D---- C:\WINDOWS\Logs
2020-04-07 10:09:48 ----D---- C:\WINDOWS\Minidump
2020-04-07 10:06:36 ----RD---- C:\WINDOWS\Microsoft.NET
2020-04-07 09:35:00 ----HD---- C:\Program Files\WindowsApps
2020-04-07 09:25:17 ----D---- C:\WINDOWS\AppReadiness
2020-04-06 17:35:51 ----D---- C:\Windows
2020-04-05 20:07:06 ----SHD---- C:\System Volume Information
2020-04-03 11:19:27 ----D---- C:\Users\Blanka\AppData\Roaming\vlc
2020-04-02 23:22:48 ----D---- C:\Program Files (x86)\Dropbox
2020-04-02 23:17:41 ----D---- C:\WINDOWS\System32
2020-04-02 23:17:40 ----D---- C:\WINDOWS\system32\drivers
2020-04-02 10:22:32 ----D---- C:\WINDOWS\CbsTemp
2020-04-01 09:19:04 ----HD---- C:\OneDriveTemp
2020-04-01 09:15:40 ----AD---- C:\Program Files (x86)\TeamViewer
2020-04-01 09:13:49 ----D---- C:\WINDOWS\system32\catroot2
2020-03-31 15:02:25 ----D---- C:\WINDOWS\LiveKernelReports
2020-03-31 08:33:11 ----D---- C:\WINDOWS\INF
2020-03-31 08:33:09 ----D---- C:\WINDOWS\system32\DriverStore
2020-03-29 21:43:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-22 11:03:46 ----D---- C:\WINDOWS\system32\drivers\wd
2020-03-20 23:25:15 ----SHD---- C:\WINDOWS\Installer
2020-03-20 23:25:15 ----SHD---- C:\Config.Msi
2020-03-20 11:39:33 ----D---- C:\WINDOWS\system32\Tasks
2020-03-19 10:00:50 ----D---- C:\WINDOWS\SysWOW64
2020-03-16 14:47:46 ----D---- C:\WINDOWS\WinSxS
2020-03-11 22:45:43 ----D---- C:\WINDOWS\TextInput
2020-03-11 22:45:43 ----D---- C:\WINDOWS\SYSWOW64\wbem
2020-03-11 22:45:43 ----D---- C:\WINDOWS\SYSWOW64\setup
2020-03-11 22:45:43 ----D---- C:\WINDOWS\SYSWOW64\migration
2020-03-11 22:45:42 ----D---- C:\WINDOWS\SYSWOW64\Dism
2020-03-11 22:45:38 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2020-03-11 22:45:38 ----D---- C:\WINDOWS\system32\wbem
2020-03-11 22:45:38 ----D---- C:\WINDOWS\system32\SystemResetPlatform
2020-03-11 22:45:38 ----D---- C:\WINDOWS\system32\setup
2020-03-11 22:45:37 ----SD---- C:\WINDOWS\system32\DiagSvcs
2020-03-11 22:45:37 ----D---- C:\WINDOWS\system32\migration
2020-03-11 22:45:37 ----D---- C:\WINDOWS\system32\Dism
2020-03-11 22:45:37 ----D---- C:\WINDOWS\system32\Boot
2020-03-11 22:45:28 ----D---- C:\WINDOWS\ShellExperiences
2020-03-11 22:45:28 ----D---- C:\WINDOWS\servicing
2020-03-11 22:45:27 ----D---- C:\WINDOWS\bcastdvr
2020-03-11 22:45:27 ----D---- C:\WINDOWS\apppatch
2020-03-11 22:45:27 ----D---- C:\Program Files\Windows Defender Advanced Threat Protection
2020-03-11 16:28:01 ----D---- C:\WINDOWS\system32\MRT
2020-03-11 16:18:31 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\WINDOWS\system32\drivers\aswArDisk.sys [2020-02-25 37864]
R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsh.sys [2020-02-25 206608]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniv.sys [2020-02-25 64272]
R0 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2020-02-25 16304]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2020-02-25 84056]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2020-02-25 316256]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2019-09-13 228152]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2020-02-25 205576]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriver.sys [2020-02-25 271120]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2020-02-25 279360]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2020-02-25 42976]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2020-02-25 110560]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2020-02-25 848672]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2020-03-11 458584]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2020-02-25 175400]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2020-02-25 235184]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2020-01-07 415232]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R2 rismxdp;@oem14.inf,%DiskServiceDesc%;Ricoh xD-Picture Card Driver; C:\WINDOWS\System32\drivers\rixdpx64.sys [2006-11-18 55296]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2019-10-02 200192]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\WINDOWS\System32\drivers\BthHfAud.sys [2018-04-12 48640]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 e1yexpress;@net1yx64.inf,%E1YExpress.Service.DispName%;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\System32\drivers\e1y60x64.sys [2018-04-12 283136]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2016-07-13 82240]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2012-03-23 10627744]
R3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [2018-04-12 46592]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\WINDOWS\System32\drivers\NETwNs64.sys [2018-04-12 8604672]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-12 193536]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 aftap0901;@oem19.inf,%DeviceDescription%;AnchorFree TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\aftap0901.sys [2018-03-06 48624]
S3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-01-13 11922944]
S3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-01-13 359936]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2020-01-07 128312]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2019-03-14 164664]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2018-04-12 143768]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-10-02 92472]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2019-10-02 1110016]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 dg_ssudbus;@oem12.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2020-03-04 76304]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-02-25 88648]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2020-02-25 413472]
R2 AvastWscReporter;AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2020-02-25 57536]
R2 CDPUserSvc_3da48;Connected Devices Platform User Service_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2020-04-01 44552]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
R2 IBMPMSVC;@oem13.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2016-07-13 180736]
R2 IncognitoVPNSvc;IncognitoVPN Service; C:\Program Files (x86)\IncognitoVPN\vpn_module.exe [2019-11-28 221696]
R2 LPlatSvc;@oem13.inf,%Lenovo.svcDesc1%;Lenovo Platform Service; C:\WINDOWS\system32\LPlatSvc.exe [2016-07-13 710144]
R2 OneSyncSvc_3da48;Sync Host_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2020-01-07 797984]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2020-02-25 6046624]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R3 PimIndexMaintenanceSvc_3da48;Contact Data_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S2 dbupdate;Tjänsten Dropbox-uppdatering (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-06-14 143144]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S2 gupdate;Tjänsten Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-12 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08 335872]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 BcastDVRUserService_3da48;GameDVR and Broadcast User Service_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 BluetoothUserService_3da48;Bluetooth User Support Service_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 CaptureService_3da48;CaptureService_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 dbupdatem;Tjänsten Dropbox-uppdatering (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-06-14 143144]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 DevicePickerUserSvc_3da48;DevicePicker_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 DevicesFlowUserSvc_3da48;DevicesFlow_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-05-18 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\elevation_service.exe [2020-03-16 1113072]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 gupdatem;Tjänsten Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-12 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 MessagingService_3da48;MessagingService_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 PrintWorkflowUserSvc_3da48;PrintWorkflow_3da48; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2020-02-21 5327376]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2020-01-07 51400]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-06-08 976384]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2020-01-07 827704]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-01-07 51400]

-----------------EOF-----------------
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#2 Příspěvek od Blanka yahoo »

info.txt logfile of random's system information tool 1.10 2020-04-07 21:04:01

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A5E620E2500008020210007CE1E430008000000A00F0000CE1F4307EFFFFF00A80F0000E89112000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{64FD3413-2EC3-44C2-97E1-172559B47B58}" "1033" "0"
Adobe Acrobat Reader DC-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
Adobe Flash Player 32 PPAPI-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe -maintain pepperplugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824369436}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\setup\Instup.exe /control_panel
BankID säkerhetsprogram-->MsiExec.exe /X{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}
Definition Update for Microsoft Office 2016 (KB3114959) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{00910FD1-D832-425D-BBD1-79CC1AA01182}" "1033" "0"
diasend® Uploader version 3.6.0_BuildR3g05-->"C:\Program Files\diasend(R) Uploader\unins000.exe"
Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}
Dropbox-->"C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EPSON SX440 Series Printer Uninstall-->C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IINSHBE.EXE /R /APD /P:"EPSON SX440 Series"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Handelsbanken card reader-->C:\Program Files (x86)\InstallShield Installation Information\{1E08E4C7-69F9-4723-B05B-4FABEDF29AC2}\setup.exe -runfromtemp -l0x0009 -removeonly
Handelsbanken kortläsare-->C:\Program Files (x86)\InstallShield Installation Information\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}\setup.exe -runfromtemp -l0x001d -removeonly
Herramientas de corrección de Microsoft Office 2016: español-->MsiExec.exe /X{90160000-001F-0C0A-0000-0000000FF1CE}
IncognitoVPN-->"C:\Program Files (x86)\IncognitoVPN\unins000.exe"
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
Microsoft Access MUI (English) 2016-->MsiExec.exe /X{90160000-0015-0409-0000-0000000FF1CE}
Microsoft Access Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0117-0409-0000-0000000FF1CE}
Microsoft DCF MUI (English) 2016-->MsiExec.exe /X{90160000-0090-0409-0000-0000000FF1CE}
Microsoft Excel MUI (English) 2016-->MsiExec.exe /X{90160000-0016-0409-0000-0000000FF1CE}
Microsoft Groove MUI (English) 2016-->MsiExec.exe /X{90160000-00BA-0409-0000-0000000FF1CE}
Microsoft InfoPath MUI (English) 2016-->MsiExec.exe /X{90160000-0044-0409-0000-0000000FF1CE}
Microsoft Office 64-bit Components 2016-->MsiExec.exe /X{90160000-002A-0000-1000-0000000FF1CE}
Microsoft Office OSM MUI (English) 2016-->MsiExec.exe /X{90160000-00E1-0409-0000-0000000FF1CE}
Microsoft Office OSM UX MUI (English) 2016-->MsiExec.exe /X{90160000-00E2-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2016-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2016-->MsiExec.exe /X{90160000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2016-->MsiExec.exe /X{90160000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2016 - English-->MsiExec.exe /X{90160000-001F-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2016-->MsiExec.exe /X{90160000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2016-->MsiExec.exe /X{90160000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2016-->MsiExec.exe /X{90160000-0115-0409-0000-0000000FF1CE}
Microsoft OneNote MUI (English) 2016-->MsiExec.exe /X{90160000-00A1-0409-0000-0000000FF1CE}
Microsoft Outlook MUI (English) 2016-->MsiExec.exe /X{90160000-001A-0409-0000-0000000FF1CE}
Microsoft PowerPoint MUI (English) 2016-->MsiExec.exe /X{90160000-0018-0409-0000-0000000FF1CE}
Microsoft Publisher MUI (English) 2016-->MsiExec.exe /X{90160000-0019-0409-0000-0000000FF1CE}
Microsoft Skype for Business MUI (English) 2016-->MsiExec.exe /X{90160000-012B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820-->"C:\ProgramData\Package Cache\{45231ab4-69fd-486a-859d-7a59fcd11013}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820-->MsiExec.exe /I{86BE78D9-65A1-4E69-86F8-C1F5281F8553}
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820-->MsiExec.exe /I{00AC3934-26B4-406E-807C-1692AC7329EC}
Microsoft Word MUI (English) 2016-->MsiExec.exe /X{90160000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox 50.1.0 (x86 en-GB)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0409-0000-0000000FF1CE}
Outils de vérification linguistique 2016 de Microsoft Office - Français-->MsiExec.exe /X{90160000-001F-040C-0000-0000000FF1CE}
Popcorn Time-->"C:\Program Files (x86)\Popcorn Time\unins000.exe"
Realtek High Definition Audio Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0016-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0018-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Excel 2016 (KB3114964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001B-0409-0000-0000000FF1CE}" "{93FA702F-6308-4EBC-A441-B32534B948C1}" "1033" "0"
Security Update for Microsoft Office 2016 (KB2920727) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{ADA643B8-91E7-42FD-8339-3FDC73A3ABE4}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{57F91827-505E-4313-A3DF-EE6BD0B41A26}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085538) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{57F91827-505E-4313-A3DF-EE6BD0B41A26}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3085635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{CCBDE2CC-9498-4937-A88B-46FD248719C9}" "1033" "0"
Security Update for Microsoft Office 2016 (KB3114690) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0431DE35-1781-4633-B69D-D547BB412C65}" "1033" "0"
Security Update for Microsoft Publisher 2016 (KB2920680) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{5182F11C-8D2E-4E2C-B36A-5B4AC5AE723C}" "1033" "0"
Security Update for Skype for Business 2016 (KB3114960) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{DB202A83-17AD-4FD5-94D6-0F69FEF8A8C7}" "1033" "0"
Security Update for Skype for Business 2016 (KB3114960) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-012B-0409-0000-0000000FF1CE}" "{DB202A83-17AD-4FD5-94D6-0F69FEF8A8C7}" "1033" "0"
TAP-Windows 9.21.1-->C:\Program Files\TAP-Windows\Uninstall.exe
TeamViewer 10 Host-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
ThinkPad UltraNav Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Access 2016 (KB3114850) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F5B70A9A-55A9-48CE-8D4A-1AEB9E406631}" "1033" "0"
Update for Microsoft Office 2016 (KB2910954) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{96EFDD2E-6496-4E0C-9EA2-034AF087211A}" "1033" "0"
Update for Microsoft Office 2016 (KB2910979) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{30BE8A1C-04BC-4CCD-942E-A10F3FA33E43}" "1033" "0"
Update for Microsoft Office 2016 (KB2920678) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{659F8DC4-0FD7-4C3C-9011-19B9FB400154}" "1033" "0"
Update for Microsoft Office 2016 (KB2920684) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{FA8D0376-1138-4DE0-81B4-AE2106D5ED4D}" "1033" "0"
Update for Microsoft Office 2016 (KB2920684) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{FA8D0376-1138-4DE0-81B4-AE2106D5ED4D}" "1033" "0"
Update for Microsoft Office 2016 (KB2920699) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{C07AAB5B-B29E-4568-A282-2DA560D3FFB1}" "1033" "0"
Update for Microsoft Office 2016 (KB2920699) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0016-0409-0000-0000000FF1CE}" "{C07AAB5B-B29E-4568-A282-2DA560D3FFB1}" "1033" "0"
Update for Microsoft Office 2016 (KB2920710) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6C521447-5A56-4071-9BF9-B7714966EEBF}" "1033" "0"
Update for Microsoft Office 2016 (KB2920712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0471C03C-B563-4F44-83E9-4D9AF243E1D3}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-0409-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-040C-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920718) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001F-0C0A-0000-0000000FF1CE}" "{9E86151B-F943-4DED-807D-561666DB4B18}" "1033" "0"
Update for Microsoft Office 2016 (KB2920720) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{1471A699-A87C-454C-B227-00B48E5BA75B}" "1033" "0"
Update for Microsoft Office 2016 (KB2920724) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B5FD5FBF-150F-4BD7-A2D2-F015D1069FC5}" "1033" "0"
Update for Microsoft Office 2016 (KB3101352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{D5454C71-F9D3-4963-BFCA-C623819A3029}" "1033" "0"
Update for Microsoft Office 2016 (KB3114533) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{D9082A69-38B8-42BC-940D-61167D1C985E}" "1033" "0"
Update for Microsoft Office 2016 (KB3114535) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{27084D6E-0050-46D7-9F86-0529F47DAE43}" "1033" "0"
Update for Microsoft Office 2016 (KB3114535) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{27084D6E-0050-46D7-9F86-0529F47DAE43}" "1033" "0"
Update for Microsoft Office 2016 (KB3114689) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{ECCFA27B-A67E-4C7E-B984-8B20B9753A1D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114694) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{9C5B5C7D-E79A-41C8-9D29-748A5145281E}" "1033" "0"
Update for Microsoft Office 2016 (KB3114712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4E1AF32F-CAF6-42BF-94DE-1611FFCC1A0D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114712) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{4E1AF32F-CAF6-42BF-94DE-1611FFCC1A0D}" "1033" "0"
Update for Microsoft Office 2016 (KB3114854) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{BA767A46-1772-4902-BFB8-5FF8F932AB61}" "1033" "0"
Update for Microsoft Office 2016 (KB3114854) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{BA767A46-1772-4902-BFB8-5FF8F932AB61}" "1033" "0"
Update for Microsoft Office 2016 (KB3114859) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4BF890A7-7EBF-4E24-A288-80723AE838CB}" "1033" "0"
Update for Microsoft Office 2016 (KB3114860) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B596FA5C-62FF-46C2-861A-CC09ACC4A312}" "1033" "0"
Update for Microsoft Office 2016 (KB3114903) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B557BEA1-7AB8-4CA4-B9EB-7011EB0EEB4B}" "1033" "0"
Update for Microsoft Office 2016 (KB3114958) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{0091315A-4E30-4BD1-A4B9-FBBC03CFE926}" "1033" "0"
Update for Microsoft Office 2016 (KB3114965) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{7A7783ED-1C2A-41A7-B264-E3E5E27D82AA}" "1033" "0"
Update for Microsoft Office 2016 (KB3114965) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{7A7783ED-1C2A-41A7-B264-E3E5E27D82AA}" "1033" "0"
Update for Microsoft Office 2016 (KB3114968) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{4049B5A4-5A41-42E9-9AA5-C141610193C3}" "1033" "0"
Update for Microsoft Office 2016 (KB3114968) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{4049B5A4-5A41-42E9-9AA5-C141610193C3}" "1033" "0"
Update for Microsoft Office 2016 (KB3114970) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{3CB7385E-CCCE-451D-9406-0C76C697AC91}" "1033" "0"
Update for Microsoft Office 2016 (KB3114970) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{3CB7385E-CCCE-451D-9406-0C76C697AC91}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft Office 2016 (KB3114971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-006E-0409-0000-0000000FF1CE}" "{F7A6F4CC-A81B-4A5B-9F59-4A26E6608562}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0409-1000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneDrive for Business (KB3114864) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-00BA-0409-0000-0000000FF1CE}" "{6CFF12AE-60DF-4CE1-A3BB-F0D0E4D1BCD1}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft OneNote 2016 (KB3114711) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-00A1-0409-0000-0000000FF1CE}" "{AFA17D43-2B01-4922-A23E-48CEE40C68AF}" "1033" "0"
Update for Microsoft Outlook 2016 (KB3114972) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{B55D2CDF-BD96-4997-B071-87530ACF600B}" "1033" "0"
Update for Microsoft Outlook 2016 (KB3114972) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001A-0409-0000-0000000FF1CE}" "{B55D2CDF-BD96-4997-B071-87530ACF600B}" "1033" "0"
Update for Microsoft PowerPoint 2016 (KB3114961) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{E9189AA9-3DA6-451F-A8C0-5CB439C1B681}" "1033" "0"
Update for Microsoft PowerPoint 2016 (KB3114961) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0018-0409-0000-0000000FF1CE}" "{E9189AA9-3DA6-451F-A8C0-5CB439C1B681}" "1033" "0"
Update for Microsoft Project 2016 (KB3114973) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{CDE1A23B-D9D6-4369-8C83-2AC39DABF641}" "1033" "0"
Update for Microsoft Project 2016 (KB3114973) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-002A-0000-1000-0000000FF1CE}" "{CDE1A23B-D9D6-4369-8C83-2AC39DABF641}" "1033" "0"
Update for Microsoft Visio 2016 (KB3114957) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{6AAC0DBB-9379-40E8-B2FA-D320C734772F}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-0011-0000-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001A-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-001B-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Microsoft Word 2016 (KB3114969) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Oarpmany.exe" /removereleaseinpatch "{90160000-012B-0409-0000-0000000FF1CE}" "{F2A93B04-64F1-4056-9011-23DFE38F9E16}" "1033" "0"
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}
UpdateAssistant-->MsiExec.exe /I{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}
Windows 10 Update Assistant-->"C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall
Windows Setup Remediations (x64) (KB4023057)-->%windir%\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\CustomSDB\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb"
WinRAR 5.71 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
VLC media player-->"C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"

======System event log======

Computer Name: DESKTOP-PTIL1G8
Event Code: 7034
Message: The Downloaded Maps Manager service terminated unexpectedly. It has done this 1 time(s).
Record Number: 46297
Source Name: Service Control Manager
Time Written: 20190428193629.484054-000
Event Type: Error
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 1014
Message: Name resolution for the name sls.update.microsoft.com timed out after none of the configured DNS servers responded.
Record Number: 46296
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20190428193450.977098-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: DESKTOP-PTIL1G8
Event Code: 10010
Message: The server {659CDEA7-489E-11D9-A9CD-000D56965251} did not register with DCOM within the required timeout.
Record Number: 46295
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20190428193302.817735-000
Event Type: Error
User: DESKTOP-PTIL1G8\Blanka

Computer Name: DESKTOP-PTIL1G8
Event Code: 137
Message: The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
Record Number: 46282
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20190426203132.430864-000
Event Type: Error
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 1014
Message: Name resolution for the name trouter-neu-b.trouter.skype.com timed out after none of the configured DNS servers responded.
Record Number: 46275
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20190426193136.939628-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: DESKTOP-PTIL1G8
Event Code: 8233
Message: The rules engine reported a failed VL activation attempt.
Reason:0xC004F074
AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
Trigger=NetworkAvailable
Record Number: 58270
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20191011082046.100498-000
Event Type: Warning
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 8233
Message: The rules engine reported a failed VL activation attempt.
Reason:0xC004F074
AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
Trigger=NetworkQuarantineRetry
Record Number: 58259
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20191011071939.611747-000
Event Type: Warning
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 8233
Message: The rules engine reported a failed VL activation attempt.
Reason:0xC004F074
AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
Trigger=NetworkAvailable
Record Number: 58253
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20191011071538.026201-000
Event Type: Warning
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 8233
Message: The rules engine reported a failed VL activation attempt.
Reason:0xC004F074
AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
Trigger=NetworkAvailable
Record Number: 58250
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20191011071430.650086-000
Event Type: Warning
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 8233
Message: The rules engine reported a failed VL activation attempt.
Reason:0xC004F074
AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
Trigger=UserLogon(3)
Record Number: 58245
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20191011071309.134579-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: DESKTOP-PTIL1G8
Event Code: 4798
Message: A user's local group membership was enumerated.

Subject:
Security ID: S-1-5-18
Account Name: DESKTOP-PTIL1G8$
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: S-1-5-21-1277944041-247540628-2599174466-500
Account Name: Administrator
Account Domain: DESKTOP-PTIL1G8

Process Information:
Process ID: 0xa7c
Process Name: C:\Windows\System32\svchost.exe
Record Number: 350164
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200305103751.879595-000
Event Type: Audit Success
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 4798
Message: A user's local group membership was enumerated.

Subject:
Security ID: S-1-5-18
Account Name: DESKTOP-PTIL1G8$
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: S-1-5-21-1277944041-247540628-2599174466-1001
Account Name: Blanka
Account Domain: DESKTOP-PTIL1G8

Process Information:
Process ID: 0xa7c
Process Name: C:\Windows\System32\svchost.exe
Record Number: 350163
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200305103751.833346-000
Event Type: Audit Success
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 4798
Message: A user's local group membership was enumerated.

Subject:
Security ID: S-1-5-18
Account Name: DESKTOP-PTIL1G8$
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: S-1-5-21-1277944041-247540628-2599174466-500
Account Name: Administrator
Account Domain: DESKTOP-PTIL1G8

Process Information:
Process ID: 0xa7c
Process Name: C:\Windows\System32\svchost.exe
Record Number: 350162
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200305103751.831754-000
Event Type: Audit Success
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 4798
Message: A user's local group membership was enumerated.

Subject:
Security ID: S-1-5-21-1277944041-247540628-2599174466-1001
Account Name: Blanka
Account Domain: DESKTOP-PTIL1G8
Logon ID: 0x48108

User:
Security ID: S-1-5-21-1277944041-247540628-2599174466-1001
Account Name: Blanka
Account Domain: DESKTOP-PTIL1G8

Process Information:
Process ID: 0x1410
Process Name: C:\Windows\explorer.exe
Record Number: 350161
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200305103750.382666-000
Event Type: Audit Success
User:

Computer Name: DESKTOP-PTIL1G8
Event Code: 4798
Message: A user's local group membership was enumerated.

Subject:
Security ID: S-1-5-18
Account Name: DESKTOP-PTIL1G8$
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: S-1-5-21-1277944041-247540628-2599174466-1001
Account Name: Blanka
Account Domain: DESKTOP-PTIL1G8

Process Information:
Process ID: 0xa7c
Process Name: C:\Windows\System32\svchost.exe
Record Number: 350160
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200305103747.066489-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118264
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: lapton zamrzava

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#4 Příspěvek od Blanka yahoo »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-09-2020
# Duration: 00:00:08
# OS: Windows 10 Enterprise
# Cleaned: 14
# Failed: 0


***** [ Services ] *****

Deleted Update service

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{38DF9F2C-353F-4027-8E08-543BD36E63C2}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{424907A8-5F15-4469-B50B-91E7BFB5B0CF}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7F8612C4-4895-4FC5-BC16-2753E9C45DFF}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{905E1AA9-733B-4D53-A20D-926FA41717E3}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ACF2DD15-D030-4C9B-B321-3E58DED388FE}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B5CF030C-F9F9-411E-BBEC-700ECD806C8E}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0A6EA12-05B4-4176-94C3-3B1F33D40E14}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F764C7AB-08B5-4EE8-835F-C97CE2DA4892}

***** [ Chromium (and derivatives) ] *****

Deleted EasyPDFCombine for Chrome - ekamneaohnpkfjaffmimdhgbpdablhbn
Deleted PDF Viewer & Converter by FromDocToPDF - pbneiecbhikjapoihjpemfmpaalkafkh
Deleted TelevisionFanatic - oahfdmfkjolpipiffmcnipnpjilkjnmd

***** [ Chromium URLs ] *****

Deleted Mysearchdial
Deleted Mysearchdial

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3011 octets] - [09/04/2020 00:04:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118264
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: lapton zamrzava

#5 Příspěvek od Rudy »

Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . RSIT v desítkách nepoužívejte, není s nimi kompatibilní.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#6 Příspěvek od Blanka yahoo »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2020
Ran by Blanka (administrator) on DESKTOP-PTIL1G8 (LENOVO 276731G) (14-04-2020 21:28:01)
Running from C:\Users\Blanka\Downloads
Loaded Profiles: Blanka (Available Profiles: defaultuser0 & Blanka)
Platform: Windows 10 Enterprise Version 1803 17134.1365 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\94.4.384\QtWebEngineProcess.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <41>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(IncognitoVPN) [File not signed] C:\Program Files (x86)\IncognitoVPN\vpn_module.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(LENOVO -> Lenovo.) C:\Windows\System32\LPlatSvc.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Blanka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(SAFEVATCH, TOV -> ) C:\Users\Blanka\AppData\Local\Programs\safe-watch\resources\app\swch_go_service\swch_go_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6287872 2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\Run: [Chromium] => "c:\users\blanka\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\Run: [Epson Stylus SX440] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [232448 2011-01-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\Run: [sws] => C:\Users\Blanka\AppData\Local\Programs\safe-watch\resources\app\swch_go_service\swch_go_service.exe [10179912 2019-12-05] (SAFEVATCH, TOV -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-07] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03EF3226-3F4C-46F1-A1ED-B163C22F0E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-12] (Google Inc -> Google Inc.)
Task: {1C7D3A8B-855C-4AF0-A057-27EDDA76B69E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2037B4CF-940E-4E83-9E04-2F941F0CA3F8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [1456128 2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2D063B98-5814-45DE-A053-DD904CC766DC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {5320BE3D-A52E-497F-B71E-030D30CD618F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {60206AA5-4B37-4038-A5DB-0196CB3DDB58} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7228D14A-2CEC-45F3-82A5-AC4D595D580C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-12] (Google Inc -> Google Inc.)
Task: {924F8B5F-D2C3-4EF7-BB92-FAD38FED21A9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB981858-661C-44B9-ADFB-7600AB1B6F63} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {AFA3714F-1862-4622-BE40-B251ECFA6C47} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {C50CA4BB-6C3F-4AEE-9E69-9E3E019959BE} - System32\Tasks\{9F6B30AA-AE1B-452D-BBB3-D0E87E60367C} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsBing
Task: {F0215F01-E1D6-4B58-B5F7-C67F8963912D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {F23A5C61-8B6A-4DDB-8654-C7F327859AAD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3325032 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
Task: {FF11BA9F-A107-4DF8-8356-26F6F78F30DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{21dca5ef-bcad-438f-8888-034e1de195e0}: [DhcpNameServer] 10.121.0.1
Tcpip\..\Interfaces\{91a4335c-fbc7-48eb-a805-120b82047198}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{e7710ad5-71dc-4b7e-a5ed-b7f8bf500e17}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2016-03-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: n5nzkabk.default
FF ProfilePath: C:\Users\Blanka\AppData\Roaming\Mozilla\Firefox\Profiles\n5nzkabk.default [2019-06-03]
FF SearchPlugin: C:\Users\Blanka\AppData\Roaming\Mozilla\Firefox\Profiles\n5nzkabk.default\searchplugins\bing search engine.xml [2017-02-10]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-08]
CHR Profile: C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-14]
CHR Notifications: Profile 1 -> hxxps://drive.google.com; hxxps://join.meet.msb.se; hxxps://meet.google.com; hxxps://www.techradar.com; hxxps://www.viry.cz
CHR HomePage: Profile 1 -> hxxps://my.idea.int/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html", Active:"chrome-extension://ibfhiehdjpogpbdcicjnphklppinghjj/index.html"
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (Slides) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-23]
CHR Extension: (Docs) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-23]
CHR Extension: (Google Drive) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-21]
CHR Extension: (YouTube) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-04]
CHR Extension: (EasyPDFCombine for Chrome) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ekamneaohnpkfjaffmimdhgbpdablhbn [2020-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Speed Dial 3™(APP)) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibfhiehdjpogpbdcicjnphklppinghjj [2018-09-14]
CHR Extension: (Speed Dial 2 New tab) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2019-10-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-04-07]
CHR Extension: (Yahoo Web) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njajpefejmjnhcddhaleakkcehiilppa [2018-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (TelevisionFanatic) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oahfdmfkjolpipiffmcnipnpjilkjnmd [2020-04-09]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbneiecbhikjapoihjpemfmpaalkafkh [2020-04-09]
CHR Extension: (Gmail) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-04]
CHR Profile: C:\Users\Blanka\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-03]
CHR HKU\S-1-5-21-1277944041-247540628-2599174466-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 IncognitoVPNSvc; C:\Program Files (x86)\IncognitoVPN\vpn_module.exe [221696 2019-11-28] (IncognitoVPN) [File not signed]
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-07-13] (LENOVO -> Lenovo.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5327376 2020-02-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6631256 2019-12-04] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [11922944 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [359936 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [492144 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459608 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 rismxdp; C:\WINDOWS\System32\drivers\rixdpx64.sys [55296 2006-11-18] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SrvHsfHDA; C:\WINDOWS\system32\DRIVERS\VSTAZL6.SYS [292864 2018-04-12] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\WINDOWS\system32\DRIVERS\VSTDPV6.SYS [1485312 2018-04-12] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\WINDOWS\system32\DRIVERS\VSTCNXT6.SYS [740864 2018-04-12] (Microsoft Windows -> Conexant Systems, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2014-11-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Tdsshbecr; C:\WINDOWS\System32\drivers\shbecr.sys [50176 2008-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Todos Data System AB)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-14 21:26 - 2020-04-14 21:30 - 000000000 ____D C:\FRST
2020-04-14 21:24 - 2020-04-14 21:25 - 002281472 _____ (Farbar) C:\Users\Blanka\Downloads\FRST64 (1).exe
2020-04-14 04:22 - 2020-04-14 04:23 - 000492144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-04-14 04:22 - 2020-04-14 04:22 - 000235696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1e232274530c2ba5.tmp
2020-04-14 04:22 - 2020-04-14 04:22 - 000175920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw40130ecff7f9d167.tmp
2020-04-14 04:22 - 2020-04-14 04:21 - 000337048 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-04-13 08:49 - 2020-04-12 23:48 - 000000000 ____D C:\Users\Blanka\Desktop\USB back up Jan 2018
2020-04-13 08:48 - 2020-04-13 08:48 - 000000226 _____ C:\Users\Blanka\Downloads\USB back up Jan 2018-20200413T064832Z-001.zip
2020-04-12 02:04 - 2020-04-12 02:04 - 001306001 _____ C:\Users\Blanka\Downloads\juliansmith_wch_yahoo_com.pdf
2020-04-12 01:59 - 2020-04-12 01:59 - 000283136 _____ C:\Users\Blanka\Downloads\juliansmith_wch@yahoo.com (1).xls
2020-04-12 01:50 - 2020-04-12 01:51 - 037698304 _____ (Diasend ) C:\Users\Blanka\Downloads\DiasendUploader_Patient_3.6.0_BuildR3g05 (2).exe
2020-04-11 15:20 - 2020-04-11 15:20 - 000353011 _____ C:\Users\Blanka\Downloads\HRAC and GCNH_UPR28_GHA_E_Main.pdf
2020-04-11 15:19 - 2020-04-11 15:20 - 000578753 _____ C:\Users\Blanka\Downloads\JS10_UPR28_GHA_E_Main.pdf
2020-04-09 08:11 - 2020-04-09 08:11 - 000000165 ____H C:\Users\Blanka\Downloads\~$Output log - GAAP .xlsx
2020-04-09 08:08 - 2020-04-09 08:08 - 000033140 _____ C:\Users\Blanka\Downloads\Output log - GAAP .xlsx
2020-04-09 00:03 - 2020-04-09 00:04 - 000000000 ____D C:\AdwCleaner
2020-04-09 00:02 - 2020-04-09 00:02 - 008196784 _____ (Malwarebytes) C:\Users\Blanka\Downloads\adwcleaner_8.0.4.exe
2020-04-08 14:25 - 2020-04-08 14:26 - 009924576 _____ C:\Users\Blanka\Downloads\drive-download-20200408T122459Z-001.zip
2020-04-07 21:03 - 2020-04-07 21:04 - 000000000 ____D C:\rsit
2020-04-07 21:02 - 2020-04-07 21:02 - 001222144 _____ C:\Users\Blanka\Downloads\RSITx64 (1).exe
2020-04-04 22:24 - 2020-04-04 22:24 - 003147135 _____ C:\Users\Blanka\Downloads\Julian Smith (2).pdf
2020-04-02 23:17 - 2020-04-02 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-02 09:12 - 2020-04-02 09:12 - 000343598 _____ C:\Users\Blanka\Downloads\THIRD OBJECTION FROM GRAEME PAGRAM (1).pdf
2020-04-02 06:22 - 2020-04-02 06:22 - 000303340 _____ C:\Users\Blanka\Downloads\FURTHER OBJECTION GRAEME PAGRAM (1).pdf
2020-04-01 14:20 - 2020-04-01 14:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-04-01 14:20 - 2020-04-01 14:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-04-01 14:20 - 2020-04-01 14:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-04-01 14:20 - 2020-04-01 14:20 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-04-01 09:38 - 2020-04-01 09:38 - 000126146 _____ C:\Users\Blanka\Downloads\Joint change initiative_IFRC_BDRCS_AmRC_Bangladesh (3).pdf
2020-04-01 09:31 - 2020-04-01 09:31 - 000126146 _____ C:\Users\Blanka\Downloads\Joint change initiative_IFRC_BDRCS_AmRC_Bangladesh (2).pdf
2020-03-31 09:50 - 2020-03-31 09:50 - 000001756 _____ C:\Users\Blanka\Downloads\invite.ics
2020-03-30 08:11 - 2020-03-30 08:11 - 000343598 _____ C:\Users\Blanka\Downloads\THIRD OBJECTION FROM GRAEME PAGRAM.pdf
2020-03-30 08:07 - 2020-03-30 08:07 - 000303340 _____ C:\Users\Blanka\Downloads\FURTHER OBJECTION GRAEME PAGRAM.pdf
2020-03-30 08:02 - 2020-03-30 08:02 - 000050166 _____ C:\Users\Blanka\Downloads\OBJECTION GRAEME PAGRAM (2).pdf
2020-03-30 08:01 - 2020-03-30 08:01 - 000050166 _____ C:\Users\Blanka\Downloads\OBJECTION GRAEME PAGRAM.pdf
2020-03-30 08:01 - 2020-03-30 08:01 - 000050166 _____ C:\Users\Blanka\Downloads\OBJECTION GRAEME PAGRAM (1).pdf
2020-03-29 15:25 - 2020-03-29 15:25 - 000022572 _____ C:\Users\Blanka\Downloads\abbrev_RFSU.xlsx
2020-03-28 00:48 - 2020-03-28 00:48 - 057780608 _____ (Popcorn Time ) C:\Users\Blanka\Downloads\PopcornTime-latest (3).exe
2020-03-28 00:48 - 2020-03-28 00:48 - 057780608 _____ (Popcorn Time ) C:\Users\Blanka\Downloads\PopcornTime-latest (2).exe
2020-03-26 17:54 - 2020-03-26 17:54 - 000055296 _____ C:\Users\Blanka\Downloads\Network challanges and solutions (annual meeting 2019).pptx
2020-03-26 17:53 - 2020-03-26 17:53 - 000004669 _____ C:\Users\Blanka\Downloads\Network challanges and solutions (annual meeting 2019).txt
2020-03-26 09:54 - 2020-03-26 09:54 - 000183924 _____ C:\Users\Blanka\Downloads\drive-download-20200326T075446Z-001.zip
2020-03-26 09:52 - 2020-03-26 09:52 - 001187010 _____ C:\Users\Blanka\Downloads\drive-download-20200326T075201Z-001.zip
2020-03-26 09:50 - 2020-03-26 09:51 - 001288408 _____ (Google LLC) C:\Users\Blanka\Downloads\installbackupandsync.exe
2020-03-25 16:52 - 2020-03-25 16:52 - 000006986 _____ C:\Users\Blanka\Downloads\MinaAktuellaRecept_20200325.pdf
2020-03-25 16:52 - 2020-03-25 16:52 - 000006986 _____ C:\Users\Blanka\Downloads\MinaAktuellaRecept_20200325 (2).pdf
2020-03-25 16:52 - 2020-03-25 16:52 - 000006986 _____ C:\Users\Blanka\Downloads\MinaAktuellaRecept_20200325 (1).pdf
2020-03-25 13:03 - 2020-03-25 13:03 - 000126146 _____ C:\Users\Blanka\Downloads\Joint change initiative_IFRC_BDRCS_AmRC_Bangladesh (1).pdf
2020-03-25 13:02 - 2020-03-25 13:02 - 000126146 _____ C:\Users\Blanka\Downloads\Joint change initiative_IFRC_BDRCS_AmRC_Bangladesh.pdf
2020-03-24 19:23 - 2020-03-24 19:23 - 000181521 _____ C:\Users\Blanka\Downloads\Theory-of-Change-English.pdf
2020-03-21 15:48 - 2020-03-21 15:48 - 000099106 _____ C:\Users\Blanka\Downloads\kimathi (2).pdf
2020-03-21 15:46 - 2020-03-21 15:46 - 000099106 _____ C:\Users\Blanka\Downloads\kimathi (1).pdf
2020-03-21 15:44 - 2020-03-21 15:44 - 000099106 _____ C:\Users\Blanka\Downloads\kimathi.pdf
2020-03-19 23:03 - 2020-03-19 23:03 - 000395808 _____ C:\Users\Blanka\Downloads\Mentor introduction webinar cycle 2 (2).pdf
2020-03-19 23:03 - 2020-03-19 23:03 - 000395808 _____ C:\Users\Blanka\Downloads\Mentor introduction webinar cycle 2 (1).pdf
2020-03-19 16:33 - 2020-03-19 16:33 - 000032881 _____ C:\Users\Blanka\Downloads\TEMPLATE Timre report.xlsx
2020-03-19 16:29 - 2020-03-19 16:29 - 000395808 _____ C:\Users\Blanka\Downloads\Mentor introduction webinar cycle 2.pdf
2020-03-18 18:37 - 2020-03-18 18:37 - 000189995 _____ C:\Users\Blanka\Downloads\Consultancy with RFSU on evaluation of GAAP F skatt 200317 (1).docx.pdf
2020-03-18 18:37 - 2020-03-18 18:37 - 000189995 _____ C:\Users\Blanka\Downloads\Consultancy with RFSU on evaluation of GAAP F skatt 200317 (1).docx (2).pdf
2020-03-18 18:37 - 2020-03-18 18:37 - 000189995 _____ C:\Users\Blanka\Downloads\Consultancy with RFSU on evaluation of GAAP F skatt 200317 (1).docx (1).pdf
2020-03-15 22:17 - 2020-03-15 22:18 - 009636209 _____ C:\Users\Blanka\Downloads\Documentation -20200315T201743Z-001.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-14 21:31 - 2019-09-11 21:50 - 000022466 _____ C:\Users\Blanka\Downloads\FRST.txt
2020-04-14 21:29 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-14 21:28 - 2018-05-18 10:20 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{9C3CF3D4-8B96-4A36-BDBF-41B92104DE8C}
2020-04-14 21:19 - 2018-05-18 09:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-14 15:45 - 2019-10-07 23:38 - 000003444 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-14 15:45 - 2019-10-07 23:38 - 000003220 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-14 15:45 - 2019-06-14 04:25 - 000003550 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-04-14 15:45 - 2019-06-14 04:25 - 000003326 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-04-14 15:45 - 2019-06-14 04:25 - 000001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-04-14 15:45 - 2019-06-14 04:25 - 000001032 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-04-14 15:45 - 2019-06-07 10:57 - 000002244 _____ C:\WINDOWS\system32\Tasks\{9F6B30AA-AE1B-452D-BBB3-D0E87E60367C}
2020-04-14 15:45 - 2018-10-29 12:06 - 000003762 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-14 15:45 - 2018-10-29 12:06 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-04-14 15:45 - 2018-05-18 10:20 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-04-14 15:45 - 2018-05-18 10:20 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1277944041-247540628-2599174466-1001
2020-04-14 15:45 - 2018-05-18 10:20 - 000002234 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2020-04-14 15:45 - 2018-05-18 10:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-04-14 15:05 - 2018-06-20 18:26 - 000000000 ____D C:\Users\Blanka\Desktop\Porepunkah
2020-04-14 14:21 - 2019-03-01 15:42 - 000000000 ____D C:\WINDOWS\Minidump
2020-04-14 11:29 - 2018-02-23 15:02 - 000000000 ____D C:\Users\Blanka\AppData\Local\Packages
2020-04-14 09:38 - 2017-09-22 15:30 - 000000000 ____D C:\Users\Blanka\AppData\Local\CrashDumps
2020-04-14 09:34 - 2018-07-11 21:07 - 000000000 ____D C:\Users\Blanka\AppData\Local\AVAST Software
2020-04-14 09:33 - 2016-09-04 21:25 - 000000000 ___RD C:\Users\Blanka\OneDrive
2020-04-14 09:31 - 2018-05-18 09:52 - 000000000 ____D C:\Users\Blanka
2020-04-14 04:23 - 2018-05-18 10:20 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-04-14 04:22 - 2018-10-15 18:10 - 000042984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-04-14 04:22 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-14 04:22 - 2018-03-02 19:02 - 000459608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-04-14 04:22 - 2018-03-02 19:02 - 000317280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-04-14 04:22 - 2018-03-02 19:02 - 000109480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-04-14 04:22 - 2018-03-02 19:02 - 000085056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-04-14 04:21 - 2019-01-17 10:30 - 000234776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-04-14 04:21 - 2019-01-17 07:05 - 000178968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-04-14 04:21 - 2019-01-17 07:05 - 000060696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-04-14 04:21 - 2019-01-17 07:05 - 000037856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-04-14 04:21 - 2018-03-02 19:02 - 000851808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-04-14 04:21 - 2018-03-02 19:02 - 000206120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-04-14 04:18 - 2020-03-02 20:09 - 000002076 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-04-14 04:18 - 2020-03-02 20:09 - 000002076 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-04-14 04:18 - 2018-03-02 19:35 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-04-14 04:16 - 2018-05-18 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-14 04:10 - 2019-06-07 10:04 - 000000000 _____ C:\WINDOWS\system32\last.dump
2020-04-14 01:08 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-13 11:12 - 2016-09-12 19:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-12 11:09 - 2019-09-13 21:23 - 000000000 ___HD C:\OneDriveTemp
2020-04-12 11:02 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-12 02:14 - 2020-02-09 19:24 - 000000000 ____D C:\Users\Blanka\Documents\Health
2020-04-11 10:21 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-10 21:54 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-09 18:37 - 2018-03-02 19:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-09 18:37 - 2016-09-04 22:24 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-09 14:38 - 2018-05-18 09:52 - 000000000 ____D C:\Users\defaultuser0
2020-04-09 12:18 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-07 21:28 - 2016-09-12 19:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-07 21:03 - 2018-03-14 23:55 - 000000000 ____D C:\Program Files\trend micro
2020-04-03 11:21 - 2017-02-15 23:09 - 000000000 ____D C:\Users\Blanka\Documents\AA Julian's IGAD work
2020-04-03 11:19 - 2016-09-12 22:22 - 000000000 ____D C:\Users\Blanka\AppData\Roaming\vlc
2020-04-02 23:22 - 2019-06-14 04:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-03-31 08:33 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2020-03-29 21:43 - 2018-05-18 10:05 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-28 00:47 - 2020-03-05 13:39 - 000000000 ____D C:\Users\Blanka\Downloads\PopcornTime
2020-03-22 23:12 - 2019-03-27 16:43 - 000000000 ____D C:\Users\Blanka\Documents\AAAAA jobs 2019
2020-03-20 11:38 - 2018-05-18 09:52 - 000002366 _____ C:\Users\Blanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-19 10:01 - 2019-11-17 01:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2017-12-12 17:50 - 2017-12-12 17:50 - 000001402 _____ () C:\Users\Blanka\AppData\Roaming\fire.txt
2017-12-17 18:55 - 2017-12-17 18:55 - 000001492 _____ () C:\Users\Blanka\AppData\Roaming\uni.txt
2016-09-17 01:22 - 2017-05-25 00:24 - 000000359 _____ () C:\Users\Blanka\AppData\Roaming\WB.CFG
2018-10-15 22:22 - 2018-10-15 22:22 - 000370756 _____ () C:\Users\Blanka\AppData\Local\ars.cache
2018-10-15 21:18 - 2018-10-15 21:18 - 000000036 _____ () C:\Users\Blanka\AppData\Local\housecall.guid.cache
2018-10-15 21:27 - 2018-10-15 21:27 - 000000010 _____ () C:\Users\Blanka\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#7 Příspěvek od Blanka yahoo »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2020
Ran by Blanka (14-04-2020 21:34:51)
Running from C:\Users\Blanka\Downloads
Windows 10 Enterprise Version 1803 17134.1365 (X64) (2018-05-18 08:22:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1277944041-247540628-2599174466-500 - Administrator - Disabled)
Blanka (S-1-5-21-1277944041-247540628-2599174466-1001 - Administrator - Enabled) => C:\Users\Blanka
DefaultAccount (S-1-5-21-1277944041-247540628-2599174466-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1277944041-247540628-2599174466-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1277944041-247540628-2599174466-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1277944041-247540628-2599174466-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
BankID säkerhetsprogram (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.6.1.4 - Finansiell ID-Teknik BID AB)
diasend® Uploader version 3.6.0_BuildR3g05 (HKLM\...\{59A10021-5C7B-4C63-BB15-FAA9C04F8B26}_is1) (Version: 3.6.0_BuildR3g05 - Diasend)
DMG Extractor (HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\DMG Extractor) (Version: 1.3.15.0 - Reincubate Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 94.4.384 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
Handelsbanken card reader (HKLM-x32\...\{1E08E4C7-69F9-4723-B05B-4FABEDF29AC2}) (Version: 1.00.0000 - Todos Data System AB)
Handelsbanken kortläsare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IncognitoVPN (HKLM-x32\...\{DEB67CBD-66D0-45C8-B487-8B61289722DB}_is1) (Version: 1.0.1.10 - IncognitoVPN)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.14 - Lenovo) Hidden
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.2.1.14 - Popcorn Time) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Safe Watch (HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\11b9ea7a-35e8-5cfb-8216-8caab4be266f) (Version: 1.1.18 - )
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamViewer 10 Host (HKLM-x32\...\TeamViewer) (Version: 10.0.223995 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-1277944041-247540628-2599174466-1001\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)

Packages:
=========
AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2018-04-07] (AccuWeather) [MS Ad]
Duolingo - Learn Languages for Free -> C:\Program Files\WindowsApps\D5EA27B7.Duolingo-LearnLanguagesforFree_2017.112.1.0_x64__yx6k7tf7xvsea [2018-02-28] (Duolingo Inc.)
Mediemotortillägg för Foton -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
MSN Väder -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Pixel Art - Sandbox Number Coloring Book - Color by Number -> C:\Program Files\WindowsApps\64126VectorLabsGames.PixelArt-SandboxNumberColorin_1.2.0.0_x64__5tjg2f4cynanc [2020-01-23] (Vector Labs Games) [MS Ad]
Tillägg för Foton -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-13] (Microsoft Corporation)
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.7.0_x64__6bhtb546zcxnj [2019-09-20] (TuneIn) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1277944041-247540628-2599174466-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Blanka\Dropbox [2019-06-14 04:33]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Blanka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2020-03-05 13:31 - 2016-09-25 08:09 - 001012224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\IncognitoVPN\platforms\qwindows.dll
2020-03-05 13:31 - 2019-01-14 22:25 - 004679168 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\IncognitoVPN\Qt5Core.dll
2020-03-05 13:31 - 2016-09-25 08:02 - 005026816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\IncognitoVPN\Qt5Gui.dll
2020-03-05 13:31 - 2016-09-25 08:00 - 000855040 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\IncognitoVPN\Qt5Network.dll
2020-03-05 13:31 - 2016-09-25 08:06 - 004480512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\IncognitoVPN\Qt5Widgets.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Blanka\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2019-12-23 13:04 - 000000045 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2019-05-21 14:25 - 2019-05-21 14:25 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1277944041-247540628-2599174466-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Blanka\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1881.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0DD729D0-AA95-4885-9B88-515CDEB18B66}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{509712F5-4A3A-4AD0-8890-52BAC9E91A13}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DEC6C190-9C6F-492C-8A39-61A303CEED48}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1998E4A-A529-42DB-81D1-C577BC9A6C2F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{24E67087-F701-47C3-8EB1-989B7FF2CB75}] => (Allow) C:\Users\Blanka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AB32AC53-F013-4857-BCF4-4C01B5A19230}] => (Allow) C:\Users\Blanka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{284FA728-1ECC-4F2B-B68E-DCA741E6EF04}] => (Allow) C:\Users\Blanka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F6872277-1AE3-4E1A-9291-BF650DB2FA13}] => (Allow) C:\Users\Blanka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{96E360B6-D283-4D66-9499-65DB15F9F043}] => (Allow) C:\Users\Blanka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CBDBBDA1-3B80-4188-96EB-D0575A418CCD}] => (Allow) C:\Users\Blanka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D7BE0D29-3CDC-414B-A8D8-BA860845198A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC3C07D2-B26A-4A04-80B6-C3BF552A4AA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6854990-A521-43E0-A416-50B4E1B3B624}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{54EE8FF5-83DE-4FF1-A9D4-0D79F9ACBE92}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF89EE8E-A0BB-436C-9EB1-AFB68A0F419F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DFDEEB7C-C63C-4149-8909-775AE079FB74}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{155D6AD8-6E74-4AC7-9A7E-35E8D4E3A577}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{65F90A8E-DAF1-4D4D-ABCD-90E4209BB9FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B4EE2156-E01F-4E12-810A-D6B205625210}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{595A99B8-322D-4DE1-B94F-A1652228188F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6F5ED606-47E5-482E-B031-D9221908B9AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{89B901D0-41B6-477C-979E-73F59E26E8C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1A3CD880-698B-4079-B54B-5457DC1470F5}] => (Allow) C:\Program Files (x86)\IncognitoVPN\vpn_module.exe (IncognitoVPN) [File not signed]
FirewallRules: [{10FE243F-402B-4929-9EAB-3E7CAA0F77EE}] => (Allow) C:\Program Files (x86)\IncognitoVPN\vpn_module.exe (IncognitoVPN) [File not signed]
FirewallRules: [{1E60118B-2208-4708-AB51-C9746F1C660D}] => (Allow) C:\Program Files (x86)\IncognitoVPN\openvpn.exe (ANONYMOUS VPN CONNECTIONS LTD -> The OpenVPN Project) [File not signed]
FirewallRules: [{8F6394EA-3670-4C6F-B420-B2E11C949327}] => (Allow) C:\Program Files (x86)\IncognitoVPN\openvpn.exe (ANONYMOUS VPN CONNECTIONS LTD -> The OpenVPN Project) [File not signed]
FirewallRules: [{2F378508-2BB9-4BF9-8FB0-799C45A32A57}] => (Allow) C:\Users\Blanka\AppData\Local\Programs\safe-watch\safe-watch.exe (SAFEVATCH, TOV -> GitHub, Inc.)
FirewallRules: [{DB307A4C-CF65-43AE-AF3F-C1842FF19B80}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{455DB408-622A-4D64-9D18-4A432E57D725}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

19-03-2020 22:26:08 Scheduled Checkpoint
29-03-2020 17:43:44 Scheduled Checkpoint
05-04-2020 20:06:28 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/14/2020 09:38:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LocalBridge.exe, version: 18.2002.1101.0, time stamp: 0x5e420193
Faulting module name: appbridge.dll, version: 0.0.0.0, time stamp: 0x5e420191
Exception code: 0xc0000005
Fault offset: 0x0000000000032c9d
Faulting process id: 0x734
Faulting application start time: 0x01d6122f8074e5c6
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\appbridge.dll
Report Id: 28fec482-c0f5-4407-bde4-a1595bfaa025
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (04/14/2020 09:38:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LocalBridge.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at MyOffice.NativeMethods.GetInstalledOfficeSuiteDetails(UInt32, System.Text.StringBuilder, Int32 ByRef)
at MyOffice.NativeHelper.ExecuteForStringResult(System.String, StringFunction)
at MyOffice.LocalProviders+<>c__DisplayClass7_0.<GetOfficeInstallationDetailsEx>b__0()
at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InnerInvoke()
at System.Threading.Tasks.Task.Execute()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
at System.Threading.Tasks.Task.ExecuteEntry(Boolean)
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/13/2020 08:50:51 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LocalBridge.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at MyOffice.NativeMethods.GetInstalledOfficeSuiteDetails(UInt32, System.Text.StringBuilder, Int32 ByRef)
at MyOffice.NativeHelper.ExecuteForStringResult(System.String, StringFunction)
at MyOffice.LocalProviders+<>c__DisplayClass7_0.<GetOfficeInstallationDetailsEx>b__0()
at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InnerInvoke()
at System.Threading.Tasks.Task.Execute()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
at System.Threading.Tasks.Task.ExecuteEntry(Boolean)
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/12/2020 01:54:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.17134.1276, time stamp: 0xf598dc78
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x8400000e
Fault offset: 0x0000000000000000
Faulting process id: 0x2ad0
Faulting application start time: 0x01d6105c6c3fd55a
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: unknown
Report Id: 6a9dc3bd-3b9e-4ad2-9902-4eea7319005a
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2020 12:18:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LocalBridge.exe, version: 18.2002.1101.0, time stamp: 0x5e420193
Faulting module name: appbridge.dll, version: 0.0.0.0, time stamp: 0x5e420191
Exception code: 0xc0000005
Fault offset: 0x0000000000032c9d
Faulting process id: 0x3484
Faulting application start time: 0x01d60f85f770fa4b
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\appbridge.dll
Report Id: 3d2d2ae3-a650-40b3-821f-63a6ac573ce9
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (04/11/2020 12:18:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LocalBridge.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at MyOffice.NativeMethods.GetInstalledOfficeSuiteDetails(UInt32, System.Text.StringBuilder, Int32 ByRef)
at MyOffice.NativeHelper.ExecuteForStringResult(System.String, StringFunction)
at MyOffice.LocalProviders+<>c__DisplayClass7_0.<GetOfficeInstallationDetailsEx>b__0()
at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InnerInvoke()
at System.Threading.Tasks.Task.Execute()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
at System.Threading.Tasks.Task.ExecuteEntry(Boolean)
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/08/2020 09:03:02 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (04/08/2020 09:03:02 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected


System errors:
=============
Error: (04/14/2020 09:32:29 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/14/2020 09:32:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/14/2020 09:19:30 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/14/2020 06:27:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/14/2020 05:29:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service.

Error: (04/14/2020 05:29:15 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/14/2020 05:22:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/14/2020 09:45:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2020-02-26 14:33:44.095
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {89D6C943-2BF5-4E2F-86BD-98015744BBDC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-26 13:38:13.679
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {14801AB1-8878-48DE-AF50-D9A870B1A337}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-21 17:29:29.155
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {34D7D358-CA79-4FE2-BAA6-795A9DAB820C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-06 12:09:03.668
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {52DF0899-91C1-4B41-9344-68EFB00E7B3F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-30 12:39:43.314
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B91B2206-9E6E-4D28-9D3A-2D1EC5FD26E0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-05 10:31:45.743
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-03-02 19:12:47.029
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-02-22 22:20:48.531
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.1402.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-02-22 22:20:48.527
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.1402.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-02-10 08:49:12.656
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.675.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===================================

Date: 2020-04-14 21:28:47.189
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:28:47.183
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:24:06.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:24:05.893
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:23:58.169
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:23:58.168
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:23:58.165
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-14 21:23:57.870
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 7UET66WW (2.16 ) 04/22/2009
Motherboard: LENOVO 276731G
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 3992.02 MB
Available physical RAM: 827.01 MB
Total Virtual: 7832.02 MB
Available Virtual: 1037.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.56 GB) (Free:79.43 GB) NTFS

\\?\Volume{250e625e-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 250E625E)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118264
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: lapton zamrzava

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {03EF3226-3F4C-46F1-A1ED-B163C22F0E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-12] (Google Inc -> Google Inc.)
Task: {7228D14A-2CEC-45F3-82A5-AC4D595D580C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-12] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\{9F6B30AA-AE1B-452D-BBB3-D0E87E60367C}

EmptyTemp:
End
Uložte do C:\Users\Blanka\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#9 Příspěvek od Blanka yahoo »

omlouvam se za pozdni odpoved... zde je log...

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Blanka (18-05-2020 22:03:25) Run:1
Running from C:\Users\Blanka\Downloads
Loaded Profiles: Blanka
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {03EF3226-3F4C-46F1-A1ED-B163C22F0E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-12] (Google Inc -> Google Inc.)
Task: {7228D14A-2CEC-45F3-82A5-AC4D595D580C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-12] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\{9F6B30AA-AE1B-452D-BBB3-D0E87E60367C}

EmptyTemp:
End
*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03EF3226-3F4C-46F1-A1ED-B163C22F0E08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03EF3226-3F4C-46F1-A1ED-B163C22F0E08}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7228D14A-2CEC-45F3-82A5-AC4D595D580C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7228D14A-2CEC-45F3-82A5-AC4D595D580C}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\WINDOWS\system32\Tasks\{9F6B30AA-AE1B-452D-BBB3-D0E87E60367C} => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78604659 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 540904 B
Edge => 1441436 B
Chrome => 1176023030 B
Firefox => 122363661 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 658894 B
NetworkService => 888596 B
defaultuser0 => 888596 B
Blanka => 139635886 B

RecycleBin => 261396393 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:17:18 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118264
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: lapton zamrzava

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#11 Příspěvek od Blanka yahoo »

je to lepsi, ale web stranky se oteviraji velice pomalu, mozna to neni virus, ale treba malo interni pameti? dekuji za radu...
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118264
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: lapton zamrzava

#12 Příspěvek od Rudy »

4GB je pro Win 10 dost. Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#13 Příspěvek od Blanka yahoo »

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Blanka on 2020-05-19 at 23:00:21,71.
Microsoft Windows 10 Enterprise 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Blanka\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 23:04:32,51 =====

--- Create Environment Variables 23:04:35,84
--- Create System Restore Point 23:12:26,04
--- Checking Input 23:13:16,78
--- Reset Hosts File 23:14:45,03
--- AU AppData Check 23:14:46,79
--- Remove From Windows Installer 23:14:52,06
--- Empty Folders Check 23:17:57,91
--- Registry HKLM Software Check 23:17:58,03
--- Quick Launch Shortcut Check 23:18:46,81
--- IE Startpage Check 23:19:02,29
--- Program Files DB Check 23:19:52,62
--- C:\Users\Blanka\AppData\Roaming DB Check 23:21:43,01
--- C:\Users\Default\AppData\Roaming DB Check 23:21:43,01
--- C:\Users\Default User\AppData\Roaming DB Check 23:21:43,01
--- C:\Users\defaultuser0\AppData\Roaming DB Check 23:21:43,01
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check 23:21:43,01
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check 23:21:43,01
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check 23:21:43,01
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check 23:21:43,01
--- C:\Users\Blanka DB Check 23:28:00,33
--- C:\PROGRA~3 DB Check 23:28:47,84
--- C:\Users\Blanka\AppData\Local DB Check 23:29:57,75
--- C:\Users\Default\AppData\Local DB Check 23:29:57,75
--- C:\Users\Default User\AppData\Local DB Check 23:29:57,75
--- C:\Users\defaultuser0\AppData\Local DB Check 23:29:57,75
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 23:29:57,75
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 23:29:57,75
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 23:29:57,75
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 23:29:57,75
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 23:34:13,39
--- C:\Users\Blanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 23:34:37,36
--- Tasks DB Check 23:34:52,66
--- Downloads DB Check 23:35:02,84
--- C:\Users\Blanka\AppData\LocalLow DB Check 23:35:12,79
--- C:\Users\defaultuser0\AppData\LocalLow DB Check 23:35:12,79
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 23:35:12,79
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 23:35:12,79
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check 23:35:12,79
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 23:35:12,79
--- Tasks2 DB Check 23:37:25,49
--- Documents DB Check 23:38:41,71
--- C:\Users\Public\Desktop DB Check 23:39:02,74
--- C:\Users\Blanka\Desktop DB Check 23:39:16,94
--- Services DB Check 23:39:37,48
--- FF prefs.js DB Check 23:40:39,18
--- Emptyclsid 23:40:41,59
--- Del by CLSID 23:40:46,55
--- Delete Services 23:42:01,13
--- Delete files\folders 23:42:06,28
--- Create Backups 23:42:06,66
--- Firefox Extensions 23:42:39,03
Nahoru
Blanka yahoo
Návštěvník
Návštěvník
Příspěvky: 343
Registrován: 02 úno 2006 13:03

Re: lapton zamrzava

#14 Příspěvek od Blanka yahoo »

Zoek porad rika, ze bezi a nerestartoval se laptop, na stranu druhou v of 23:45 se do logu jiz nic nepripsalo, mam to nehcat bezet nebo mam sama restartovat laptop? jak dlouho zoek ma bezet? dekuji, Blanka
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15215
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: lapton zamrzava

#15 Příspěvek od JaRon »

ahoj,
jedorazovo zaskocim:
restartuj to - zoek sa obcas zacykli ,,, nemal by bezat dlhsie ako 2 hodiny
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“