Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

prosím o kontrolu logu

#1 Příspěvek od Eddydye »

Zdravím prosím o kontrolu logu z RSIT, bohužel z FRST mi vyskočí prázdné poznámkový blok.
CPU neustále vytíženo na 100% ikdyž není nic spuštěné, windows přeinstalovaný.
Děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lenovo at 2021-05-27 19:26:52
Microsoft Windows 10 Home
System drive C: has 897 GB (94%) free of 953 GB
Total RAM: 7056 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:04, on 27.05.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)
Boot mode: Normal

Running processes:
C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011\bittorrentie.exe
C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011\bittorrentie.exe
C:\Users\Lenovo\AppData\Roaming\BitTorrent\helper\helper.exe
C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
C:\Program Files\trend micro\Lenovo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 21.052.0314.0001] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\21.052.0314.0001"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0346112.inf_amd64_3ee723850dc00744\B345643\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Avast Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Avast Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\Avast Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_5a446 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @oem64.inf,%ServiceDisplayName%;Dolby DAX API Service (DolbyDAXAPI) - Unknown owner - C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Fortemedia APO Control Service (FMAPOService) - Unknown owner - C:\WINDOWS\System32\FMService64.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\90.0.4430.212\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem8.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @oem63.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\WINDOWS\RtkBtManServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spy Emergency Health Check (SpyEmrgHealth) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: @oem4.inf,%SynTPEnhService.SVCDESC%;SynTPEnhService (SynTPEnhService) - Unknown owner - C:\WINDOWS\System32\SynTPEnhService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10211 bytes

======Listing Processes======








winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-20141e80-41fa-42e8-8fa0-b85d54a12c42 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f9dae79e-5dc9-4414-a00f-460e3c30abbe -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-1cdd97ec-ad07-434a-80c5-c0d358ce98a1 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cd5bff8e-99e1-4d86-a685-923a7baeb0e4 -LifetimeId:7fcf95f9-ca0d-4602-8a6c-2efdd86d384b -DeviceGroupId: -HostArg:0
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -s BTAGService
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s bthserv
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\WINDOWS\System32\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s nsi
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s netprofm
C:\WINDOWS\System32\DriverStore\FileRepository\u0346112.inf_amd64_3ee723850dc00744\B345643\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Themes

atieclxx
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s SENS

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s FontCache
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s ShellHWDetection

"C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\system32\svchost.exe -k netsvcs -s CertPropSvc
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\WINDOWS\RtkBtManServ.exe
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe"
C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe
C:\WINDOWS\System32\FMService64.exe
"C:\WINDOWS\System32\RtkAudUService64.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
DAX3API.exe -capturestream
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
sihost.exe
C:\WINDOWS\system32\svchost.exe -k BthAppGroup -p -s BluetoothUserService
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\WINDOWS\System32\SynTPEnh.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
"ctfmon.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Avast Software\Avast\aswEngSrv.exe" /pipename="C80171AD-1ACD-5BD0-9902-61D8254192AD" /binpath="C:\Program Files\Avast Software\Avast" /logpath="C:\ProgramData\Avast Software\Avast\log"
C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\SecurityHealthSystray.exe"
"C:\Windows\System32\RtkAudUService64.exe" -background
AvastUI.exe /nogui

"C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe"
"C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=75.0.3969.218 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x12267f8,0x1226808,0x1226814
"C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe" /LOGON
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe"
"C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe"
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s LicenseManager
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
"C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc


C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=7560,9419596831800414609,18098507119325095363,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Lenovo\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (21.3.2459)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=MAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Lenovo\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=6800 /prefetch:2
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=7560,9419596831800414609,18098507119325095363,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --force-wave-audio --log-file="C:\Users\Lenovo\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (21.3.2459)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Lenovo\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=4724 /prefetch:8
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s seclogon
"C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj\RtkUWP.exe" -ServerName:App.AppX2vzv616czv2j97f46vn25b5ksjvhr8z1.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup -s WbioSrvc
"C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe" /RELOCATED
"C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011\bittorrentie.exe" BitTorrent_15100_00C7C1A8_682792864 BT4823DF041B09 BitTorrent
"C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011\bittorrentie.exe" BitTorrent_15100_00C7BEB0_610454571 BT4823DF041B09 BitTorrent
"C:\Users\Lenovo\AppData\Roaming\BitTorrent\helper\helper.exe" 40205 --hval 2aJ5sdOpGWOFkMpp -- -pid 15100 -version 46011

taskhostw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe"
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.985_none_e72c6fe7263b0fe4\TiWorker.exe -Embedding

"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.110.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
/updateInstalled /background
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
-name a663f0db-837c-4a9f-ac03-cc2a413e56f1 -runas -pluginName DolbyAudioPlugin -pluginVersion 1.2.239.23
-name 0923f30e-5bd6-446d-b9d7-d4cab307b94a -runas -pluginName GenericMessagingPlugin -pluginVersion 3.1.0.164
-name 48ab7e36-6d9d-42fa-8ecf-365ca2536d8e -runas -pluginName LenovoWiFiSecurityPlugin -pluginVersion 2.1.0.68
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x480
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files\Google\Chrome\Application\chrome.exe"
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=90.0.4430.212 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff95192920,0x7fff95192930,0x7fff95192940
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --service-sandbox-type=none --mojo-platform-channel-handle=1912 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
"C:\WINDOWS\System32\Taskmgr.exe" /2


