Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o preventivní kontrolu. děkuji

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
vaclavka83
Návštěvník
Návštěvník
Příspěvky: 238
Registrován: 14 čer 2010 13:52

Prosím o preventivní kontrolu. děkuji

#1 Příspěvek od vaclavka83 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by david (administrator) on DAVID-NOTAS-WIN (Dell Inc. Latitude E5440) (18-05-2021 11:43:39)
Running from C:\Users\david\Desktop
Loaded Profiles: david
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779152 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8474880 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-1071685242-337247553-1059379746-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-15] (Valve -> Valve Corporation)
Startup: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar68.lnk [2021-05-18]
ShortcutTarget: Sidebar68.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {057CC232-7925-4AD4-88C7-12A0F140A31F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1BD2CAB2-8EEA-40E1-8BF4-6D3B35868103} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1D1CFD8B-76B7-4203-8DBB-471695377C94} - System32\Tasks\Mozilla\Firefox Default Browser Agent E921FE7E93B133DD => C:\Users\david\AppData\Local\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {5C4069F0-CEBB-4FFE-AD45-1CB499C32CE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6FCFB6AB-48DC-4D5C-80EC-FAFBA62E8162} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6C8B373-5BA4-4B0B-9ED6-8D9F993449B1} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{47a4e8ad-b990-412c-bda9-d55c3eee706a}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Edge:
=======
Edge Profile: C:\Users\david\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-18]

FireFox:
========
FF DefaultProfile: 7exe16j0.default
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\7exe16j0.default [2021-05-16]
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\lc5qrmy2.default-release [2021-05-18]
FF DownloadDir: C:\Users\david\Desktop
FF Homepage: Mozilla\Firefox\Profiles\lc5qrmy2.default-release -> hxxps://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\lc5qrmy2.default-release -> is enabled.
FF Extension: (Google Translator for Firefox) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\lc5qrmy2.default-release\Extensions\translator@zoli.bod.xpi [2021-05-16]
FF Extension: (uBlock Origin) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\lc5qrmy2.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-05-16]
FF Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\lc5qrmy2.default-release\Extensions\{49756ccc-44ea-4661-bc1f-2baba64cca2f}.xpi [2021-05-16]
FF Extension: (element google překladače) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\lc5qrmy2.default-release\Extensions\{a0901e86-92df-4b8d-9fcd-7ad4746a6f95}.xpi [2021-05-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [114960 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776x64.sys [99864 2015-11-02] (BayHub Technology Inc. -> O2Micro)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-18 11:43 - 2021-05-18 11:44 - 000009671 _____ C:\Users\david\Desktop\FRST.txt
2021-05-18 11:42 - 2021-05-18 11:44 - 000000000 ____D C:\FRST
2021-05-18 11:42 - 2021-05-18 11:42 - 002299392 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
2021-05-17 06:20 - 2021-05-17 06:20 - 000000000 ____D C:\Users\david\AppData\Local\PeerDistRepub
2021-05-17 06:00 - 2021-05-17 06:00 - 000000000 ____D C:\Users\david\AppData\Local\OneDrive
2021-05-16 21:59 - 2021-05-16 21:59 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-16 21:54 - 2021-05-16 21:09 - 000000000 ____D C:\WINDOWS\Panther
2021-05-16 21:53 - 2021-05-16 21:53 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-05-16 21:53 - 2021-05-16 21:09 - 000000000 ____D C:\Windows.old
2021-05-16 21:52 - 2021-05-16 21:52 - 000000000 ____D C:\ProgramData\ssh
2021-05-16 21:48 - 2021-05-16 21:48 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-16 21:48 - 2021-05-16 21:48 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-16 21:48 - 2021-05-16 21:48 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-16 21:48 - 2021-05-16 21:48 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-05-16 21:48 - 2021-05-16 21:48 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-05-16 21:48 - 2021-05-16 21:48 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-05-16 21:48 - 2021-05-16 21:48 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-05-16 21:48 - 2021-05-16 21:48 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-05-16 21:48 - 2021-05-16 21:48 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-05-16 21:48 - 2021-05-16 21:48 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-05-16 21:48 - 2021-05-16 21:48 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-05-16 21:48 - 2021-05-16 21:48 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-05-16 21:48 - 2021-05-16 21:48 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-05-16 21:48 - 2021-05-16 21:48 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-05-16 21:48 - 2021-05-16 21:48 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-05-16 21:48 - 2021-05-16 21:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-05-16 21:48 - 2021-05-16 21:48 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-05-16 21:48 - 2021-05-16 21:48 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-05-16 21:48 - 2021-05-16 21:48 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-05-16 21:47 - 2021-05-16 21:47 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-16 21:47 - 2021-05-16 21:47 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-16 21:47 - 2021-05-16 21:47 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-16 21:47 - 2021-05-16 21:47 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-05-16 21:47 - 2021-05-16 21:47 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-05-16 21:47 - 2021-05-16 21:47 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-05-16 21:47 - 2021-05-16 21:47 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-05-16 21:47 - 2021-05-16 21:47 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-05-16 21:47 - 2021-05-16 21:47 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-05-16 21:47 - 2021-05-16 21:47 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-05-16 21:47 - 2021-05-16 21:47 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-16 21:47 - 2021-05-16 21:47 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-05-16 21:47 - 2021-05-16 21:47 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-05-16 21:47 - 2021-05-16 21:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-05-16 21:47 - 2021-05-16 21:47 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-05-16 21:47 - 2021-05-16 21:47 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-16 21:47 - 2021-05-16 21:47 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-05-16 21:47 - 2021-05-16 21:47 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-05-16 21:47 - 2021-05-16 21:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-05-16 21:47 - 2021-05-16 21:47 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-16 21:47 - 2021-05-16 21:47 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-05-16 21:47 - 2021-05-16 21:47 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-05-16 21:47 - 2021-05-16 21:47 - 000000000 ____D C:\Users\david\AppData\Local\Steam
2021-05-16 21:47 - 2021-05-16 21:47 - 000000000 ____D C:\Users\david\AppData\Local\CEF
2021-05-16 21:41 - 2021-05-16 21:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-16 21:41 - 2021-05-16 21:41 - 000000000 ____D C:\Program Files\STMicroelectronics
2021-05-16 21:41 - 2021-05-16 21:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-16 21:40 - 2021-05-16 21:40 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-05-16 21:40 - 2021-05-16 21:40 - 000000000 ____D C:\Program Files\DellTPad
2021-05-16 21:37 - 2021-05-16 21:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-16 21:37 - 2021-05-16 21:37 - 000000000 ____D C:\WINDOWS\PixArt
2021-05-16 21:37 - 2009-07-01 09:56 - 000000885 _____ C:\WINDOWS\SysWOW64\SP7302.ini
2021-05-16 21:37 - 2008-03-24 11:09 - 000141824 _____ (PixArt Imaging Incorporation) C:\WINDOWS\SysWOW64\SP7302.ax
2021-05-16 21:37 - 2006-10-12 11:57 - 000014336 _____ (PixArt Imaging Inc.) C:\WINDOWS\SysWOW64\P7302USD.dll
2021-05-16 21:36 - 2021-05-16 21:36 - 000000000 ____D C:\Users\david\AppData\Local\Comms
2021-05-16 21:29 - 2021-05-18 11:26 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-16 21:29 - 2021-05-16 21:29 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2021-05-16 21:27 - 2021-05-16 21:30 - 000000000 ____D C:\Users\david\AppData\Local\Sidebar7
2021-05-16 21:23 - 2021-05-18 11:27 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-16 21:23 - 2021-05-16 21:23 - 000001273 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-16 21:23 - 2021-05-16 21:23 - 000001265 _____ C:\Users\david\Desktop\Firefox.lnk
2021-05-16 21:23 - 2021-05-16 21:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-16 21:23 - 2021-05-16 21:23 - 000000000 ____D C:\Users\david\AppData\Roaming\Mozilla
2021-05-16 21:23 - 2021-05-16 21:23 - 000000000 ____D C:\Users\david\AppData\Local\Mozilla
2021-05-16 21:22 - 2021-05-18 11:18 - 000000000 ____D C:\Users\david\AppData\Local\Mozilla Firefox
2021-05-16 21:21 - 2021-05-17 05:59 - 000000000 ____D C:\Users\david\AppData\Local\PlaceholderTileLogoFolder
2021-05-16 21:20 - 2021-05-16 21:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-05-16 21:19 - 2021-05-16 23:53 - 000000000 ____D C:\Users\david\AppData\Local\Packages
2021-05-16 21:19 - 2021-05-16 21:45 - 000000000 ____D C:\Users\david\AppData\Local\ConnectedDevicesPlatform
2021-05-16 21:19 - 2021-05-16 21:36 - 000000000 ____D C:\ProgramData\Packages
2021-05-16 21:19 - 2021-05-16 21:19 - 000000020 ___SH C:\Users\david\ntuser.ini
2021-05-16 21:19 - 2021-05-16 21:19 - 000000000 ____D C:\Users\david\AppData\Roaming\Adobe
2021-05-16 21:19 - 2021-05-16 21:19 - 000000000 ____D C:\Users\david\AppData\Local\VirtualStore
2021-05-16 21:19 - 2021-05-16 21:19 - 000000000 ____D C:\Users\david\AppData\Local\Publishers
2021-05-16 21:10 - 2021-05-18 11:34 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-16 21:06 - 2021-05-16 21:06 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2021-05-16 21:06 - 2021-05-16 21:06 - 000000000 _SHDL C:\ProgramData\Šablony
2021-05-16 21:06 - 2021-05-16 21:06 - 000000000 _SHDL C:\ProgramData\Plocha
2021-05-16 21:06 - 2021-05-16 21:06 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2021-05-16 21:06 - 2021-05-16 21:06 - 000000000 _SHDL C:\ProgramData\Dokumenty
2021-05-16 21:06 - 2021-05-16 21:06 - 000000000 _SHDL C:\ProgramData\Data aplikací
2021-05-16 21:01 - 2021-05-18 08:29 - 000000000 ____D C:\Users\david
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Šablony
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Soubory cookie
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Poslední
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Okolní tiskárny
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Okolní síť
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Nabídka Start
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Dokumenty
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Documents\Obrázky
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Documents\Hudba
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Documents\Filmy
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\Data aplikací
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-05-16 21:01 - 2021-05-16 21:01 - 000000000 _SHDL C:\Users\david\AppData\Local\Data aplikací
2021-05-16 20:59 - 2021-05-18 11:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-16 20:59 - 2021-05-16 20:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-05-16 20:59 - 2021-05-16 20:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-05-16 20:59 - 2021-05-16 20:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-05-16 20:59 - 2018-02-28 00:41 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-05-16 20:59 - 2018-02-28 00:03 - 005966408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-05-16 20:59 - 2018-02-28 00:03 - 002589312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2021-05-16 20:59 - 2018-02-28 00:03 - 001767360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2021-05-16 20:59 - 2018-02-28 00:03 - 000608840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2021-05-16 20:59 - 2018-02-28 00:03 - 000449368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2021-05-16 20:59 - 2018-02-28 00:03 - 000124032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2021-05-16 20:59 - 2018-02-28 00:03 - 000082880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2021-05-16 20:59 - 2018-02-16 20:17 - 008083703 _____ C:\WINDOWS\system32\nvcoproc.bin
2021-05-16 20:58 - 2021-05-16 20:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf
2021-05-16 20:58 - 2021-05-16 20:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2021-05-16 20:58 - 2021-05-16 20:58 - 000000000 ____D C:\Program Files\DIFX
2021-05-16 20:58 - 2016-10-07 06:37 - 000030352 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys
2021-05-16 20:57 - 2021-05-18 11:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-05-16 20:57 - 2021-05-16 20:57 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-05-16 20:57 - 2021-05-16 20:57 - 000000000 ____D C:\Program Files\Intel
2021-05-16 20:57 - 2021-05-16 20:57 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2021-05-16 20:57 - 2018-12-21 02:23 - 000100056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-05-16 20:56 - 2021-05-18 11:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-16 20:56 - 2021-05-18 10:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-16 20:56 - 2021-05-17 00:18 - 000258096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-16 20:56 - 2021-05-16 21:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-16 20:56 - 2021-05-16 21:10 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-16 20:56 - 2021-05-16 21:10 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-16 20:56 - 2021-05-16 20:56 - 000561160 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2021-05-16 20:56 - 2021-05-16 20:56 - 000134304 _____ C:\WINDOWS\system32\Drivers\rtwavesvp.dat
2021-05-16 20:56 - 2021-05-16 20:56 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2021-05-16 20:56 - 2021-05-16 20:56 - 000020823 _____ C:\WINDOWS\system32\Drivers\rtwavesvpcap.dat
2021-05-16 20:56 - 2021-05-16 20:56 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2021-05-16 20:56 - 2021-05-16 20:56 - 000003218 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton
2021-05-16 20:56 - 2021-05-16 20:56 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-05-16 20:56 - 2021-05-16 20:56 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-05-16 20:56 - 2021-05-16 20:56 - 000000000 ____D C:\Program Files\Realtek
2021-05-16 20:56 - 2021-05-16 20:56 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-05-16 20:09 - 2021-05-16 20:13 - 000000000 _____ C:\Recovery.txt
2021-05-11 18:15 - 2021-05-11 18:22 - 000921636 _____ C:\PA7302.DAT
2021-05-11 18:13 - 2021-05-16 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLook 300
2021-05-07 09:02 - 2021-05-07 09:02 - 005184529 _____ C:\Users\david\Desktop\dv6-engine-1-6-16v-hdi-serwisowka-silnika.pdf
2021-05-02 23:26 - 2021-05-16 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-05-02 22:53 - 2015-05-27 15:34 - 013098384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 002880872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 002020528 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 001749832 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 001523096 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 001381616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 001318432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 001158488 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000997856 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000914024 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000768824 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000642928 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000577840 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000410040 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000179176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000074608 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2021-05-02 22:53 - 2015-05-27 15:34 - 000069928 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2021-05-02 22:53 - 2015-05-27 15:33 - 072121872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2021-05-02 22:53 - 2015-05-27 15:33 - 003700360 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2021-05-02 22:53 - 2015-05-27 15:33 - 003227544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2021-05-02 22:53 - 2015-05-27 15:33 - 002869504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2021-05-02 22:53 - 2015-05-27 15:33 - 002540800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTDVHD64.sys
2021-05-02 22:53 - 2015-05-27 15:33 - 001745152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2021-05-02 22:53 - 2015-05-27 15:33 - 001570560 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTDSnM64.cpl
2021-05-02 22:53 - 2015-05-27 15:33 - 000171264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTHDASIO64.dll
2021-05-02 22:53 - 2015-05-27 15:33 - 000147712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RTHDASIO.dll
2021-05-02 22:53 - 2015-05-27 15:33 - 000023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2021-05-02 22:53 - 2015-05-27 15:04 - 000002236 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2021-05-02 18:23 - 2021-05-16 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2021-05-02 14:11 - 2021-05-16 21:06 - 000000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2021-05-02 14:03 - 2018-05-07 01:21 - 036359712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2021-05-02 14:03 - 2018-05-07 01:21 - 029389296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2021-05-02 14:03 - 2018-05-07 01:21 - 001630216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2021-05-02 14:03 - 2018-05-07 01:21 - 000989680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-05-02 14:03 - 2018-05-07 01:21 - 000941040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-05-02 14:03 - 2018-05-07 01:21 - 000504328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2021-05-02 14:03 - 2018-05-07 01:20 - 040247200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 035167264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 004210672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 003624024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 001998936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438908.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 001682416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438908.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 001108976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-05-02 14:03 - 2018-05-07 01:20 - 001041952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-05-02 14:03 - 2018-05-07 01:18 - 023482944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2021-05-02 14:03 - 2018-05-07 01:18 - 019218440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2021-05-02 14:03 - 2018-05-07 01:18 - 013378296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2021-05-02 14:03 - 2018-05-07 01:18 - 010986416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2021-05-02 14:03 - 2018-05-07 01:18 - 001154072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2021-05-02 14:03 - 2018-05-07 01:18 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2021-05-02 14:03 - 2018-05-07 01:17 - 014001328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-05-02 14:03 - 2018-05-07 01:17 - 011896592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-05-02 14:03 - 2018-05-07 01:17 - 004533480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-05-02 14:03 - 2018-05-07 01:17 - 003860336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-05-02 14:03 - 2018-05-06 21:50 - 000048568 _____ C:\WINDOWS\system32\nvinfo.pb
2021-05-02 14:03 - 2018-05-06 21:50 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2021-05-02 14:03 - 2018-05-06 21:50 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2021-05-02 14:01 - 2021-05-18 11:26 - 000000000 __SHD C:\Users\david\IntelGraphicsProfiles
2021-05-02 14:01 - 2021-05-16 20:59 - 000000000 ____D C:\Intel
2021-05-02 13:52 - 2021-05-18 11:26 - 000000000 ____D C:\Users\david\AppData\LocalLow\Mozilla
2021-05-02 13:46 - 2021-05-02 13:46 - 000000000 ___HD C:\$WinREAgent
2021-05-02 13:44 - 2021-05-02 13:44 - 000000000 ___HD C:\OneDriveTemp
2021-05-02 13:43 - 2021-05-18 10:18 - 000000000 ___RD C:\Users\david\OneDrive

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-18 11:34 - 2019-12-07 16:43 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-18 11:34 - 2019-12-07 16:43 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-18 11:34 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-18 11:28 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-18 11:26 - 2020-11-19 01:56 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-18 11:24 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-18 04:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-18 00:24 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-17 06:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-05-17 06:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-17 06:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-05-17 00:17 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-17 00:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-17 00:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-16 23:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-16 22:00 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-05-16 21:54 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-05-16 21:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-05-16 21:52 - 2019-12-07 16:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-05-16 21:52 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-05-16 21:52 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-05-16 21:52 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-05-16 21:52 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-05-16 21:51 - 2019-12-07 16:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-16 21:51 - 2019-12-07 16:47 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-05-16 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-05-16 21:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-16 21:35 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-16 21:26 - 2019-12-07 11:14 - 000000000 ___SD C:\Program Files\Windows Sidebar
2021-05-16 21:26 - 2019-12-07 11:14 - 000000000 ___SD C:\Program Files (x86)\Windows Sidebar
2021-05-16 21:19 - 2020-11-19 02:05 - 000000000 ___RD C:\Users\david\3D Objects
2021-05-16 21:19 - 2020-11-19 01:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-05-16 21:19 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-16 21:17 - 2020-11-19 01:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-16 21:09 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-05-16 21:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-05-16 21:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-16 21:09 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-05-16 21:06 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-05-16 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-05-16 20:56 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by david (18-05-2021 11:47:24)
Running from C:\Users\david\Desktop
Windows 10 Pro Version 20H2 19042.985 (X64) (2021-05-16 19:09:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1071685242-337247553-1059379746-500 - Administrator - Disabled)
david (S-1-5-21-1071685242-337247553-1059379746-1001 - Administrator - Enabled) => C:\Users\david
DefaultAccount (S-1-5-21-1071685242-337247553-1059379746-503 - Limited - Disabled)
Guest (S-1-5-21-1071685242-337247553-1059379746-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1071685242-337247553-1059379746-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{2C6DC07C-5D68-4E32-B6C6-EF5F24DA9FDF}) (Version: 33.0.0 - 8GadgetPack.net)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.215 - ALPSALPINE CO., LTD.)
iLook 300 (HKLM-x32\...\{7EF900F4-61A8-4D95-8A65-488D3BECA206}) (Version: 1.0.0.28 - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 cs) (HKU\S-1-5-21-1071685242-337247553-1059379746-1001\...\Mozilla Firefox 88.0.1 (x64 cs)) (Version: 88.0.1 - Mozilla)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6070 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-16] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-05-16] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1071685242-337247553-1059379746-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\david\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1071685242-337247553-1059379746-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\david\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-02-28] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-05-16 21:26 - 2020-06-23 09:54 - 000660480 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1071685242-337247553-1059379746-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\david\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\africanwildlife1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EAC83B74-ECB8-46E6-AF8F-AD9A1D4E0923}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1AFAB0E0-D827-44C7-A4D2-5379401C1C7B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8EBB2343-5F16-459D-AF71-E8A6E6CD98EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9D90D79-969F-425A-8929-4872E5DAD7D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C12EDC2-D57A-4C37-BDFA-383935CC5C36}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{830E4089-A766-497F-AE93-E4598C5C79DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{67B2770F-D8BC-4B4C-B8CB-29F67783F60C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83AE709C-3F2B-4082-A562-9A60F74AAC0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CC8275C3-803C-4A4E-A0A9-8517A1BA5EA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35EB2EF7-A93C-452A-9C86-E43EADEFDFD1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{937E19CA-4DF9-490E-92FB-CB09B04475D1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C8487AC0-4483-495A-AEB8-253D03ACA484}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8177AD13-82E0-4B37-8147-17B2D43071D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C5A73109-9037-4E45-9A41-4D488E215D47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{513607BC-4A7E-498A-B64A-E56AD394872D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B295D4E1-DD84-4587-838C-596F5B9F0E5B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

18-05-2021 00:23:55 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/16/2021 09:50:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/16/2021 09:50:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/16/2021 09:50:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/16/2021 09:00:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (05/16/2021 08:56:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -1409.


System errors:
=============
Error: (05/18/2021 10:14:55 AM) (Source: DCOM) (EventID: 10010) (User: DAVID-NOTAS-WIN)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/18/2021 08:00:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/18/2021 08:00:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (05/18/2021 03:56:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (0:45:10, ‎18.‎05.‎2021) bylo neočekávané.

Error: (05/17/2021 10:29:13 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (05/16/2021 09:47:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/16/2021 09:47:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (05/16/2021 09:43:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Nástroj k odstranění škodlivého softwaru v systému Windows, verze pro procesory x64 – v5.89 (KB890830).


Windows Defender:
================
Date: 2021-05-18 11:40:31
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\david\Desktop\FRST64.exe.part
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DAVID-NOTAS-WIN\david
Název procesu: C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.339.953.0, AS: 1.339.953.0, NIS: 1.339.953.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-18 11:40:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\david\Desktop\FRST64.exe.part
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DAVID-NOTAS-WIN\david
Název procesu: C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.339.953.0, AS: 1.339.953.0, NIS: 1.339.953.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-18 11:40:00
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\david\Desktop\FRST64.exe.part
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DAVID-NOTAS-WIN\david
Název procesu: C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.339.953.0, AS: 1.339.953.0, NIS: 1.339.953.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-18 11:35:57
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\david\Desktop\FRST64.exe.part
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DAVID-NOTAS-WIN\david
Název procesu: C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.339.945.0, AS: 1.339.945.0, NIS: 1.339.945.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-18 11:31:19
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\david\Desktop\FRST64.exe.part
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DAVID-NOTAS-WIN\david
Název procesu: C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.339.945.0, AS: 1.339.945.0, NIS: 1.339.945.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-18 11:40:31
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\david\Desktop\FRST64.exe.part
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DAVID-NOTAS-WIN\david
Název procesu: C:\Users\david\AppData\Local\Mozilla Firefox\firefox.exe
Akce: Neznámý
Stav akce: No additional actions required
Kód chyby: 0x80508032
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: AV: 1.339.953.0, AS: 1.339.953.0, NIS: 1.339.953.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

==================== Memory info ===========================

BIOS: Dell Inc. A24 06/13/2019
Motherboard: Dell Inc. 0XPJ8D
Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 55%
Total physical RAM: 8097.32 MB
Available physical RAM: 3624.27 MB
Total Virtual: 10017.32 MB
Available Virtual: 5004.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.87 GB) (Free:201.13 GB) NTFS
Drive e: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32

\\?\Volume{2d6837da-9f69-4f65-bae9-f8483a735538}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{536d0047-5b2e-4bf5-be64-6374688b233b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 608DBCCB)

Partition: GPT.

==========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: AE55EA84)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt =======================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu. děkuji

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Spustit skenovani a pockaj na dokoncenie
  • V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
  • V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
  • Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

vaclavka83
Návštěvník
Návštěvník
Příspěvky: 238
Registrován: 14 čer 2010 13:52

Re: Prosím o preventivní kontrolu. děkuji

#3 Příspěvek od vaclavka83 »

Děkuji. Nic nevyhledal..

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-18-2021
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [18/05/2021 19:22:47]
AdwCleaner[C00].txt - [1595 octets] - [18/05/2021 19:24:28]
AdwCleaner[S01].txt - [1527 octets] - [18/05/2021 19:26:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu. děkuji

#4 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start::
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files\Windows Sidebar\sidebar.exe
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    
    Hosts:
    EmptyTemp:
    End::
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

vaclavka83
Návštěvník
Návštěvník
Příspěvky: 238
Registrován: 14 čer 2010 13:52

Re: Prosím o preventivní kontrolu. děkuji

#5 Příspěvek od vaclavka83 »

Děkuji. Tady je.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by david (19-05-2021 22:35:09) Run:1
Running from C:\Users\david\Desktop
Loaded Profiles: david
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\Windows Sidebar\sidebar.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 15
Average :
Sum : 25544312
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files\Windows Sidebar\sidebar.exe ========================

C:\Program Files\Windows Sidebar\sidebar.exe
File not signed
MD5: C5F3DACB10B9793334DC59B22A05B257
Creation and modification date: 2021-05-16 21:26 - 2020-05-11 13:29
Size: 001371648
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: Windows Desktop Gadgets
Original Name: sidebar.EXE
Product: Microsoft® Windows® Operating System
Description: Windows Desktop Gadgets
File Version: 6.2.8400.0 (winmain_win8rc.120518-1423)
Product Version: 1.0.8400.0
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/255 ... 1621280474

====== End of File: ======

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16884854 B
Java, Flash, Steam htmlcache => 30802571 B
Windows/system/drivers => 2188605 B
Edge => 0 B
Firefox => 1102054310 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 14856 B
david => 65349605 B

RecycleBin => 345 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:35:45 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu. děkuji

#6 Příspěvek od Conder »

Logy vyzeraju OK, iba sme precistili zbytocnosti. Su s PC nejake problemy?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

vaclavka83
Návštěvník
Návštěvník
Příspěvky: 238
Registrován: 14 čer 2010 13:52

Re: Prosím o preventivní kontrolu. děkuji

#7 Příspěvek od vaclavka83 »

Jeden problém je...Ale nejspíš neude problém od havěti. Mám nastaveno při zmáčknutí tlačítka power, aby přešel notebook do spánku. Když ho ráno probouzím, tak startuje jako když je úplně vypnutý....

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu. děkuji

#8 Příspěvek od Conder »

Ako pises, toto by nemalo suvisiet s malware, skor ako problem s chybajucimi ovladacmi.

Chod na stranku dell.com s ovladacmi pre tento notebook (Dell Inc. Latitude E5440): https://www.dell.com/support/home/sk-sk ... op/drivers
Klikni na Najst ovladace, v kategorii vyber "Cipova suprava" (chipset) a stiahni tieto 2 ovladace:
Software Intel Chipset Device - https://dl.dell.com/FOLDER03709265M/4/C ... A04_01.EXE
Intel Management Engine Components Installer - https://dl.dell.com/FOLDER04419701M/10/ ... A00_07.EXE

Ako prvy nainstaluj "Software Intel Chipset Device", restartuj PC, nainstaluj druhy, znovu restartuj PC a skus otestovat, ci sa nieco zmeni.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět