prevenčka

Zpráva

Thomas · #1 Příspěvek od **Thomas** » 18 dub 2020 07:02

info.txt logfile of random's system information tool 1.10 2020-04-18 07:49:06

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A8B16064000008020210007DF130C000800000020030000DF140C07FEFFFF00280300D7BC5B7400FEFFFF27FEFFFF00E85E74007011000000000000000000000000000000000055AA

======Uninstall list======

Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824369436}
Canon MP Navigator 3.1-->"C:\Program Files (x86)\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator 3.1\uninst.ini
Canon Utilities Easy-LayoutPrint-->C:\Program Files (x86)\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
doPDF 10 add-in for Microsoft Office (x86)-->MsiExec.exe /X{D7846B62-D353-4D63-92D4-8AF4E994A17A}
doPDF 10-->"C:\ProgramData\Package Cache\{96f3a21b-93df-4409-b77f-f24969e7b10e}\novapdf.exe" /uninstall
Duke Nukem - Manhattan Project (DEMO v1.0.1)-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{29F1159B-A14A-4B2D-84CF-F1231F68178E}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Medal of Honor Airborne Demo-->MsiExec.exe /X{25F28E36-FDBB-11DB-8314-0800200C9A66}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{A57025CC-5F2E-4D01-B387-06DB10500D43}
Nokia PC Suite-->C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\setupNokia_PC_Suite_ALL.exe
Nokia PC Suite-->MsiExec.exe /I{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}
OpenOffice 4.1.6-->MsiExec.exe /I{8DADDDBF-EB36-4D00-9291-8C281F1755A6}
PC Connectivity Solution-->MsiExec.exe /I{644F4910-E812-49AD-93EC-86828CB81A0D}
Realtek Ethernet Controller All-In-One Windows Driver-->C:\Program Files (x86)\InstallShield Installation Information\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Zoner Photo Studio 11-->"C:\Program Files (x86)\Zoner\Photo Studio 11\unins000.exe" /SILENT

======System event log======

Computer Name: Lenovo-PC
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20200114174735.749292-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Lenovo-PC
Event Code: 25
Message: Zásada spouštěcí nabídky byla 0x1.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20200114174735.749291-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Lenovo-PC
Event Code: 20
Message: Poslední stav úspěšného vypnutí byl true. Poslední stav úspěšného spuštění byl true.
Record Number: 3
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20200114174735.749223-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Lenovo-PC
Event Code: 153
Message: Zabezpečení založené na virtualizaci (zásady: 0) je disabled.
Record Number: 2
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20200114174735.749061-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Lenovo-PC
Event Code: 12
Message: Operační systém se spustil v systémovém čase ‎2020‎-‎01‎-‎14T17:47:35.500000000Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20200114174735.748946-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Lenovo-PC
Event Code: 256
Message: Služba Šifrování neinicializovala databázi katalogu. Chyba: -2147418113 (0x8000ffff) : Katastrofální selhání
.
Record Number: 5
Source Name: Microsoft-Windows-CAPI2
Time Written: 20200114175009.466326-000
Event Type: Chyba
User:

Computer Name: Lenovo-PC
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 4
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20200114174925.237253-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Lenovo-PC
Event Code: 5617
Message: Subsystémy služby WMI (Windows Management Instrumentation) byly úspěšně inicializovány.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20200114174827.958116-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Lenovo-PC
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-WMI
Time Written: 20200114174826.293012-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-PC
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20200114174924.516861-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Lenovo-PC
Event Code: 5379
Message: Přihlašovací údaje Správce přihlašovacích údajů byly přečteny.

Subjekt:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
Přihlašovací ID: 0x3E7
Operace čtení: Vytvořit výčet přihlašovacích údajů

K této události dochází, když uživatel provede operaci čtení u uložených přihlašovacích údajů ve Správci přihlašovacích údajů.
Record Number: 16499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200219164215.516336-000
Event Type: Úspěšný audit
User:

Computer Name: Lenovo-PC
Event Code: 5379
Message: Přihlašovací údaje Správce přihlašovacích údajů byly přečteny.

Subjekt:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
Přihlašovací ID: 0x3E7
Operace čtení: Vytvořit výčet přihlašovacích údajů

K této události dochází, když uživatel provede operaci čtení u uložených přihlašovacích údajů ve Správci přihlašovacích údajů.
Record Number: 16498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200219164215.516238-000
Event Type: Úspěšný audit
User:

Computer Name: Lenovo-PC
Event Code: 5379
Message: Přihlašovací údaje Správce přihlašovacích údajů byly přečteny.

Subjekt:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
Přihlašovací ID: 0x3E7
Operace čtení: Vytvořit výčet přihlašovacích údajů

K této události dochází, když uživatel provede operaci čtení u uložených přihlašovacích údajů ve Správci přihlašovacích údajů.
Record Number: 16497
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200219164215.513459-000
Event Type: Úspěšný audit
User:

Computer Name: Lenovo-PC
Event Code: 5379
Message: Přihlašovací údaje Správce přihlašovacích údajů byly přečteny.

Subjekt:
ID zabezpečení: S-1-5-18
Název účtu: LENOVO-PC$
Doména účtu: WORKGROUP
Přihlašovací ID: 0x3E7
Operace čtení: Vytvořit výčet přihlašovacích údajů

K této události dochází, když uživatel provede operaci čtení u uložených přihlašovacích údajů ve Správci přihlašovacích údajů.
Record Number: 16496
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200219164215.512110-000
Event Type: Úspěšný audit
User:

Computer Name: Lenovo-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
Record Number: 16495
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20200219164214.857007-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"Path"=C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07

-----------------EOF-----------------

#2 Příspěvek od **Diallix** » 19 dub 2020 05:54

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Thomas · #3 Příspěvek od **Thomas** » 19 dub 2020 07:58

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-19-2020
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 12
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Lenovo\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2546 octets] - [19/04/2020 08:55:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Diallix** » 19 dub 2020 11:34

Poprosim o nove logy z FRST a RSIT

Thomas · #5 Příspěvek od **Thomas** » 19 dub 2020 12:24

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lenovo at 2020-04-19 13:24:41
Microsoft Windows 10 Pro
System drive C: has 905 GB (95%) free of 953 GB
Total RAM: 3944 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:45, on 19.4.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal

Running processes:
C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\CommunicationCentre.exe
C:\Users\Lenovo\Desktop\Documents\Downloads\RSIT (1).exe
C:\Program Files (x86)\trend micro\Lenovo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=37180
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_3ea05 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7962 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2020-02-28 22256824]
"OneDrive"=C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2020-03-20 1579368]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"PromptOnSecureDesktop"=0
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-04-19 08:54:40 ----D---- C:\AdwCleaner
2020-04-18 07:48:57 ----D---- C:\Program Files (x86)\trend micro
2020-04-18 07:48:56 ----D---- C:\rsit
2020-04-16 08:55:09 ----A---- C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 08:55:08 ----A---- C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 08:55:08 ----A---- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 08:55:08 ----A---- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 08:55:07 ----A---- C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 08:55:01 ----A---- C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 08:55:01 ----A---- C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 08:55:00 ----A---- C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 08:55:00 ----A---- C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-16 08:54:58 ----A---- C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 08:54:58 ----A---- C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 08:54:58 ----A---- C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 08:54:58 ----A---- C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 08:54:58 ----A---- C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 08:54:57 ----A---- C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 08:54:56 ----A---- C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 08:54:56 ----A---- C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 08:54:55 ----A---- C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 08:54:54 ----A---- C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 08:54:53 ----A---- C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 08:54:40 ----A---- C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 08:54:40 ----A---- C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 08:54:40 ----A---- C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 08:54:39 ----A---- C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 08:54:39 ----A---- C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 08:54:39 ----A---- C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 08:54:39 ----A---- C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 08:54:39 ----A---- C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 08:54:38 ----A---- C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\es.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 08:54:37 ----A---- C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 08:54:36 ----A---- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 08:54:35 ----A---- C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 08:54:35 ----A---- C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 08:54:35 ----A---- C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 08:54:35 ----A---- C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 08:54:35 ----A---- C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 08:54:34 ----A---- C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 08:54:33 ----A---- C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 08:54:32 ----A---- C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 08:54:32 ----A---- C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 08:54:32 ----A---- C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 08:54:14 ----A---- C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 08:43:59 ----A---- C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-14 12:17:51 ----D---- C:\Program Files (x86)\Steam

======List of files/folders modified in the last 1 month======

2020-04-19 13:24:44 ----D---- C:\WINDOWS\Temp
2020-04-19 13:22:32 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2020-04-19 11:02:20 ----D---- C:\WINDOWS\Prefetch
2020-04-19 09:08:37 ----RD---- C:\WINDOWS\Microsoft.NET
2020-04-19 09:06:27 ----D---- C:\WINDOWS\System32
2020-04-19 09:06:27 ----D---- C:\WINDOWS\INF
2020-04-19 08:58:58 ----A---- C:\WINDOWS\SysWOW64\log.txt
2020-04-19 08:56:59 ----D---- C:\WINDOWS\WinSxS
2020-04-19 08:55:51 ----RD---- C:\Program Files (x86)
2020-04-18 19:10:36 ----D---- C:\WINDOWS\CbsTemp
2020-04-18 07:29:43 ----D---- C:\WINDOWS\AppReadiness
2020-04-17 18:01:45 ----SHD---- C:\System Volume Information
2020-04-16 22:07:09 ----D---- C:\WINDOWS\SysWOW64\cs-CZ
2020-04-16 22:07:09 ----D---- C:\WINDOWS\SysWOW64
2020-04-16 22:07:09 ----D---- C:\WINDOWS\SystemResources
2020-04-16 22:07:04 ----D---- C:\WINDOWS\ShellExperiences
2020-04-16 22:07:04 ----D---- C:\WINDOWS\Provisioning
2020-04-16 22:07:04 ----D---- C:\WINDOWS\PolicyDefinitions
2020-04-16 22:07:04 ----D---- C:\WINDOWS\bcastdvr
2020-04-16 22:07:04 ----D---- C:\WINDOWS\apppatch
2020-04-16 08:28:17 ----D---- C:\WINDOWS\Logs
2020-04-15 07:53:33 ----SHD---- C:\WINDOWS\Installer
2020-04-15 07:53:33 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys []
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys []
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys []
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2020-03-12 29696]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys []
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys []
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys []
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys []
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys []
R2 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys []
R3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys []
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys []
R3 MEIx64;@oem7.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys []
R3 rt640x64;@oem31.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys []
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys []
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys []
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys []
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys []
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys []
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys []
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys []
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys []
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys []
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys []
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys []
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys []
S0 SmartSAMD;SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys []
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys []
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\WINDOWS\system32\drivers\Acx01000.sys []
S3 amdgpio2;@amdgpio2.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\WINDOWS\System32\drivers\amdgpio2.sys []
S3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\WINDOWS\System32\drivers\amdi2c.sys []
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys []
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys []
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys []
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys []
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\WINDOWS\System32\drivers\BthA2dp.sys []
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys []
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys []
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys []
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys []
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys []
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_b9c53b80e63af230\genericusbfn.sys [2019-10-07 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys []
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\WINDOWS\System32\drivers\hidspi.sys []
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys []
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys []
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys []
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys []
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys []
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys []
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys []
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys []
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys []
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys []
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys []
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys []
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys []
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys []
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys []
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel Power Limit Driver; C:\WINDOWS\System32\drivers\intelpmax.sys []
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys []
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys []
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys []
S3 MbbCx;MBB Network Adapter Class Extension; C:\WINDOWS\system32\drivers\MbbCx.sys []
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys []
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys []
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys []
S3 NDKPing;NDKPing Driver; C:\WINDOWS\system32\drivers\NDKPing.sys []
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys []
S3 nmwcd;@oem11.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;@oem18.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys []
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys []
S3 PktMon;Packet Monitor Driver; C:\WINDOWS\system32\drivers\PktMon.sys []
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys []
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys []
S3 portcfg;portcfg; C:\WINDOWS\System32\drivers\portcfg.sys []
S3 ReFSv1;ReFSv1; C:\WINDOWS\SysWOW64\drivers\ReFSv1.sys []
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys []
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys []
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys []
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-02-25 88648]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R2 CDPUserSvc_3ea05;Uživatelská služba platformy připojených zařízení_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-01-03 326168]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe []
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-12-07 139056]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-12-07 139056]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-12-07 139056]
R2 NovaPdf10Server;novaPDF 10 Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [2019-11-13 52528]
R2 OneSyncSvc_3ea05;Hostitel synchronizace_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe []
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R3 cbdhsvc_3ea05;Uživatelská služba schránky_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe []
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-01-04 156968]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 AarSvc_3ea05;Agent Activation Runtime_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 BcastDVRUserService_3ea05;Uživatelská služba pro GameDVR a vysílání her_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 BluetoothUserService_3ea05;Služba pro podporu uživatelů Bluetooth_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 CaptureService_3ea05;CaptureService_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 ConsentUxUserSvc_3ea05;ConsentUX_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2017-03-09 300128]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\WINDOWS\system32\CredentialEnrollmentManager.exe []
S3 CredentialEnrollmentManagerUserSvc_3ea05;CredentialEnrollmentManagerUserSvc_3ea05; C:\WINDOWS\system32\CredentialEnrollmentManager.exe []
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DeviceAssociationBrokerSvc_3ea05;DeviceAssociationBroker_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DevicePickerUserSvc_3ea05;DevicePicker_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DevicesFlowUserSvc_3ea05;Tok zařízení_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe []
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2019-03-01 43704]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\elevation_service.exe [2020-04-02 1113072]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-01-04 156968]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 MessagingService_3ea05;Služba zasílání zpráv_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe []
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 PimIndexMaintenanceSvc_3ea05;Data kontaktů_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 PrintWorkflowUserSvc_3ea05;PrintWorkflow_3ea05; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe []
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe []
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-03-19 45448]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe []
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-19 54912]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-03-19 45448]

-----------------EOF-----------------

#6 Příspěvek od **Diallix** » 19 dub 2020 16:04

Preskenujte, prosim, pocitac pomocou nastroja FRST. Vy ste tu dal log z RSIT.

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.

Thomas · #7 Příspěvek od **Thomas** » 19 dub 2020 16:27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by Lenovo (19-04-2020 17:25:36)
Running from C:\Users\Lenovo\Desktop\Documents\Downloads
Windows 10 Pro Version 1909 18363.778 (X64) (2020-01-14 18:02:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2823961219-2258955507-3959890628-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2823961219-2258955507-3959890628-503 - Limited - Disabled)
Guest (S-1-5-21-2823961219-2258955507-3959890628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2823961219-2258955507-3959890628-1002 - Limited - Enabled)
Lenovo (S-1-5-21-2823961219-2258955507-3959890628-1000 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-2823961219-2258955507-3959890628-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon MP Navigator 3.1 (HKLM-x32\...\MP Navigator 3.1) (Version: - )
Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version: - )
Canon Utilities Easy-LayoutPrint (HKLM-x32\...\Easy-LayoutPrint) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.64 - Piriform)
doPDF (HKLM\...\{3A7AB1B2-ADE4-48D6-BBDB-436394E31CD8}) (Version: 10.5.120 - Softland) Hidden
doPDF 10 (HKLM-x32\...\{96f3a21b-93df-4409-b77f-f24969e7b10e}) (Version: 10.5.120 - Softland)
doPDF 10 add-in for Microsoft Office (x64) (HKLM\...\{03EDB7F5-656B-4F15-A4D6-91B4EC1BC90E}) (Version: 10.5.120 - Softland)
doPDF 10 add-in for Microsoft Office (x86) (HKLM-x32\...\{D7846B62-D353-4D63-92D4-8AF4E994A17A}) (Version: 10.5.120 - Softland)
doPDF 10 Printer Driver (HKLM\...\{1834361A-1791-4758-B7F9-29A512859AD3}) (Version: 10.5.120 - Softland)
Duke Nukem - Manhattan Project (DEMO v1.0.1) (HKLM-x32\...\{29F1159B-A14A-4B2D-84CF-F1231F68178E}) (Version: 1.0.1 - Arush Entertainment) Hidden
Duke Nukem - Manhattan Project (DEMO v1.0.1) (HKLM-x32\...\InstallShield_{29F1159B-A14A-4B2D-84CF-F1231F68178E}) (Version: 1.0.1 - Arush Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
LibreOffice 6.1.4.2 (HKLM\...\{080C0C39-B1B5-48BB-85AB-4F9A8768CD10}) (Version: 6.1.4.2 - The Document Foundation)
Medal of Honor Airborne Demo (HKLM-x32\...\{25F28E36-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Microsoft OneDrive (HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
OpenOffice 4.1.6 (HKLM-x32\...\{8DADDDBF-EB36-4D00-9291-8C281F1755A6}) (Version: 4.16.9790 - Apache Software Foundation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Zoner Photo Studio 11 (HKLM-x32\...\ZonerPhotoStudio11_CZ_is1) (Version: - ZONER software)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files (x86)\Zoner\Photo Studio 11\Program\SHELLEXT64.DLL (ZONER software) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2823961219-2258955507-3959890628-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 11\Program\SHELLEXT64.DLL [2008-10-22] (ZONER software) [File not signed]
ContextMenuHandlers2_S-1-5-21-2823961219-2258955507-3959890628-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 11\Program\SHELLEXT64.DLL [2008-10-22] (ZONER software) [File not signed]
ContextMenuHandlers4_S-1-5-21-2823961219-2258955507-3959890628-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 11\Program\SHELLEXT64.DLL [2008-10-22] (ZONER software) [File not signed]
ContextMenuHandlers6_S-1-5-21-2823961219-2258955507-3959890628-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 11\Program\SHELLEXT64.DLL [2008-10-22] (ZONER software) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2019-01-04 18:15 - 2011-01-03 14:33 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2019-01-04 18:15 - 2011-01-03 14:27 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2012-06-26 14:08 - 2012-06-26 14:08 - 000026624 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
2012-06-26 12:58 - 2012-06-26 12:58 - 001262592 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\NGSCM64.DLL
2012-06-26 14:08 - 2012-06-26 14:08 - 000572928 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
2007-02-05 10:29 - 2007-02-05 10:29 - 000139264 _____ (Nuance Communications, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpHookSE4.dll
2019-11-13 16:35 - 2019-11-13 16:35 - 000018944 _____ (Softland) [File not signed] C:\WINDOWS\System32\novamn10.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\Desktop\thumb-1920-216472.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1CD4C1CE-BE70-4230-AE9C-A36E5CDB7990}] => (Allow) LPort=8501
FirewallRules: [{3312773C-2127-412D-B844-9D726F371EB0}] => (Allow) LPort=8501
FirewallRules: [{574FEE10-9322-4E52-B66A-D4DECBB205FF}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe No File
FirewallRules: [{74B55324-CBC7-4B83-9A79-114F222F58EC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{38B38190-DA94-4272-9A5A-D796818A0700}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{CAC713E0-422D-4EA8-BB34-AFEF8F8FE15A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EBB33629-34EF-4DEF-9A3A-D0059AA2F4CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0FFEBD8C-1954-4FE3-B0B7-AF474E772D73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3E282DC8-669C-4D70-9399-75C36DC50325}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{12EC4EBA-4E31-426B-935C-3915A2C95F41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36706A92-05DB-487C-BF51-AD958450C94A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9EA86F62-07DF-4624-816B-05BF73CBB701}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAD3FE37-8B1E-496F-B89F-06408514DF05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{675E30EB-252B-46F2-979C-3CF142B9FF91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

26-03-2020 18:53:42 Naplánovaný kontrolní bod
05-04-2020 20:20:42 Naplánovaný kontrolní bod
14-04-2020 08:37:40 Naplánovaný kontrolní bod
17-04-2020 18:01:23 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: Neznámé zařízení USB (požadavek popisovače zařízení selhal)
Description: Neznámé zařízení USB (požadavek popisovače zařízení selhal)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standardní hostitelský řadič USB)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: ========================

Application errors:
==================
Error: (04/19/2020 05:24:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4656,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/19/2020 05:16:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/19/2020 05:16:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/19/2020 03:05:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4988,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/19/2020 09:35:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9000,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/19/2020 09:16:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2424,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/19/2020 09:04:21 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4572,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (04/19/2020 08:54:13 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: Velikost požadované vyrovnávací paměti je větší než velikost vyrovnávací paměti předané do funkce Collect knihovny DLL rozšiřitelných čítačů C:\Windows\System32\perfts.dll pro službu LSM. Velikost dané vyrovnávací paměti: 11560; požadovaná velikost: 31752.

System errors:
=============
Error: (04/19/2020 04:28:41 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2020 03:53:06 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2020 02:26:01 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2020 12:34:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2020 11:15:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2020 09:30:09 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2020 08:55:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba novaPDF 10 Server byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (04/19/2020 08:55:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ServiceLayer byla neočekávaně ukončena. Tento stav nastal již 1krát.

Windows Defender:
===================================
Date: 2020-04-18 07:47:23.578
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Lenovo\Desktop\Documents\Downloads\FRST.exe; webfile:_C:\Users\Lenovo\Desktop\Documents\Downloads\FRST.exe|https://download.bleepingcomputer.com/d ... 7431309589
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: Lenovo-PC\Lenovo
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.313.1729.0, AS: 1.313.1729.0, NIS: 1.313.1729.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-13 15:10:29.891
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {788BC86A-A8CB-41ED-9294-F0F3A7AC1BA0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-16 15:08:53.303
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {BC4E7557-2E22-4B56-8BDC-FBF2520BF3B4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-05 15:51:54.631
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.311.528.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16800.2
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2020-02-11 14:56:33.925
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.619.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-02-11 14:56:33.925
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.619.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-02-11 14:56:33.925
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.619.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-02-11 14:56:33.917
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.619.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-03-11 16:24:20.826
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-11 16:24:20.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-11 16:24:20.570
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-11 16:24:19.972
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-11 16:24:19.858
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 9QKT37AUS 02/14/2012
Motherboard: LENOVO To be filled by O.E.M.
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
Percentage of memory in use: 64%
Total physical RAM: 3944.4 MB
Available physical RAM: 1410.06 MB
Total Virtual: 7912.4 MB
Available Virtual: 5011 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.87 GB) (Free:879.18 GB) NTFS

\\?\Volume{08e6c5c3-103a-11e9-9df1-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{4006168b-0000-0000-0000-d0bde8000000}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4006168B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=558 MB) - (Type=27)

==================== End of Addition.txt =======================

#8 Příspěvek od **Diallix** » 19 dub 2020 18:30

Este poprosim FRST.log

Thomas · #9 Příspěvek od **Thomas** » 19 dub 2020 18:56

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by Lenovo (administrator) on LENOVO-PC (LENOVO 5033A19) (19-04-2020 19:52:46)
Running from C:\Users\Lenovo\Desktop\Documents\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 10 Pro Version 1909 18363.778 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.5-0\NisSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia -> Nokia)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DEA645-20F7-4AE4-9051-17249108F217} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07B96812-63BB-4877-A34C-CC5AB48E7D0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {11EF4630-22E1-4B54-AABE-CDA995EFC638} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1C34D78B-D2EC-4436-874B-008B1B41CD18} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {207A5AAE-0739-4FD2-843A-A3F533E940CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FCBAE9E-4607-45B1-AD44-12E1FF663A61} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {30E7CE91-CB13-439C-8E57-79A5E50504E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {329E55B6-6F84-4255-AC26-9790507F176D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {355A79C3-FDED-4590-A876-01101B391894} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C72130E-4F29-4114-8D14-DABB6C184829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41DA50DC-BEA7-42AA-9921-C2E7B5484EC0} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {42AB4D36-1085-4D0F-A89C-92D156BE655D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {464D8716-3FF4-454B-A8A5-948EE4412D03} - System32\Tasks\doPDF 10 Update => C:\Program Files\Softland\novaPDF 10\Driver\UpdateApplication.exe [98608 2019-11-13] (Softland SRL -> )
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {54105CDB-B88E-401A-8C8E-0A74C06B84D5} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {55819FE3-490A-4353-B1E3-CDD148566F6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5CE5F8B5-57BC-4C77-AA44-DDD4443D3B09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {6050D49F-17DE-45C1-8A5C-21D11EBBA024} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6DDA3D6F-6EE3-4B3D-9ACB-03E689CBEDF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6F519226-3022-488C-9D29-F76D58507FD5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DA266BC-9364-408A-90B4-E76E49C24E93} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {848E114E-1384-444C-A33C-A6DD9074E32D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {862B7B02-B750-431D-B198-58ADD0F42F22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {870968C4-8D7B-4C85-831F-D1B5CDD88695} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EF9C5BB-602B-4058-A4FE-9A78F1CF9DDC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-02] (Avast Software s.r.o. -> Avast Software)
Task: {91A0CFC0-13F7-4C4D-9320-686F9605BEF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {941A4613-0A76-4624-A3C9-F5AC25436107} - System32\Tasks\doPDF 10 Telemetry => C:\Program Files\Softland\novaPDF 10\Driver\GoogleAnalytics.exe [51504 2019-11-13] (Softland SRL -> )
Task: {961377BE-0034-4F85-A62E-D9809ABE6901} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {9EF41F19-122C-4997-B57C-966E6BB717EA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {A0254EA2-476D-4820-BE25-E69241EE882B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A3A2292C-93A4-4C38-9639-10858386156C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0008DF8-91F0-4ACC-A5C7-3F3858276CC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B8913AB9-77D1-4218-9221-5BE20A2E3CB7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B964039E-75B6-4FA5-9725-53E991E7D4F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {BECF0DF2-ECC6-4D9D-AA30-27F2895B0410} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C31E9249-1B82-4775-AE08-CE0C55D93936} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0A4347B-FFF0-4162-B463-EBA36B1774FF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0BAE5EB-71CE-4598-99C1-99548FF54380} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E7AC415B-182A-48E8-B522-0BD1BF2E25B5} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E80C079E-A156-49E4-B48F-E7C22CC4CCCE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EEB6FD51-1DA2-4C7E-9AD2-68DE9E450AD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FCB55A76-0757-4C95-A626-0B2F80ABBE42} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD440D88-5057-4325-8664-AEB10EDCFF52} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22D18EF9-F416-4B29-BE1E-CB7341C7014A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {1155093D-28E3-4655-916A-067D21C1732E} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {1D79FECB-177B-474E-9C57-B5B94795722C} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {2DE3638D-0624-43AE-96E8-A18B653B1574} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {3D5982EA-1FF5-4600-94A9-0B03B43E828A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {712FB5B0-3020-4D5E-9D05-FE78FE966601} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {75C7BD75-C432-4D88-BDF6-E5A529FDE99B} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {8C94B53D-98D1-4E4C-B534-EEB3BAB82A3C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {8F76201C-6C45-4E54-92FF-757C2F4EA9A2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {E5144121-9728-4A84-B827-847E69448894} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_37180

FireFox:
========
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-11]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-19]
CHR Notifications: Profile 1 -> hxxps://aukro.cz; hxxps://cz.gearbest.com; hxxps://de-film.com; hxxps://notify-master.net; hxxps://personal-video.live; hxxps://upcr.cz; hxxps://www.bandsintown.com; hxxps://www.ceske-kurvicky.cz; hxxps://www.chance.cz; hxxps://www.heavengifts.com; hxxps://www.kupi.cz; hxxps://www.megaknihy.cz; hxxps://www.viry.cz; hxxps://www2.thefastpush.com
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://hfamgdphmadpbopjpnjeclijgabhmeml/index.html"
CHR DefaultSearchURL: Profile 1 -> hxxps://sport.awesomesearch.net/search/?category=web&s=r2ds&vert=sporttv&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> Awesome Sports Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://sug.awesomesearch.net/search/index_sg.php?q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-09]
CHR Extension: (Dokumenty) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-09]
CHR Extension: (Disk Google) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-09]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-09]
CHR Extension: (Awesome Sports Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chdcioeefochikmopapgkooakjbkfaed [2020-01-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-04]
CHR Extension: (Tabulky) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Avast Online Security) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-03-02]
CHR Extension: (Web Start) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfamgdphmadpbopjpnjeclijgabhmeml [2020-02-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-19]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-11]
CHR HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2019-11-13] (Softland SRL -> Microsoft)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\NisSrv.exe [3304992 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MsMpEng.exe [103168 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-07] (Microsoft Corporation) [File not signed]
S3 nmwcd; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [19968 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [27136 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 pccsmcfd; C:\WINDOWS\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
S3 upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-04-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394472 2020-04-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64744 2020-04-16] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-19 17:22 - 2020-04-19 19:53 - 000000000 ____D C:\FRST
2020-04-19 08:54 - 2020-04-19 08:55 - 000000000 ____D C:\AdwCleaner
2020-04-18 07:48 - 2020-04-19 13:24 - 000000000 ____D C:\Program Files (x86)\trend micro
2020-04-18 07:48 - 2020-04-18 07:49 - 000000000 ____D C:\rsit
2020-04-16 08:55 - 2020-04-16 08:55 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 08:55 - 2020-04-16 08:55 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 08:54 - 2020-04-16 08:54 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-16 08:54 - 2020-04-16 08:54 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-16 08:54 - 2020-04-16 08:54 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-16 08:54 - 2020-04-16 08:54 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 08:53 - 2020-04-16 08:53 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-16 08:44 - 2020-03-17 05:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-16 08:43 - 2020-03-17 05:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-15 15:15 - 2020-04-19 19:50 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2020-04-14 16:02 - 2020-04-14 16:18 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Steam
2020-04-14 12:17 - 2020-04-15 07:53 - 000000000 ____D C:\Program Files (x86)\Steam
2020-03-23 15:44 - 2020-03-23 15:44 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-19 19:48 - 2020-01-14 19:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-19 17:54 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-19 17:26 - 2020-01-14 19:54 - 001885560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-19 17:26 - 2019-03-19 13:57 - 000779936 _____ C:\WINDOWS\system32\perfh005.dat
2020-04-19 17:26 - 2019-03-19 13:57 - 000177824 _____ C:\WINDOWS\system32\perfc005.dat
2020-04-19 17:26 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-19 17:17 - 2020-01-14 20:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-19 17:16 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-18 19:10 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-18 07:29 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-16 22:08 - 2020-01-14 19:48 - 000449608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 22:07 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 22:00 - 2019-02-13 18:59 - 000000000 ____H C:\Users\Lenovo\Desktop\fssort.ini
2020-04-16 18:07 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-16 12:23 - 2020-01-14 20:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-15 20:29 - 2020-01-14 19:54 - 000000000 ____D C:\Users\Lenovo
2020-04-07 06:55 - 2019-01-04 18:25 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-02 19:25 - 2020-01-29 16:02 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-03-29 09:14 - 2019-03-04 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
2020-03-20 21:12 - 2020-01-14 20:01 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-20 21:12 - 2020-01-14 20:01 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 16:20 - 2020-01-14 21:32 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2823961219-2258955507-3959890628-1000
2020-03-20 16:20 - 2020-01-14 21:32 - 000000000 ___RD C:\Users\Lenovo\OneDrive
2020-03-20 16:20 - 2020-01-14 19:54 - 000002407 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#10 Příspěvek od **Diallix** » 21 dub 2020 06:34

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {862B7B02-B750-431D-B198-58ADD0F42F22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {5CE5F8B5-57BC-4C77-AA44-DDD4443D3B09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {B964039E-75B6-4FA5-9725-53E991E7D4F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
CHR DefaultSearchURL: Profile 1 -> hxxps://sport.awesomesearch.net/search/ ... sporttv&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> Awesome Sports Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://sug.awesomesearch.net/search/index_sg.php?q={searchTerms}
CHR Extension: (Awesome Sports Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chdcioeefochikmopapgkooakjbkfaed [2020-01-15]
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{1CD4C1CE-BE70-4230-AE9C-A36E5CDB7990}] => (Allow) LPort=8501
FirewallRules: [{3312773C-2127-412D-B844-9D726F371EB0}] => (Allow) LPort=8501
FirewallRules: [{574FEE10-9322-4E52-B66A-D4DECBB205FF}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Thomas · #11 Příspěvek od **Thomas** » 21 dub 2020 07:31

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by Lenovo (administrator) on LENOVO-PC (LENOVO 5033A19) (19-04-2020 19:52:46)
Running from C:\Users\Lenovo\Desktop\Documents\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 10 Pro Version 1909 18363.778 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.5-0\NisSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia -> Nokia)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DEA645-20F7-4AE4-9051-17249108F217} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07B96812-63BB-4877-A34C-CC5AB48E7D0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {11EF4630-22E1-4B54-AABE-CDA995EFC638} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1C34D78B-D2EC-4436-874B-008B1B41CD18} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {207A5AAE-0739-4FD2-843A-A3F533E940CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FCBAE9E-4607-45B1-AD44-12E1FF663A61} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {30E7CE91-CB13-439C-8E57-79A5E50504E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {329E55B6-6F84-4255-AC26-9790507F176D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {355A79C3-FDED-4590-A876-01101B391894} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C72130E-4F29-4114-8D14-DABB6C184829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41DA50DC-BEA7-42AA-9921-C2E7B5484EC0} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {42AB4D36-1085-4D0F-A89C-92D156BE655D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {464D8716-3FF4-454B-A8A5-948EE4412D03} - System32\Tasks\doPDF 10 Update => C:\Program Files\Softland\novaPDF 10\Driver\UpdateApplication.exe [98608 2019-11-13] (Softland SRL -> )
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {54105CDB-B88E-401A-8C8E-0A74C06B84D5} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {55819FE3-490A-4353-B1E3-CDD148566F6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5CE5F8B5-57BC-4C77-AA44-DDD4443D3B09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {6050D49F-17DE-45C1-8A5C-21D11EBBA024} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6DDA3D6F-6EE3-4B3D-9ACB-03E689CBEDF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6F519226-3022-488C-9D29-F76D58507FD5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DA266BC-9364-408A-90B4-E76E49C24E93} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {848E114E-1384-444C-A33C-A6DD9074E32D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {862B7B02-B750-431D-B198-58ADD0F42F22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {870968C4-8D7B-4C85-831F-D1B5CDD88695} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EF9C5BB-602B-4058-A4FE-9A78F1CF9DDC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-02] (Avast Software s.r.o. -> Avast Software)
Task: {91A0CFC0-13F7-4C4D-9320-686F9605BEF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {941A4613-0A76-4624-A3C9-F5AC25436107} - System32\Tasks\doPDF 10 Telemetry => C:\Program Files\Softland\novaPDF 10\Driver\GoogleAnalytics.exe [51504 2019-11-13] (Softland SRL -> )
Task: {961377BE-0034-4F85-A62E-D9809ABE6901} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {9EF41F19-122C-4997-B57C-966E6BB717EA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {A0254EA2-476D-4820-BE25-E69241EE882B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A3A2292C-93A4-4C38-9639-10858386156C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0008DF8-91F0-4ACC-A5C7-3F3858276CC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B8913AB9-77D1-4218-9221-5BE20A2E3CB7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B964039E-75B6-4FA5-9725-53E991E7D4F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {BECF0DF2-ECC6-4D9D-AA30-27F2895B0410} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C31E9249-1B82-4775-AE08-CE0C55D93936} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0A4347B-FFF0-4162-B463-EBA36B1774FF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0BAE5EB-71CE-4598-99C1-99548FF54380} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E7AC415B-182A-48E8-B522-0BD1BF2E25B5} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E80C079E-A156-49E4-B48F-E7C22CC4CCCE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EEB6FD51-1DA2-4C7E-9AD2-68DE9E450AD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MpCmdRun.exe [485944 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FCB55A76-0757-4C95-A626-0B2F80ABBE42} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD440D88-5057-4325-8664-AEB10EDCFF52} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22D18EF9-F416-4B29-BE1E-CB7341C7014A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {1155093D-28E3-4655-916A-067D21C1732E} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {1D79FECB-177B-474E-9C57-B5B94795722C} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {2DE3638D-0624-43AE-96E8-A18B653B1574} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {3D5982EA-1FF5-4600-94A9-0B03B43E828A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {712FB5B0-3020-4D5E-9D05-FE78FE966601} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {75C7BD75-C432-4D88-BDF6-E5A529FDE99B} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {8C94B53D-98D1-4E4C-B534-EEB3BAB82A3C} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {8F76201C-6C45-4E54-92FF-757C2F4EA9A2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-2823961219-2258955507-3959890628-1000 -> {E5144121-9728-4A84-B827-847E69448894} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_37180

FireFox:
========
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-11]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-19]
CHR Notifications: Profile 1 -> hxxps://aukro.cz; hxxps://cz.gearbest.com; hxxps://de-film.com; hxxps://notify-master.net; hxxps://personal-video.live; hxxps://upcr.cz; hxxps://www.bandsintown.com; hxxps://www.ceske-kurvicky.cz; hxxps://www.chance.cz; hxxps://www.heavengifts.com; hxxps://www.kupi.cz; hxxps://www.megaknihy.cz; hxxps://www.viry.cz; hxxps://www2.thefastpush.com
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://hfamgdphmadpbopjpnjeclijgabhmeml/index.html"
CHR DefaultSearchURL: Profile 1 -> hxxps://sport.awesomesearch.net/search/?category=web&s=r2ds&vert=sporttv&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> Awesome Sports Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://sug.awesomesearch.net/search/index_sg.php?q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-09]
CHR Extension: (Dokumenty) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-09]
CHR Extension: (Disk Google) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-09]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-09]
CHR Extension: (Awesome Sports Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chdcioeefochikmopapgkooakjbkfaed [2020-01-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-04]
CHR Extension: (Tabulky) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Avast Online Security) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-03-02]
CHR Extension: (Web Start) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfamgdphmadpbopjpnjeclijgabhmeml [2020-02-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-19]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-11]
CHR HKU\S-1-5-21-2823961219-2258955507-3959890628-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2019-11-13] (Softland SRL -> Microsoft)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\NisSrv.exe [3304992 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.5-0\MsMpEng.exe [103168 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-07] (Microsoft Corporation) [File not signed]
S3 nmwcd; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [19968 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [27136 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 pccsmcfd; C:\WINDOWS\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
S3 upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-04-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394472 2020-04-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64744 2020-04-16] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-19 17:22 - 2020-04-19 19:53 - 000000000 ____D C:\FRST
2020-04-19 08:54 - 2020-04-19 08:55 - 000000000 ____D C:\AdwCleaner
2020-04-18 07:48 - 2020-04-19 13:24 - 000000000 ____D C:\Program Files (x86)\trend micro
2020-04-18 07:48 - 2020-04-18 07:49 - 000000000 ____D C:\rsit
2020-04-16 08:55 - 2020-04-16 08:55 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 08:55 - 2020-04-16 08:55 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 08:55 - 2020-04-16 08:55 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 08:54 - 2020-04-16 08:54 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-16 08:54 - 2020-04-16 08:54 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-16 08:54 - 2020-04-16 08:54 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-16 08:54 - 2020-04-16 08:54 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 08:54 - 2020-04-16 08:54 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 08:54 - 2020-04-16 08:54 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 08:54 - 2020-04-16 08:54 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 08:53 - 2020-04-16 08:53 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-16 08:53 - 2020-04-16 08:53 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-16 08:53 - 2020-04-16 08:53 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-16 08:53 - 2020-04-16 08:53 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-16 08:44 - 2020-03-17 05:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-16 08:43 - 2020-03-17 05:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-15 15:15 - 2020-04-19 19:50 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2020-04-14 16:02 - 2020-04-14 16:18 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Steam
2020-04-14 12:17 - 2020-04-15 07:53 - 000000000 ____D C:\Program Files (x86)\Steam
2020-03-23 15:44 - 2020-03-23 15:44 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-19 19:48 - 2020-01-14 19:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-19 17:54 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-19 17:26 - 2020-01-14 19:54 - 001885560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-19 17:26 - 2019-03-19 13:57 - 000779936 _____ C:\WINDOWS\system32\perfh005.dat
2020-04-19 17:26 - 2019-03-19 13:57 - 000177824 _____ C:\WINDOWS\system32\perfc005.dat
2020-04-19 17:26 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-19 17:17 - 2020-01-14 20:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-19 17:16 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-18 19:10 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-18 07:29 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-16 22:08 - 2020-01-14 19:48 - 000449608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 22:07 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-16 22:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 22:00 - 2019-02-13 18:59 - 000000000 ____H C:\Users\Lenovo\Desktop\fssort.ini
2020-04-16 18:07 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-16 12:23 - 2020-01-14 20:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-15 20:29 - 2020-01-14 19:54 - 000000000 ____D C:\Users\Lenovo
2020-04-07 06:55 - 2019-01-04 18:25 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-02 19:25 - 2020-01-29 16:02 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-03-29 09:14 - 2019-03-04 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
2020-03-20 21:12 - 2020-01-14 20:01 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-20 21:12 - 2020-01-14 20:01 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 16:20 - 2020-01-14 21:32 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2823961219-2258955507-3959890628-1000
2020-03-20 16:20 - 2020-01-14 21:32 - 000000000 ___RD C:\Users\Lenovo\OneDrive
2020-03-20 16:20 - 2020-01-14 19:54 - 000002407 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#12 Příspěvek od **Diallix** » 21 dub 2020 09:01

Je nutne, aby ste urobil fix - opravu. Ako som hore napisal navod na fix je nasledovny:

Kód: Vybrat vše

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Thomas · #13 Příspěvek od **Thomas** » 21 dub 2020 09:47

Problém viz příloha

#14 Příspěvek od **Diallix** » 21 dub 2020 16:06

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Start:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {862B7B02-B750-431D-B198-58ADD0F42F22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {5CE5F8B5-57BC-4C77-AA44-DDD4443D3B09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-04] (Google Inc -> Google Inc.)
Task: {B964039E-75B6-4FA5-9725-53E991E7D4F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
CHR DefaultSearchURL: Profile 1 -> hxxps://sport.awesomesearch.net/search/ ... sporttv&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> Awesome Sports Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://sug.awesomesearch.net/search/index_sg.php?q={searchTerms}
CHR Extension: (Awesome Sports Search) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chdcioeefochikmopapgkooakjbkfaed [2020-01-15]
U3 idsvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{1CD4C1CE-BE70-4230-AE9C-A36E5CDB7990}] => (Allow) LPort=8501
FirewallRules: [{3312773C-2127-412D-B844-9D726F371EB0}] => (Allow) LPort=8501
FirewallRules: [{574FEE10-9322-4E52-B66A-D4DECBB205FF}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe No File

EmptyTemp:

End:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Thomas · #15 Příspěvek od **Thomas** » 21 dub 2020 18:34

Chrome => 151668501 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 4470 B
Lenovo => 2631587 B

RecycleBin => 140933 B
EmptyTemp: => 182.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:31:28 ====

VIRY.CZ

prevenčka

prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka

Re: prevenčka