"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe26_ Global\UsGthrCtrlFltPipeMssGthrPipe26 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 808 812 820 8192 816 792
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1856,4158703881857813021,15719141951827568195,131072 --lang=cs --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
"C:\Users\Lenovo\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho_64.dll [2021-05-20 550808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho.dll [2021-05-20 410008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2019-12-07 86016]
"RtkAudUService"=C:\WINDOWS\System32\RtkAudUService64.exe [2020-03-24 1076728]
"AvastUI.exe"=C:\Program Files\Avast Software\Avast\AvLaunch.exe [2021-04-21 118496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2021-05-24 1972088]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2019-11-16 3292872]
"BitTorrent"=C:\Users\Lenovo\AppData\Roaming\BitTorrent\BitTorrent.exe [2021-05-22 2135080]
"Opera Browser Assistant"=C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2021-04-20 3369112]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2021-04-21 408920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Delete Cached Update Binary"=C:\WINDOWS\system32\cmd.exe [2021-01-15 289792]
"Delete Cached Standalone Update Binary"=C:\WINDOWS\system32\cmd.exe [2021-01-15 289792]
"Uninstall 21.052.0314.0001"=C:\WINDOWS\system32\cmd.exe [2021-01-15 289792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aswSP.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableLUA"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"FilterAdministratorToken"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"aux1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.inf - install -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2021-05-27 19:26:53 ----D---- C:\Program Files\trend micro
2021-05-27 19:26:52 ----D---- C:\rsit
2021-05-27 18:51:03 ----HD---- C:\$AV_ASW
2021-05-27 18:01:27 ----D---- C:\FRST
2021-05-22 19:19:53 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2021-05-22 19:19:50 ----A---- C:\WINDOWS\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2021-05-27 19:26:53 ----RD---- C:\Program Files
2021-05-27 19:25:07 ----D---- C:\Users\Lenovo\AppData\Roaming\BitTorrent
2021-05-27 19:23:28 ----D---- C:\WINDOWS\Temp
2021-05-27 19:13:18 ----D---- C:\WINDOWS\prefetch
2021-05-27 19:10:13 ----D---- C:\WINDOWS\system32\sru
2021-05-27 19:09:58 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2021-05-27 18:54:53 ----SHD---- C:\System Volume Information
2021-05-27 18:01:07 ----D---- C:\WINDOWS\AppReadiness
2021-05-26 17:38:06 ----D---- C:\WINDOWS\system32\SleepStudy
2021-05-24 21:50:17 ----D---- C:\WINDOWS\system32\Tasks
2021-05-24 21:03:51 ----RD---- C:\WINDOWS\Microsoft.NET
2021-05-24 21:03:42 ----D---- C:\Windows
2021-05-24 20:15:34 ----HD---- C:\Program Files\WindowsApps
2021-05-24 18:59:06 ----D---- C:\WINDOWS\system32\drivers
2021-05-24 18:50:57 ----D---- C:\WINDOWS\apppatch
2021-05-23 22:43:10 ----D---- C:\WINDOWS\CbsTemp
2021-05-23 22:42:59 ----D---- C:\WINDOWS\WinSxS
2021-05-23 22:25:54 ----D---- C:\WINDOWS\system32\catroot2
2021-05-22 19:31:06 ----D---- C:\WINDOWS\system32\config
2021-05-22 19:21:51 ----D---- C:\WINDOWS\SysWOW64
2021-05-22 19:21:51 ----D---- C:\WINDOWS\System32
2021-05-22 19:18:27 ----D---- C:\WINDOWS\system32\MRT
2021-05-22 19:17:28 ----D---- C:\Users\Lenovo\AppData\Roaming\Spy Emergency
2021-05-22 19:07:58 ----AC---- C:\WINDOWS\system32\MRT.exe
2021-05-12 14:21:54 ----D---- C:\WINDOWS\system32\LogFiles
2021-05-12 14:21:54 ----D---- C:\WINDOWS\Logs
2021-05-12 14:21:24 ----D---- C:\WINDOWS\system32\DriverStore
2021-05-12 14:21:23 ----D---- C:\WINDOWS\INF
2021-05-12 14:10:00 ----RSD---- C:\WINDOWS\assembly
2021-05-01 21:39:29 ----D---- C:\Users\Lenovo\AppData\Roaming\CLOUDY

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdpsp;@oem43.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\WINDOWS\System32\drivers\amdpsp.sys [2019-06-27 138064]
R0 aswArDisk;aswArDisk; C:\WINDOWS\system32\drivers\aswArDisk.sys [2021-04-21 35664]
R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsh.sys [2021-04-21 250336]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniv.sys [2021-04-21 99288]
R0 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2021-04-21 17352]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2021-04-21 82872]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2021-04-21 326992]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2019-12-07 57360]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2020-12-28 41984]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2021-04-21 212192]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriver.sys [2021-04-21 365024]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2021-04-21 41296]
R1 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2021-04-21 180448]
R1 aswNetHub;aswNetHub; C:\WINDOWS\system32\drivers\aswNetHub.sys [2021-05-24 522936]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2021-04-21 107792]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2021-04-21 850632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2021-04-21 467720]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2019-12-07 78136]
R1 CimFS;CimFS; C:\WINDOWS\system32\drivers\CimFS.sys [2021-03-16 91136]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2019-12-07 59392]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2019-12-07 8704]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2021-04-21 215352]
R2 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2021-03-16 149328]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2021-04-18 495104]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2020-12-28 53248]
R3 ACPIVPC;@oem16.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2020-12-20 45536]
R3 amdgpio2;@oem9.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\WINDOWS\System32\drivers\amdgpio2.sys [2019-05-20 45536]
R3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\WINDOWS\System32\drivers\amdi2c.sys [2019-12-07 45568]
R3 amdkmdag;amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0346112.inf_amd64_3ee723850dc00744\B345643\atikmdag.sys [2019-08-23 53506784]
R3 amdkmdap;amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0346112.inf_amd64_3ee723850dc00744\B345643\atikmpag.sys [2019-08-23 601824]
R3 AtiHDAudioService;@oem52.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2019-07-22 108152]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2021-03-16 113664]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2020-12-28 106496]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2019-12-07 133632]
R3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2021-03-16 1560064]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2021-03-16 110592]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2019-12-07 66576]
R3 dtlitescsibus;@oem12.inf,%DisplayName%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2019-04-14 42256]
R3 dtliteusbbus;@oem22.inf,%DisplayName%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2019-04-14 59360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2020-03-24 7321896]
R3 MsQuic;@%SystemRoot%\system32\drivers\msquic.sys,-1; C:\WINDOWS\system32\drivers\msquic.sys [2020-12-28 322376]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2019-12-07 213504]
R3 rt640x64;@oem65.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2019-11-18 1167768]
R3 RtkBtFilter;@oem63.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [2019-09-10 801480]
R3 RTWlanE;@oem28.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\WINDOWS\System32\drivers\rtwlane.sys [2019-10-29 11388112]
S0 amdide64;amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [2015-05-11 13848]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2019-12-07 43832]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2019-12-07 319800]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2019-12-07 884752]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2019-12-07 172344]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2019-12-07 124216]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2019-12-07 135992]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2019-12-07 81720]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2019-12-07 105480]
S0 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2019-12-07 168464]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2019-12-07 58680]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2019-12-07 68408]
S0 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2019-12-07 138040]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2019-12-07 42296]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2019-12-07 158736]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2019-12-07 23040]
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\WINDOWS\system32\drivers\Acx01000.sys [2019-12-07 415232]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2020-12-28 18432]
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\WINDOWS\System32\drivers\BthA2dp.sys [2020-12-28 279040]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys [2021-03-16 45568]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2019-12-07 44032]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [2019-12-07 23040]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2019-12-07 55824]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\WINDOWS\System32\drivers\hidspi.sys [2019-12-07 66560]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2020-12-28 95048]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2019-12-07 30208]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2019-12-07 1853752]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2019-12-07 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2019-12-07 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2019-12-07 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2019-12-07 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2019-12-07 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2019-12-07 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2019-12-07 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2019-12-07 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [2019-12-07 177152]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [2019-12-07 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2019-12-07 558904]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2020-12-28 47104]
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver; C:\WINDOWS\System32\drivers\intelpmax.sys [2019-12-07 30720]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2019-12-07 59704]
S3 ldiagio;ldiagio; \??\C:\Program Files (x86)\Lenovo\ldiagx64\ldiagio.sys [2019-08-10 39048]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2019-12-07 537608]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2019-12-07 64016]
S3 MbbCx;MBB Network Adapter Class Extension; C:\WINDOWS\system32\drivers\MbbCx.sys [2020-12-28 386048]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-12-07 65024]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2019-12-07 1131320]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2019-12-07 146232]
S3 NDKPing;NDKPing Driver; C:\WINDOWS\system32\drivers\NDKPing.sys [2019-12-07 72720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2021-02-13 207360]
S3 PktMon;Packet Monitor Driver; C:\WINDOWS\system32\drivers\PktMon.sys [2021-04-18 129872]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2019-12-07 17408]
S3 portcfg;portcfg; C:\WINDOWS\System32\drivers\portcfg.sys [2019-12-07 27136]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-12-07 990008]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2019-12-07 115712]
S3 RTSUER;@oem2.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2017-10-18 421312]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2019-12-07 35128]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2019-12-07 35128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0346112.inf_amd64_3ee723850dc00744\B345643\atiesrxx.exe [2019-08-23 516832]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [2021-04-21 606944]
R2 avast! Tools;Avast Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [2021-04-21 356064]
R2 AvastWscReporter;AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [2021-04-21 56920]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R2 CDPUserSvc_5a446;CDPUserSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R2 DolbyDAXAPI;@oem64.inf,%ServiceDisplayName%;Dolby DAX API Service; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [2019-09-02 1926600]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R2 FMAPOService;Fortemedia APO Control Service; C:\WINDOWS\System32\FMService64.exe [2019-08-16 359808]
R2 ImControllerService;@oem8.inf,%ImcSvcDisplayName%;System Interface Foundation Service; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2021-03-14 81824]
R2 OneSyncSvc_5a446;OneSyncSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R2 RtkAudioUniversalService;Realtek Audio Universal Service; C:\WINDOWS\System32\RtkAudUService64.exe [2020-03-24 1076728]
R2 RtkBtManServ;@oem63.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service; C:\WINDOWS\RtkBtManServ.exe [2019-09-10 705648]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [2021-04-21 7894040]
R3 BluetoothUserService_5a446;BluetoothUserService_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 cbdhsvc_5a446;cbdhsvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2021-04-21 4816728]
R3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R3 PimIndexMaintenanceSvc_5a446;PimIndexMaintenanceSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2021-04-18 988104]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S2 edgeupdate;Služba Microsoft Edge Update (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2021-04-18 213920]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2021-04-18 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 AarSvc_5a446;AarSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 BcastDVRUserService_5a446;BcastDVRUserService_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 CaptureService_5a446;CaptureService_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 ConsentUxUserSvc_5a446;ConsentUxUserSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2021-03-16 388888]
S3 CredentialEnrollmentManagerUserSvc_5a446;CredentialEnrollmentManagerUserSvc_5a446; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2021-03-16 388888]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 DeviceAssociationBrokerSvc_5a446;DeviceAssociationBrokerSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 DevicePickerUserSvc_5a446;DevicePickerUserSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 DevicesFlowUserSvc_5a446;DevicesFlowUserSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2021-04-18 94208]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 edgeupdatem;Služba Microsoft Edge Update (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2021-04-18 213920]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2019-11-08 46184]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 GoogleChromeElevationService;Google Chrome Elevation Service (GoogleChromeElevationService); C:\Program Files\Google\Chrome\Application\90.0.4430.212\elevation_service.exe [2021-05-08 1498216]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2021-04-18 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 MessagingService_5a446;MessagingService_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service (MicrosoftEdgeElevationService); C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\elevation_service.exe [2021-05-20 1567648]
S3 MixedRealityOpenXRSvc;@%SystemRoot%\system32\MixedRealityRuntime.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [2021-01-15 106496]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 PrintWorkflowUserSvc_5a446;PrintWorkflowUserSvc_5a446; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2020-12-28 57360]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2021-01-15 1265152]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2020-12-28 57360]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#2 Příspěvek od Rudy »

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . FRST není plně kompatibilní s win 10.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: prosím o kontrolu logu

#3 Příspěvek od Eddydye »

Bohužel FRST spustím, scan proběhne ale textové soubory jsou prázdné. Nedá se stáhnout ani přímo na plochu a nevím jak toto vyřešit, vyzkoušeno víckrát

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#4 Příspěvek od Rudy »

Jenže já nemohu použít v desítkách RSIT, po mazání by se mohl poškodit systém. Spusťte tedy tuto utiliu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Poté, co sem dáte log, restartujte a kust znovu FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: prosím o kontrolu logu

#5 Příspěvek od Eddydye »

Tak po AdwCleaneru nechtěl naběhnout windows, nakonec jsem to vyřešil bodem obnovení.
Nicméně začal i fungovat FRST.
Zde přidávám log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021
Ran by Lenovo (administrator) on LAPTOP-1HBPBNHQ (LENOVO 81D6) (28-05-2021 15:04:51)
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0346112.inf_amd64_3ee723850dc00744\B345643\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvBugReport.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\setup\instup.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\updates\7.10.5_46011\bittorrentie.exe <2>
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{F756AC42-D87D-422C-A450-25E160ED4FF2}\90.0.4430.212_chrome_installer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{F756AC42-D87D-422C-A450-25E160ED4FF2}\CR_84EAD.tmp\setup.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\identity_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <22>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dxgiadaptercache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WaaSMedicAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\Temp\3BECCC30-689E-4310-8BEE-385973F747E5\DismHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.925_none_e76d4f6f260a683e\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe
(NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [118496 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [3292872 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\Run: [BitTorrent] => C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011.exe [2135080 2021-05-22] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\Run: [Opera Browser Assistant] => C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3369112 2021-04-20] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408920 2021-04-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\MountPoints2: {0af5c726-a082-11eb-9cf1-b0fc36beac02} - "F:\Autorun.exe"
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\MountPoints2: {51165ecd-a018-11eb-9ce7-806e6f6e6963} - "D:\START.EXE"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-05-01] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {004ED5D3-26B4-4BF8-ACAA-151CBF9E5A6F} - System32\Tasks\Opera scheduled Autoupdate 1619032475 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe [2199704 2021-05-06] (Opera Software AS -> Opera Software)
Task: {12FB6300-7B65-43B7-A229-15156BC3BF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {17A78E30-07B2-4BF7-9B5C-29067E0303DA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fac56328-647a-4780-9c2a-b41d4b71ce48 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {27B8CAF3-1AD5-44E5-B58E-8DC9D2A5F35C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-01] (Avast Software s.r.o. -> Avast Software)
Task: {2A09695E-BD8B-412E-BBB6-79E468491353} - System32\Tasks\Opera scheduled assistant Autoupdate 1619032484 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe [2199704 2021-05-06] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {36868171-62A5-46FF-9A30-DCD2E3C11768} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.)
Task: {4D7D0070-52EA-46A7-857C-3E80BE815CDA} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.102\DADUpdater.exe [4114728 2021-04-26] (McAfee, LLC -> McAfee, LLC)
Task: {613A929E-9510-4154-8DF7-5842E50C897A} - \Lenovo\LenovoWelcomeTask -> No File <==== ATTENTION
Task: {6F062C7C-EE0A-46D8-A57C-92ACED465325} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3307983600-3278904661-1563487808-1001 => C:\Users\laboj\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2021-01-22] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {89FE4C7F-E1D6-494A-B7B8-342BFAB55215} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {8ACFA13D-BB16-4522-9ABD-C214D92CA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {AC02AC66-5E83-49BA-9CA7-711B83DD4A6B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6c838616-95d0-46c8-bb2e-423ce779ff4c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {B4BCD26E-E10A-4B4B-A883-640EFABDC626} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B6E67297-4E2A-4BAB-9C4A-63B62EDBF591} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {BAE21A4C-EA0F-4602-A864-8CC15778067A} - System32\Tasks\App Explorer => C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7744560 2021-01-20] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {CABE786B-1EC4-424C-8ADC-CE7E157B5CA3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CAF218E5-08F0-4F3D-A23B-4CAB394A6DBE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6c92a4d4-87fc-48da-a9f7-b33cca1673ea => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {D176E68A-6DF2-4E3B-821F-29E02646842E} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4699872 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
Task: {D2974240-5CCB-46D7-BEF3-4BA58D135BEA} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -> No File <==== ATTENTION
Task: {E3B4DA26-28CC-4568-940D-B5FD874184AE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0a9a1e65-27d8-44c6-8ab3-534430dbcc2e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Task: {EBACED32-11F9-4DAC-851C-C7313CD2BAF4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.157.255.1 10.157.255.2 8.8.8.8
Tcpip\..\Interfaces\{01d18f22-76e7-4a67-be8a-fc34c93be4e1}: [DhcpNameServer] 150.207.1.2
Tcpip\..\Interfaces\{fd1ce656-1cd3-461f-8dbe-04f57a059d28}: [DhcpNameServer] 10.157.255.1 10.157.255.2 8.8.8.8

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-28]

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2021-05-28]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-18]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

Opera:
=======
OPR Profile: C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable [2021-05-28]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-05-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [356064 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4816728 2021-04-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
R2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [378568 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3315400 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [212192 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365024 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180448 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522936 2021-05-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82872 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850632 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467720 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215352 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326992 2021-04-21] (Avast Software s.r.o. -> AVAST Software)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-04-14] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-04-14] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ldiagio; C:\Program Files (x86)\Lenovo\ldiagx64\ldiagio.sys [39048 2019-08-10] (Lenovo -> Lenovo Group Limited (R))
S1 SpyEmrg; C:\WINDOWS\System32\Drivers\spyemrg.sys [17608 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\WINDOWS\System32\Drivers\spyemrg_access.sys [24776 2019-11-16] (NETGATE Technologies s.r.o. -> NETGATE Technologies s.r.o.)
S3 TDKLIB; C:\WINDOWS\TEMP\TdkLib64.sys [37352 2021-04-18] (Phoenix Technologies Ltd. -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-28 15:05 - 2021-05-28 15:05 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-05-28 15:04 - 2021-05-28 15:14 - 000020815 _____ C:\Users\Lenovo\Desktop\FRST.txt
2021-05-28 15:02 - 2021-05-28 15:02 - 002299904 _____ (Farbar) C:\Users\Lenovo\Desktop\FRST64.exe
2021-05-28 15:00 - 2021-05-28 15:00 - 000000000 ___HD C:\Users\Lenovo\Downloads\.opera
2021-05-28 15:00 - 2021-05-28 15:00 - 000000000 ___HD C:\Users\Lenovo\.opera
2021-05-28 14:56 - 2021-04-21 22:31 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-05-28 14:52 - 2021-05-28 14:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-05-28 12:41 - 2021-05-28 12:41 - 000000000 ____D C:\$Windows.~BT
2021-05-28 11:20 - 2021-05-28 11:20 - 000000112 ___SH C:\bootTel.dat
2021-05-27 21:53 - 2021-05-27 21:56 - 000000000 ____D C:\AdwCleaner
2021-05-27 19:26 - 2021-05-28 15:00 - 000000000 ____D C:\Program Files\trend micro
2021-05-27 19:26 - 2021-05-27 19:27 - 000000000 ____D C:\rsit
2021-05-27 18:51 - 2021-05-27 18:51 - 000000000 ___HD C:\$AV_ASW
2021-05-27 18:01 - 2021-05-28 15:10 - 000000000 ____D C:\FRST
2021-05-22 19:34 - 2021-05-28 14:54 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\BitTorrent
2021-05-10 10:45 - 2021-05-10 10:45 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Comms

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-28 15:21 - 2021-04-21 21:13 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\BitTorrent
2021-05-28 15:18 - 2021-04-17 19:21 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-28 15:16 - 2021-04-18 11:44 - 000000000 ____D C:\Users\defaultuser100001
2021-05-28 15:16 - 2021-04-18 00:55 - 000000000 ____D C:\Users\laboj
2021-05-28 15:14 - 2021-04-17 19:31 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2021-05-28 15:14 - 2021-04-17 19:31 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-28 15:14 - 2021-04-17 19:31 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2021-05-28 15:14 - 2021-04-17 19:31 - 000000000 ____D C:\WINDOWS\addins
2021-05-28 15:14 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\system32\cs
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\system32\Nui
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ta-in
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\si-lk
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ras
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\my-mm
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\icsxml
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ias
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\downlevel
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\Com
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\am-et
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\L2Schemas
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\IME
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\IdentityCRL
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\Cursors
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files\Common Files\System
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files\Common Files\Services
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-05-28 15:14 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2021-05-28 15:14 - 2021-04-17 19:01 - 000000000 ____D C:\WINDOWS\servicing
2021-05-28 15:12 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 __RSD C:\WINDOWS\Media
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-05-28 15:12 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-28 15:10 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-28 15:04 - 2021-04-18 11:50 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Host App Service
2021-05-28 15:03 - 2021-04-18 08:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-05-28 15:03 - 2021-04-17 19:31 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-05-28 15:03 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-05-28 15:03 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-05-28 15:03 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-05-28 15:03 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-05-28 15:03 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-05-28 15:03 - 2021-04-17 19:28 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-05-28 15:03 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\WaaS
2021-05-28 15:03 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-05-28 15:03 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2021-05-28 15:03 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2021-05-28 15:03 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-05-28 15:03 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\System
2021-05-28 15:03 - 2021-04-17 19:01 - 000000000 ____D C:\WINDOWS\system32\SMI
2021-05-28 15:03 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-05-28 15:02 - 2021-04-17 19:31 - 000000000 ____D C:\WINDOWS\OCR
2021-05-28 15:02 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-05-28 15:02 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-05-28 15:02 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\SKB
2021-05-28 15:02 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\schemas
2021-05-28 15:02 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\PLA
2021-05-28 15:02 - 2018-09-12 09:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2021-05-28 15:01 - 2021-04-21 22:31 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-05-28 15:01 - 2021-04-18 11:44 - 000000000 ____D C:\Users\defaultuser100001\AppData\Local\Host App Service
2021-05-28 15:01 - 2021-04-18 01:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-05-28 15:01 - 2021-04-18 00:55 - 000000000 ____D C:\Users\laboj\AppData\Local\Host App Service
2021-05-28 15:01 - 2021-04-17 19:33 - 000000000 ____D C:\WINDOWS\Lenovo
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\InputMethod
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\Help
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\Globalization
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\Containers
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\Branding
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files\Windows Security
2021-05-28 15:01 - 2021-04-17 19:21 - 000000000 ____D C:\Program Files (x86)\Windows NT
2021-05-28 15:01 - 2021-04-17 18:58 - 000000000 ___HD C:\$SysReset
2021-05-28 15:01 - 2018-09-12 09:30 - 000000000 ____D C:\Users\Default\AppData\Local\Host App Service
2021-05-28 15:00 - 2021-04-18 11:50 - 000000000 ____D C:\Users\Lenovo
2021-05-28 15:00 - 2021-04-17 19:09 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-28 14:58 - 2021-04-21 22:28 - 000000000 ____D C:\ProgramData\Avast Software
2021-05-28 14:56 - 2021-04-21 22:41 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-05-28 14:56 - 2021-04-21 22:41 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-05-28 14:56 - 2021-04-21 22:33 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-05-28 14:56 - 2021-04-21 22:32 - 000522936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-05-28 14:56 - 2021-04-17 19:21 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-28 14:51 - 2021-04-18 08:36 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-05-28 14:51 - 2021-04-18 08:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-28 14:51 - 2021-04-18 08:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-28 14:51 - 2021-04-18 08:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-28 14:51 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-28 14:51 - 2021-04-17 19:19 - 000000000 ____D C:\WINDOWS\INF
2021-05-28 14:20 - 2021-04-17 19:21 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-28 14:01 - 2021-04-17 19:21 - 000000000 ____D C:\WINDOWS\registration
2021-05-28 13:00 - 2021-04-18 08:35 - 000000000 ____D C:\ProgramData\Lenovo
2021-05-28 13:00 - 2018-09-12 09:24 - 000000000 ____D C:\Program Files\Lenovo
2021-05-28 12:58 - 2018-09-12 09:24 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-05-27 21:56 - 2021-04-18 01:06 - 000000000 ____D C:\Users\laboj\AppData\Local\Lenovo
2021-05-24 21:50 - 2021-04-18 12:00 - 000000000 ___RD C:\Users\Lenovo\OneDrive
2021-05-22 20:02 - 2021-04-18 11:51 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2021-05-22 19:36 - 2021-04-18 11:51 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache
2021-05-22 19:35 - 2021-04-21 21:16 - 000000000 ____D C:\Users\Lenovo\AppData\Local\BitTorrentHelper
2021-05-22 19:18 - 2021-04-18 01:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-22 19:17 - 2021-04-18 12:45 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Spy Emergency
2021-05-22 19:12 - 2021-04-22 19:35 - 000003492 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Task
2021-05-22 19:12 - 2021-04-22 19:35 - 000002408 _____ C:\WINDOWS\system32\Tasks\App Explorer
2021-05-22 19:12 - 2021-04-21 22:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-05-22 19:12 - 2021-04-21 21:14 - 000003866 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1619032484
2021-05-22 19:12 - 2021-04-21 21:14 - 000003610 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1619032475
2021-05-22 19:12 - 2021-04-18 22:16 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-22 19:12 - 2021-04-18 22:16 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-22 19:12 - 2021-04-18 12:00 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3307983600-3278904661-1563487808-1005
2021-05-22 19:12 - 2021-04-18 11:58 - 000003400 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-22 19:12 - 2021-04-18 11:58 - 000003176 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-22 19:12 - 2021-04-18 01:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3307983600-3278904661-1563487808-1001
2021-05-22 19:07 - 2021-04-18 01:47 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 13:30 - 2021-04-21 21:14 - 000001419 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-05-10 10:44 - 2021-04-18 22:17 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-10 10:44 - 2021-04-18 22:17 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-10 10:43 - 2021-04-18 11:50 - 000002375 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-10 10:32 - 2021-04-18 00:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-05-01 21:41 - 2021-04-18 12:02 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-01 21:41 - 2021-04-18 12:02 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-01 21:39 - 2021-04-22 19:44 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\CLOUDY

==================== Files in the root of some directories ========

2021-04-18 12:35 - 2021-04-18 12:35 - 000007602 _____ () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2021
Ran by Lenovo (28-05-2021 15:22:16)
Running from C:\Users\Lenovo\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-04-18 07:10:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3307983600-3278904661-1563487808-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3307983600-3278904661-1563487808-503 - Limited - Disabled)
Guest (S-1-5-21-3307983600-3278904661-1563487808-501 - Limited - Disabled)
Lenovo (S-1-5-21-3307983600-3278904661-1563487808-1005 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-3307983600-3278904661-1563487808-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
BitTorrent (HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.)
Cloudy with a Chance of Meatballs(TM) (HKLM-x32\...\{B76BE192-7AD9-4A02-90A8-E3DA068D2F00}) (Version: 1.00.000 - Ubisoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1744 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Lenovo App Explorer (HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\Host App Service) (Version: 0.273.4.227 - SweetLabs for Lenovo) <==== ATTENTION
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Opera Stable 76.0.4017.107 (HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\Opera 76.0.4017.107) (Version: 76.0.4017.107 - Opera Software)
Spy Emergency 2020-25.0.800 (HKLM\...\Spy Emergency_is1) (Version: - NETGATE Technologies s.r.o.)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2021-05-28] (Dolby Laboratories)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2103.17.0_x64__k1h2ywk1493x8 [2021-05-28] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.2.1.0_x64__5grkq8ppsgwt4 [2021-05-28] (LENOVO INC) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2021-05-28] (LinkedIn)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13901.20400.0_x86__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13901.20400.0_x86__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13901.20400.0_x86__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13901.20400.0_x86__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13901.20400.0_x86__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-05-28] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13901.20400.0_x86__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\cyberlinkcorp.th.power2goforlenovo_8.0.11322.0_x86__m916jedk64snt [2021-05-28] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\cyberlinkcorp.th.powerdvdforlenovo_14.2.2520.0_x86__m916jedk64snt [2021-05-28] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2021-05-28] (Realtek Semiconductor Corp)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.22661.0_x64__8wekyb3d8bbwe [2021-05-28] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0 [2021-05-28] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-21] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-04-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-04-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-21] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Lenovo\Desktop\facebook.lnk -> C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

==================== Loaded Modules (Whitelisted) =============

2021-04-18 12:45 - 2007-11-02 16:20 - 001403904 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2021-04-18 12:45 - 2007-11-02 16:20 - 000243712 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2021-04-18 12:45 - 2007-09-04 15:25 - 000198144 _____ () [File not signed] C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2021-04-18 12:45 - 2011-08-15 18:49 - 001965056 _____ (CPULib Team) [File not signed] C:\Program Files\NETGATE\Spy Emergency\CPULib.dll
2021-04-18 01:49 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2021-04-18 01:48 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 10.157.255.1 - 10.157.255.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EB45F34C-2068-4D4E-8866-56085855A2F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C8A9CF5D-2C5A-40FD-BE3D-A61BDD0BC87A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D99C92E-AC7E-4BCD-A28F-0419B26E7067}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E351CD7-7A53-4588-A583-CFF139501068}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{89E0A291-2F2F-481A-8065-262A495BD44A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File
FirewallRules: [{61389F25-2877-4B78-8D7E-6F70FF389232}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13901.20400.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32797C62-4974-4B4B-89EF-142D7FB7D1F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{13AE8E47-3695-43DC-95D6-F6A6926438F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F567390-38FD-4557-B4B0-C7375A794D95}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9BF3B7C2-FFBD-4B75-A81E-15503FC706F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4B14D1C1-5682-43A4-AB98-09D6443EA65A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{21269544-F3DC-44EB-8C5A-39258596291B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7E38B861-476D-49AA-BCAF-2FC246DC0C5C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1684242-67E1-4603-884C-E6994CDD7CDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.157.443.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8F481093-4CB2-4F77-B298-3D35BA856563}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{67ABAC32-4372-4730-881C-103BA8833D6C}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{ABE54B8D-EA90-4F7A-BEEF-D7B72E45B299}] => (Allow) C:\Program Files (x86)\Ubisoft\Cloudy with a Chance of Meatballs\JadeEngine_Final.exe (SHANGHAI UBI COMPUTER SOFTWARE CO.,LTD -> UBISOFT) [File not signed]
FirewallRules: [{F3D0981F-3A61-4B83-B10D-834F3C693934}] => (Allow) C:\Program Files (x86)\Ubisoft\Cloudy with a Chance of Meatballs\JadeEngine_Final.exe (SHANGHAI UBI COMPUTER SOFTWARE CO.,LTD -> UBISOFT) [File not signed]
FirewallRules: [{4E4C0F9E-2D4B-4939-BD2B-3AA2DAED6755}] => (Allow) C:\Users\Lenovo\AppData\Local\Programs\Opera\75.0.3969.243\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{08072D90-720B-4797-B29F-61D327DAD8FC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E0EEF6E1-F869-495D-8F8C-2EF9355B6CC3}] => (Allow) C:\Users\Lenovo\AppData\Local\Programs\Opera\76.0.4017.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DA8C2BF8-BDF8-4F2B-A4A5-62EF3AF23C63}] => (Allow) C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FFACD392-2AC8-4164-80D2-16012787243E}] => (Allow) C:\Users\Lenovo\AppData\Roaming\BitTorrent\updates\7.10.5_46011.exe (BitTorrent Inc -> BitTorrent Inc.)

==================== Restore Points =========================

22-05-2021 19:18:51 Instalační služba modulů systému Windows
22-05-2021 19:49:01 Instalační služba modulů systému Windows
23-05-2021 21:51:52 Instalační služba modulů systému Windows
27-05-2021 21:55:21 AdwCleaner_BeforeCleaning_27/05/2021_21:55:19
28-05-2021 15:01:52 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/28/2021 03:20:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ShellExperienceHost.exe verze 10.0.19041.610 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 22c0

Čas spuštění: 01d753c08a604f9e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID hlášení: 50d57478-9568-474a-b0d4-8a061ceb0305

Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (05/28/2021 02:51:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3628,R,98) SRUJet: Při otevírání souboru protokolu C:\WINDOWS\system32\SRU\SRU00214.log došlo k chybě -1811 (0xfffff8ed).

Error: (05/27/2021 06:40:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 25.5.2021.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 32b0

Čas spuštění: 01d75315e21eaf15

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\Lenovo\Desktop\FRST64.exe

ID hlášení: 15d651bc-616a-42ca-a817-d0cc7382387a

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (05/27/2021 06:32:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 25.5.2021.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2e8c

Čas spuštění: 01d75311861704cd

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\Lenovo\Desktop\FRST64.exe

ID hlášení: 9c0b068b-d4a3-49e2-9e85-76604f172d2c

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (05/22/2021 07:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wuauclt.exe, verze: 10.0.19041.906, časové razítko: 0x01b4b287
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.928, časové razítko: 0x9bed63d6
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000063416
ID chybujícího procesu: 0x1d50
Čas spuštění chybující aplikace: 0x01d74f2e810e269f
Cesta k chybující aplikaci: C:\WINDOWS\system32\wuauclt.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 92b9a1b1-527b-458b-8180-c54fc7bdc391
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/21/2021 11:03:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (04/21/2021 10:55:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (04/18/2021 12:36:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 90.0.4430.72 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 37e0

Čas spuštění: 01d7343d8544723e

Čas ukončení: 2128

Cesta k aplikaci: C:\Program Files\Google\Chrome\Application\chrome.exe

ID hlášení: c3c0af8a-a89b-4169-b444-ed43d9c70fc5

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown


System errors:
=============
Error: (05/28/2021 02:56:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (05/28/2021 02:53:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spy Emergency Real-Time Shield Driver neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.

Error: (05/28/2021 02:51:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba luafv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (05/27/2021 09:57:56 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (05/27/2021 09:57:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spy Emergency Real-Time Shield Driver neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.

Error: (05/27/2021 09:56:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Interface Foundation Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/27/2021 09:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (05/27/2021 09:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Spy Emergency Engine Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2021-04-21 22:18:01
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F6B8F38F-24B6-4218-96CB-D49018CC628B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-18 12:30:42
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D0088B35-AE07-43A0-A9CC-6385B7F475DD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: LAPTOP-1HBPBNHQ\Lenovo

Date: 2021-04-18 09:31:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2021-04-18 09:31:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2021-04-18 09:31:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2021-04-18 09:31:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2021-04-18 09:31:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===============
Date: 2021-05-28 15:16:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-05-28 15:06:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 8UCN18WW 11/17/2020
Motherboard: LENOVO LNVNB161216
Processor: AMD A4-9125 RADEON R3, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 66%
Total physical RAM: 7055.98 MB
Available physical RAM: 2367.75 MB
Total Virtual: 8207.98 MB
Available Virtual: 3056.51 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:865.22 GB) NTFS
Drive d: (SPIDLA) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

\\?\Volume{d6b2e9b5-b742-4c9b-bcd6-187523de7cfc}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{b5278956-4f52-43a7-b4de-a6d90ca3c27f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 10E92185)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#6 Příspěvek od Rudy »

Divné. Pokud můžete, dejte log z ADW. Nyní otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\MountPoints2: {0af5c726-a082-11eb-9cf1-b0fc36beac02} - "F:\Autorun.exe"
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\MountPoints2: {51165ecd-a018-11eb-9ce7-806e6f6e6963} - "D:\START.EXE"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {12FB6300-7B65-43B7-A229-15156BC3BF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {613A929E-9510-4154-8DF7-5842E50C897A} - \Lenovo\LenovoWelcomeTask -> No File <==== ATTENTION
Task: {8ACFA13D-BB16-4522-9ABD-C214D92CA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {B6E67297-4E2A-4BAB-9C4A-63B62EDBF591} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {BAE21A4C-EA0F-4602-A864-8CC15778067A} - System32\Tasks\App Explorer => C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7744560 2021-01-20] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {D2974240-5CCB-46D7-BEF3-4BA58D135BEA} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{89E0A291-2F2F-481A-8065-262A495BD44A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: prosím o kontrolu logu

#7 Příspěvek od Eddydye »

LOG AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-27-2021
# Duration: 00:00:41
# OS: Windows 10 Home
# Cleaned: 21
# Awaiting reboot:1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Lenovo\AppData\Local\Host App Service
Deleted C:\Users\defaultuser100001\AppData\Local\Host App Service
Deleted C:\Users\laboj\AppData\Local\Host App Service

***** [ Files ] *****

Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\APP EXPLORER

***** [ Registry ] *****

Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE21A4C-EA0F-4602-A864-8CC15778067A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\laboj\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\laboj\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Needs Reboot Preinstalled.LenovoIMController Folder C:\Users\Lenovo\AppData\Local\LENOVO\IMCONTROLLER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****

FIXLOG:
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2021
Ran by Lenovo (28-05-2021 16:32:23) Run:2
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\MountPoints2: {0af5c726-a082-11eb-9cf1-b0fc36beac02} - "F:\Autorun.exe"
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\...\MountPoints2: {51165ecd-a018-11eb-9ce7-806e6f6e6963} - "D:\START.EXE"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {12FB6300-7B65-43B7-A229-15156BC3BF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {613A929E-9510-4154-8DF7-5842E50C897A} - \Lenovo\LenovoWelcomeTask -> No File <==== ATTENTION
Task: {8ACFA13D-BB16-4522-9ABD-C214D92CA211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {B6E67297-4E2A-4BAB-9C4A-63B62EDBF591} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {BAE21A4C-EA0F-4602-A864-8CC15778067A} - System32\Tasks\App Explorer => C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7744560 2021-01-20] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {D2974240-5CCB-46D7-BEF3-4BA58D135BEA} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{89E0A291-2F2F-481A-8065-262A495BD44A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af5c726-a082-11eb-9cf1-b0fc36beac02} => removed successfully
HKU\S-1-5-21-3307983600-3278904661-1563487808-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51165ecd-a018-11eb-9ce7-806e6f6e6963} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12FB6300-7B65-43B7-A229-15156BC3BF6B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12FB6300-7B65-43B7-A229-15156BC3BF6B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB692C1-F60F-479E-ADC2-1CAF9422A2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB692C1-F60F-479E-ADC2-1CAF9422A2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{613A929E-9510-4154-8DF7-5842E50C897A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613A929E-9510-4154-8DF7-5842E50C897A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoWelcomeTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ACFA13D-BB16-4522-9ABD-C214D92CA211}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ACFA13D-BB16-4522-9ABD-C214D92CA211}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B6E67297-4E2A-4BAB-9C4A-63B62EDBF591}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6E67297-4E2A-4BAB-9C4A-63B62EDBF591}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\PostResetBoot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BAE21A4C-EA0F-4602-A864-8CC15778067A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE21A4C-EA0F-4602-A864-8CC15778067A}" => removed successfully
C:\WINDOWS\System32\Tasks\App Explorer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2098BE2-A29A-4EB1-97F6-F0C57E086D4F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2098BE2-A29A-4EB1-97F6-F0C57E086D4F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Speech\HeadsetButtonPress" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sih" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2974240-5CCB-46D7-BEF3-4BA58D135BEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2974240-5CCB-46D7-BEF3-4BA58D135BEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89E0A291-2F2F-481A-8065-262A495BD44A}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23378226 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 19792279 B
Edge => 233206 B
Chrome => 464544940 B
Firefox => 0 B
Opera => 344699768 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 253639 B
systemprofile32 => 253639 B
LocalService => 280505 B
NetworkService => 299373 B
laboj => 97808723 B
defaultuser100001 => 154635500 B
Lenovo => 403833910 B

RecycleBin => 41451039 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-05-2021 16:48:25)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 16:48:25 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#8 Příspěvek od Rudy »

Smazáno, log již vypadá OK. Nevím, co bránilo FRST ve spuštění, možná některá utilita od Lenova.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Eddydye
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 27 kvě 2021 16:55

Re: prosím o kontrolu logu

#9 Příspěvek od Eddydye »

Je to mnohem lepší!! děkuji :thumbsup: :thumbsup:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#10 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno