Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zamrznutí windows, pravděpodobně vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Zamrznutí windows, pravděpodobně vir

#1 Příspěvek od Mineas »

Dobrý den. Dnes jsem večer promazával email (žádné přílohy jsem neotevíral, pouze jsem mazal starou poštu) a procházel webové stránky, které vnímám jako bezpečné, když mi najednou přestala hrát hudba, místo ní se ozvalo ze sluchátek nepříjemné pískání a obrazovka zčernala. NB od dané chvíle na nic nereagoval, nezbylo než jej natvrdo vypnout. Mám vážné obavy, že než jsem jej vypnul, mohl se spustit nějaký nežádoucí program. Jelikož jsem PC před dvěma měsíci uvedl do továrního nastavení a mám nainstalováno minimum programů, tak mám obavy, zda by další uvedení do továrního nastavení spolehlivě zabránilo opakování problému. V PC by neměl být žádný ilegální software. Prosím o radu.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#2 Příspěvek od Mineas »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2020
Ran by minea (administrator) on LAPTOP-PGB37RNH (LENOVO 20J8001HMC) (17-08-2020 22:56:23)
Running from C:\Users\minea\Desktop
Loaded Profiles: minea
Platform: Windows 10 Pro Version 1909 18363.1016 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\Apoint2K\Apoint.exe
(ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3403962241d50282\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3403962241d50282\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3403962241d50282\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3403962241d50282\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3403962241d50282\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_f222132bfa8270de\RstMwService.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.4-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3502756332-3725601925-1334996545-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1911152 2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG6400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBT.DLL [30208 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6400 series: C:\WINDOWS\system32\CNMLMBT.DLL [391168 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2013-01-24] (CANON INC.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {002CADAF-833E-46CC-9948-D46FAB6C0269} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {0497ECC9-13B8-4932-BA4D-FC057BE2451D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.4-0\MpCmdRun.exe [525048 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E118827-E439-4458-827E-DB5DC9F8A572} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2749288 2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {22E008CA-D111-447A-833B-CD23C5A650EA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2AC1B314-BEAB-4F8B-B64A-CFE2BF41EA82} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\92b2bcd8-1ee0-48c1-947d-a189b2343115 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {2DB68E9A-48F1-4AA5-83AF-CF4787CEB5EF} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112840 2020-05-19] (Lenovo -> Lenovo)
Task: {32DDD4CB-017F-45D3-889B-D33E1DCBBD36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {51B5B3B3-8C1C-4077-AEC8-68E3A589F70D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\82c434c4-4fae-4293-99ac-c082d1661095 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {52C2C25A-66EE-491B-8C54-D5F0789C1DFE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [118552 2016-07-11] (CyberLink Corp. -> CyberLink)
Task: {56BBF274-7006-44C7-9B0E-53C4FD42C05F} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2016-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {57345049-3997-46B8-BB00-DE77B8AC842C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.4-0\MpCmdRun.exe [525048 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {63C5A3E2-1BCA-44D3-AB2B-E0DDEB5B25E4} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6657E5F9-A6C3-4F4B-863D-237312FF63DF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\20fae862-2b21-4314-b46e-543c30cb8f64 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {865B079E-7C30-44BA-954A-B85F2A141FA9} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9210C4B0-79D4-4405-B593-870FFE3D1BA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [141752 2020-06-18] (Lenovo -> Lenovo Group Ltd.)
Task: {9DD98ACC-A912-4495-AB92-DDF24AB3E559} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.4-0\MpCmdRun.exe [525048 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9F15C0D4-B5D1-430F-AE63-C08BE8CE1C37} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {A68A8A45-F6E7-4B33-AB68-063397EC85FB} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A6DA14AA-4DF2-4327-917C-55E668FF5831} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {A7E2F44E-97EF-462E-BE85-47E3FF5F8D16} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [120424 2017-03-21] (Lenovo -> Lenovo.)
Task: {B5D044A3-8D26-4801-B1DA-60D294A5528F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.4-0\MpCmdRun.exe [525048 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD081927-A3D8-4D05-BB84-D0E8759BADC5} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe [60616 2020-05-19] (Lenovo -> )
Task: {E69A0B02-16C2-4FEF-A8CC-FC8FFFDBC83A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [56136 2020-07-15] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2d2a89f0-c5c7-4686-a486-370fde4b0349}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{476a6161-439c-48b7-a032-02d3fdac24bd}: [DhcpNameServer] 192.168.2.1
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.2.100,1]

Internet Explorer:
==================
HKU\S-1-5-21-3502756332-3725601925-1334996545-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-08-02] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
DownloadDir: C:\Users\minea\Downloads
Edge Profile: C:\Users\minea\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-17]
Edge DownloadDir: C:\Users\minea\Downloads

FireFox:
========
FF DefaultProfile: 8hjb594w.default
FF ProfilePath: C:\Users\minea\AppData\Roaming\Mozilla\Firefox\Profiles\8hjb594w.default [2020-08-17]
FF Homepage: Mozilla\Firefox\Profiles\8hjb594w.default -> google.cz
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-08-02] (Oracle America, Inc. -> Oracle Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [446808 2019-03-12] (ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-22] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\FileSyncHelper.exe [2165608 2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe [18360 2020-07-09] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892304 2020-03-27] (Lenovo -> Lenovo.)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\OneDriveUpdaterService.exe [2525040 2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6149984 2020-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77824 2016-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48136 2016-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.4-0\NisSrv.exe [2343128 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.4-0\MsMpEng.exe [128376 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AKCCID; C:\WINDOWS\System32\drivers\AKCCID.sys [57296 2018-07-04] (Alcor Micro, Corp. -> Generic)
R3 AlpsHidSmb; C:\WINDOWS\System32\drivers\ApSmbDrv.sys [96440 2019-03-12] (ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [173848 2018-06-05] (BayHub Technology Inc. -> BayHubTech/O2Micro)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [798728 2017-03-02] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8101D91F-2E36-4FCD-A39F-C9B24ECDACB8}\MpKslDrv.sys [73952 2020-08-17] (Microsoft Windows -> Microsoft Corporation)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7621376 2017-03-19] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38176 2020-03-27] (Lenovo -> Lenovo.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31480 2016-10-03] (Synaptics Inc. -> Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-08-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428272 2020-08-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69872 2020-08-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-17 22:56 - 2020-08-17 22:58 - 000018535 _____ C:\Users\minea\Desktop\FRST.txt
2020-08-17 22:55 - 2020-08-17 22:57 - 000000000 ____D C:\FRST
2020-08-17 22:53 - 2020-08-17 22:53 - 002296320 _____ (Farbar) C:\Users\minea\Desktop\FRST64.exe
2020-08-14 12:19 - 2020-08-14 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
2020-08-12 00:27 - 2020-08-12 00:27 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 022642688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 019852288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 018032128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 007758848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 007270912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 006294528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 005904896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 005013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 004611072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 004129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 003516416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-08-12 00:27 - 2020-08-12 00:27 - 002950808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-08-12 00:27 - 2020-08-12 00:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-08-12 00:27 - 2020-08-12 00:27 - 002588688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 002422384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 002259192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 002138280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 001870200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001418832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-08-12 00:27 - 2020-08-12 00:27 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000931328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2020-08-12 00:27 - 2020-08-12 00:27 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000738064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 000639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000359496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000343408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2020-08-12 00:27 - 2020-08-12 00:27 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net1.exe
2020-08-12 00:27 - 2020-08-12 00:27 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2020-08-12 00:27 - 2020-08-12 00:27 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-08-12 00:27 - 2020-08-12 00:27 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-08-12 00:27 - 2020-08-12 00:27 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2020-08-12 00:26 - 2020-08-12 00:27 - 025903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 014820352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 009932088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 007270728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 006436864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 006074552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 005946368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 005849872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 005767224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 005111296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 003974376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 003806208 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 003743056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 003368616 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 002766952 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002737664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002698048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002576896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002085632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001740800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001672544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001654312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001482568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001420320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001406464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-08-12 00:26 - 2020-08-12 00:26 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-08-12 00:26 - 2020-08-12 00:26 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 001197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001182248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 001101312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000897648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000894032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000888352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000823744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000822800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000775480 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000718336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000690536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000675040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000675024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000593480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000568128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000564488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-08-12 00:26 - 2020-08-12 00:26 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000463168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000379704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HrtfApo.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000273744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000132408 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000124512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000090936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acwow64.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys
2020-08-12 00:26 - 2020-08-12 00:26 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2020-08-12 00:26 - 2020-08-12 00:26 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-08-12 00:26 - 2020-08-12 00:26 - 000000357 _____ C:\WINDOWS\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth1KeyDelegate.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-08-12 00:26 - 2020-08-12 00:26 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-08-12 00:25 - 2020-08-12 00:26 - 001756592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-08-12 00:25 - 2020-08-12 00:25 - 017792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 007915864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 007850784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 007583272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 007297536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 005283776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 004625184 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2020-08-12 00:25 - 2020-08-12 00:25 - 004005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 003984896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 003727872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 003141632 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002717696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 002552120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002471936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002260312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 002136064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001660536 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001512848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 001338368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001123344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000917800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000875424 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000716312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 000548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000522688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\HrtfApo.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000369304 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayServer.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000275256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000201544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2020-08-12 00:25 - 2020-08-12 00:25 - 000186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-08-12 00:25 - 2020-08-12 00:25 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-08-12 00:25 - 2020-08-12 00:25 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-08-11 23:59 - 2020-07-18 05:07 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-08-11 23:59 - 2020-07-18 04:53 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-08-11 13:51 - 2020-08-11 14:37 - 000013917 _____ C:\Users\minea\OneDrive\Dokumenty\Autobusy_2020.xlsx
2020-08-10 10:53 - 2020-08-10 10:53 - 000000000 ____D C:\Users\minea\AppData\Roaming\Macromedia
2020-08-10 10:52 - 2020-08-10 11:23 - 000000000 ____D C:\Users\minea\AppData\Local\Adobe
2020-08-10 10:17 - 2020-08-10 10:17 - 000000000 ____D C:\Program Files (x86)\Lenovo
2020-08-09 00:10 - 2020-08-09 00:11 - 000015756 _____ C:\Users\minea\OneDrive\Dokumenty\cc_20200809_001010.reg
2020-08-04 16:30 - 2020-08-04 16:30 - 000001820 _____ C:\Users\minea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\frd.lnk
2020-08-02 12:09 - 2020-08-02 12:09 - 000000000 ____D C:\Users\minea\AppData\Roaming\VitySoft
2020-08-02 12:09 - 2020-08-02 12:09 - 000000000 ____D C:\Users\minea\AppData\Roaming\Sun
2020-08-02 12:09 - 2020-08-02 12:09 - 000000000 ____D C:\Users\minea\AppData\LocalLow\Sun
2020-08-02 12:09 - 2020-08-02 12:09 - 000000000 ____D C:\Users\minea\.objectdb
2020-08-02 12:09 - 2020-08-02 12:08 - 000166056 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2020-08-02 12:08 - 2020-08-02 12:08 - 000000000 ____D C:\ProgramData\Oracle
2020-08-02 12:08 - 2020-08-02 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-08-02 12:08 - 2020-08-02 12:08 - 000000000 ____D C:\Program Files (x86)\Java
2020-08-01 19:26 - 2020-08-13 09:31 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-08-01 19:26 - 2020-08-13 09:31 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-08-01 19:26 - 2020-08-05 12:25 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-08-01 19:26 - 2020-08-05 12:25 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-08-01 18:44 - 2020-07-15 20:38 - 000104776 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2020-08-01 18:44 - 2020-07-15 20:38 - 000104776 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2020-08-01 18:44 - 2020-07-15 20:37 - 000425144 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2020-07-21 19:09 - 2020-07-21 19:09 - 000000000 ____D C:\Users\minea\AppData\LocalLow\Temp
2020-07-21 18:21 - 2020-07-21 18:21 - 000002757 _____ C:\Users\minea\Desktop\Microsoft Office Word 2007.lnk
2020-07-21 11:15 - 2020-07-21 11:15 - 000002300 _____ C:\Users\minea\Desktop\IJ Network Scanner Selector EX.lnk
2020-07-21 11:06 - 2020-07-21 11:06 - 000000000 ____D C:\Users\minea\AppData\Roaming\Skype
2020-07-19 20:45 - 2020-07-19 20:45 - 000001139 _____ C:\Users\minea\Desktop\Telegram.lnk
2020-07-18 22:35 - 2020-08-14 12:21 - 000002293 _____ C:\Users\minea\Desktop\MTG Arena.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-17 22:49 - 2020-07-04 16:32 - 000000000 ____D C:\Users\minea\AppData\LocalLow\Mozilla
2020-08-17 22:47 - 2020-07-04 13:32 - 000000000 ____D C:\WINDOWS\Panther
2020-08-17 22:39 - 2020-07-04 17:19 - 000000000 ____D C:\Users\minea\AppData\Roaming\Telegram Desktop
2020-08-17 22:37 - 2020-07-04 22:49 - 001693636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-08-17 22:37 - 2020-07-04 13:54 - 000718048 _____ C:\WINDOWS\system32\perfh005.dat
2020-08-17 22:37 - 2020-07-04 13:54 - 000145092 _____ C:\WINDOWS\system32\perfc005.dat
2020-08-17 22:37 - 2020-07-04 13:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-08-17 22:37 - 2020-07-04 13:46 - 000000000 ____D C:\WINDOWS\INF
2020-08-17 22:35 - 2020-07-04 16:11 - 000000000 ___RD C:\Users\minea\OneDrive
2020-08-17 22:34 - 2020-07-04 16:06 - 000000000 __SHD C:\Users\minea\IntelGraphicsProfiles
2020-08-17 22:33 - 2020-07-04 22:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-08-17 22:33 - 2020-07-04 22:26 - 000000000 ____D C:\ProgramData\Synaptics
2020-08-17 22:33 - 2020-07-04 22:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-08-17 22:33 - 2020-07-04 16:00 - 000000000 ____D C:\Users\minea
2020-08-17 22:30 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-08-17 12:51 - 2020-07-15 13:01 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2020-08-17 12:50 - 2020-07-04 13:32 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-08-17 12:49 - 2020-07-04 16:35 - 000043632 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\pmxdrv.sys
2020-08-17 12:40 - 2020-07-04 16:29 - 000000000 ____D C:\WINDOWS\TempInst
2020-08-17 12:14 - 2020-07-04 22:26 - 000000000 ____D C:\ProgramData\Intel
2020-08-17 12:14 - 2020-07-04 22:26 - 000000000 ____D C:\Program Files\Intel
2020-08-17 12:14 - 2017-07-11 20:40 - 000000000 ____D C:\ProgramData\Package Cache
2020-08-17 12:13 - 2017-07-11 21:23 - 000000000 ____D C:\Program Files (x86)\Intel
2020-08-17 12:01 - 2020-07-06 22:24 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-08-15 23:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-08-14 00:35 - 2020-07-04 13:48 - 000000000 ___HD C:\Program Files\WindowsApps
2020-08-14 00:30 - 2020-07-04 22:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-08-12 22:12 - 2020-07-15 13:02 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2020-08-12 22:11 - 2020-07-15 13:01 - 000002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-12 11:17 - 2020-07-04 16:06 - 000000000 ___RD C:\Users\minea\3D Objects
2020-08-12 11:17 - 2017-03-23 19:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-08-12 11:15 - 2020-07-04 22:22 - 000301832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\SystemResources
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\system32\setup
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\Provisioning
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-08-12 03:20 - 2020-07-04 13:48 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-08-12 03:20 - 2020-07-04 13:32 - 000000000 ____D C:\WINDOWS\servicing
2020-08-12 00:35 - 2020-07-04 13:39 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-08-10 11:29 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-08-10 11:29 - 2020-07-04 13:48 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-08-10 10:18 - 2020-07-04 22:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2020-08-10 10:18 - 2020-07-04 16:09 - 000000000 ____D C:\Users\minea\AppData\Local\Lenovo
2020-08-10 10:17 - 2020-07-04 14:12 - 000000000 ____D C:\ProgramData\Lenovo
2020-08-08 01:45 - 2020-07-04 17:30 - 000000000 ____D C:\Users\minea\AppData\Roaming\vlc
2020-08-02 12:16 - 2020-07-04 16:12 - 000000000 ____D C:\Users\minea\OneDrive\Dokumenty\programy
2020-08-02 12:09 - 2020-07-04 16:06 - 000000000 ____D C:\Users\minea\AppData\Local\VirtualStore
2020-08-02 12:04 - 2020-07-04 16:14 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-08-02 12:04 - 2020-07-04 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-08-01 18:45 - 2017-07-11 20:40 - 000000000 ____D C:\Program Files\Lenovo
2020-07-18 22:33 - 2020-07-04 16:09 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#3 Příspěvek od Mineas »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by minea (17-08-2020 23:00:47)
Running from C:\Users\minea\Desktop
Windows 10 Pro Version 1909 18363.1016 (X64) (2020-07-04 20:48:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3502756332-3725601925-1334996545-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3502756332-3725601925-1334996545-503 - Limited - Disabled)
Guest (S-1-5-21-3502756332-3725601925-1334996545-501 - Limited - Disabled)
minea (S-1-5-21-3502756332-3725601925-1334996545-1001 - Administrator - Enabled) => C:\Users\minea
WDAGUtilityAccount (S-1-5-21-3502756332-3725601925-1334996545-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)
Canon MG6400 series On-screen Manual (HKLM-x32\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.68 - Piriform)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7312 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2024.14.0.1655 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo) Hidden
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.86.06 - Lenovo) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.071.04 - Lenovo)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.59 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.23 - )
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Mozilla Firefox 79.0 (x64 cs) (HKLM\...\Mozilla Firefox 79.0 (x64 cs)) (Version: 79.0 - Mozilla)
MTG Arena (HKLM\...\{0C31E571-D108-4348-B87C-32BEB45FE042}) (Version: 0.1.3059 - Wizards of the Coast)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (HKLM-x32\...\{D6E853EC-8960-4D44-AF03-7361BB93227C}) (Version: 10.0.1.6705 - CyberLink Corp.) Hidden
Registrace uživatele zařízení Canon MG6400 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG6400 series) (Version: - ‭Canon Inc.)
Služba Lenovo Vantage (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
Telegram Desktop version 2.3 (HKU\S-1-5-21-3502756332-3725601925-1334996545-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.3 - Telegram FZ-LLC)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)

Packages:
=========
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2020-07-04] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2006.41.0_x64__k1h2ywk1493x8 [2020-07-29] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe [2020-07-12] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8042.0_x64__8wekyb3d8bbwe [2020-08-07] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-07-12] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-07-12] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3403962241d50282\igfxDTCM.dll [2020-02-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.134.0705.0008\amd64\FileSyncShell64.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-13 16:11 - 2013-01-24 09:24 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2020-08-10 10:17 - 2020-05-30 20:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-08-04 16:29 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-07-04 15:58 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-3502756332-3725601925-1334996545-1001\Control Panel\Desktop\\Wallpaper -> c:\users\minea\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\silk.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B9A4F40A-C7FA-4D9A-AF09-EAC87E4731FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0CB93E9B-A3B4-41B4-9B42-F5D113472269}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{CE986261-C36B-4905-BDA5-B6A75184A136}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{CFA7A6ED-09CE-4ED4-8D9C-F62BDE70D482}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{D472B17D-D043-4F6F-95B1-7BD4EB31F215}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6F4202C9-A2D7-4FE6-8160-C31D36982AEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E48E21E4-E445-4AB2-A3B3-3E69A93B03F1}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{EA8E91C4-C2E2-4624-B743-44125D8A92D7}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{662859FF-C6A6-41F2-8E15-A60B239F1C21}C:\program files\wizards of the coast\mtga\mtga.exe] => (Block) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{FCAC2DE1-2F45-43B2-A145-58536EB5EAC5}C:\program files\wizards of the coast\mtga\mtga.exe] => (Block) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{FE3A58F2-14FF-4486-81E0-703FC1601CCA}C:\users\minea\appdata\roaming\telegram desktop\telegram.exe] => (Block) C:\users\minea\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [UDP Query User{90CB053C-3BDE-4882-8CD3-46B66297E730}C:\users\minea\appdata\roaming\telegram desktop\telegram.exe] => (Block) C:\users\minea\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [TCP Query User{08DC82D3-090E-4DEA-A4A7-F8D23F377377}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe
FirewallRules: [UDP Query User{1173D46F-FA31-4650-AE9D-FAA5CCC26AED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe
FirewallRules: [{34A01538-BEB9-4E1B-B1FC-3142B43541EF}] => (Block) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe
FirewallRules: [{FA2BA185-FEA2-404B-B429-D6630E093E9E}] => (Block) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe
FirewallRules: [{19BCE076-689C-4C5D-8C7D-3B2A12D61D58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE2F106F-DDF2-46B9-8E62-8D0F7311D6F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1A145E68-BD38-420D-B4D4-436BFAE5F51E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41CBBF61-0A7F-4A4F-A19D-96D66EB50D5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

01-08-2020 18:51:17 Windows Update
08-08-2020 22:21:13 Naplánovaný kontrolní bod
11-08-2020 23:58:38 Windows Update
16-08-2020 21:22:19 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/17/2020 06:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.18362.1, časové razítko: 0x32d6c210
Název chybujícího modulu: wpnuserservice.dll, verze: 10.0.18362.1, časové razítko: 0xea13e855
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000008596
ID chybujícího procesu: 0x15b8
Čas spuštění chybující aplikace: 0x01d67496c3631f45
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\wpnuserservice.dll
ID zprávy: cf03625e-a7ea-4433-90de-6b3b59622e59
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/17/2020 04:45:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program commsapps.exe verze 16005.13110.41006.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2870

Čas spuštění: 01d674a4ed8f41d0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13110.41006.0_x64__8wekyb3d8bbwe\commsapps.exe

ID hlášení: 45782c41-3779-4ea3-9bdd-7c8671335026

Úplný název balíčku s chybou: microsoft.windowscommunicationsapps_16005.13110.41006.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: microsoft.windowslive.mail

Typ zablokování: Cross-thread

Error: (08/17/2020 12:13:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Aplikaci nebo službu Intel(R) Dynamic Application Loader Host Interface Service nelze restartovat.

Error: (08/17/2020 12:13:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Aplikaci nebo službu Intel(R) Management and Security Application Local Management Service nelze restartovat.

Error: (08/12/2020 03:22:04 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (08/12/2020 03:22:04 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (08/10/2020 10:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Minesweeper.exe verze 1.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2dac

Čas spuštění: 01d66f55f80202b7

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe\Minesweeper.exe

ID hlášení: b843933e-ee0b-462f-819b-090a9b194d7f

Úplný název balíčku s chybou: Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Cross-thread

Error: (08/06/2020 11:57:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Minesweeper.exe verze 1.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2e28

Čas spuštění: 01d66c3c5384f74b

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe\Minesweeper.exe

ID hlášení: 0e8e4ac6-1d1f-401a-92a5-a5e303afeb2a

Úplný název balíčku s chybou: Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce


System errors:
=============
Error: (08/17/2020 10:33:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (21:50:59, ‎17.‎08.‎2020) bylo neočekávané.

Error: (08/16/2020 12:28:46 AM) (Source: Netwtw06) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)

Error: (08/15/2020 02:08:16 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Inicializace se nezdařila, protože přenos odmítl otevřít počáteční adresy.

Error: (08/14/2020 08:25:47 PM) (Source: Netwtw06) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)

Error: (08/14/2020 12:50:16 AM) (Source: DCOM) (EventID: 10000) (User: LAPTOP-PGB37RNH)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/13/2020 12:38:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_896a7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (08/13/2020 12:37:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba nabízených oznámení Windows_896a7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (08/13/2020 12:37:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba platformy připojených zařízení_896a7 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 3000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2020-08-17 22:17:19.905
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:O97M/Donoff
ID: 2147689064
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: containerfile:_C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\RECHNUNG-JAN-2015-923617[93].doc; file:_C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\RECHNUNG-JAN-2015-923617[93].doc->(part0004:)->(ActiveMime)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-PGB37RNH\minea
Název procesu: C:\Windows\System32\RuntimeBroker.exe
Verze bezpečnostních informací: AV: 1.321.1611.0, AS: 1.321.1611.0, NIS: 1.321.1611.0
Verze modulu: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-17 22:16:58.399
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Wacatac.C!ml
ID: 2147749377
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SCAN_Invoice_mineas[91].doc
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-PGB37RNH\minea
Název procesu: C:\Windows\System32\RuntimeBroker.exe
Verze bezpečnostních informací: AV: 1.321.1611.0, AS: 1.321.1611.0, NIS: 1.321.1611.0
Verze modulu: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-11 11:10:59.724
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {23E68EBA-B033-4B6C-9609-DA3C94634A50}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-07-16 17:41:54.333
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {36092D2C-94E5-4E6D-A9FD-CD71CA4258A9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-07-13 15:27:15.444
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanClicker:Win32/Yabector
ID: 2147640362
Závažnost: Vážné
Kategorie: Trojský oznamovací program
Cesta: file:_D:\Programy\unlocker1.8.7.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-PGB37RNH\minea
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.319.1375.0, AS: 1.319.1375.0, NIS: 1.319.1375.0
Verze modulu: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-08-08 20:48:40.357
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.321.836.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17300.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2020-07-12 01:58:55.841
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.319.1201.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17200.2
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2020-07-08 23:13:39.492
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.319.990.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17200.2
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2020-07-05 00:02:05.771
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-07-05 00:02:05.770
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: LENOVO N1XET57W (1.35 ) 07/18/2018
Motherboard: LENOVO 20J8001HMC
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 83%
Total physical RAM: 3991.44 MB
Available physical RAM: 642.27 MB
Total Virtual: 7063.44 MB
Available Virtual: 3500.7 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.51 GB) (Free:408.49 GB) NTFS

\\?\Volume{46f41248-d5f8-4bd7-89ed-9581c77c8529}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.52 GB) NTFS
\\?\Volume{43895331-baab-4a1c-84be-351111261141}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 81EB71DC)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#4 Příspěvek od Rudy »

Zdravím!

Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#5 Příspěvek od Mineas »

Tak teď si nejsem jist, možná zbytečně panikařím? Ale k tomu zamrznutí windows opravdu došlo - mohl by být problém v samotném notebooku, který mám teprve asi 3 roky? Případně mě ještě napadá, zda nemůže být problémový soubor na externím disku, ale to je asi dost přitažené za vlasy, protože v okamžiku problému nebyl připojený. Adwcleaner nic nenašel, takže mi čištění a opravy vůbec nenabídl, a hodil mě rovnou do výsledků sklenování s dotazem, zda chci něco dát do karantény z přeinstalovaných aplikací (převážně od Lenova)

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-18-2020
# Duration: 00:00:25
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 19


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.LenovoHotkeyManager Folder C:\Program Files\LENOVO\HOTKEY
Preinstalled.LenovoHotkeyManager Folder C:\Users\minea\AppData\Local\LENOVO\HOTKEY
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Classes\CLSID\{53A8E17F-2DE5-4DD7-AF26-74ED2F3223B9}
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Classes\CLSID\{A48CA1A4-C36B-44f2-8090-19E08DF4365E}
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnScreenDisplay
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\minea\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoPower2Go Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56BBF274-7006-44C7-9B0E-53C4FD42C05F}
Preinstalled.LenovoPower2Go Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLVDLauncher
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Task C:\Windows\System32\Tasks\CLVDLAUNCHER
Preinstalled.LenovoPowerManager Folder C:\Windows\SysWOW64\LENOVO\POWERMGR
Preinstalled.LenovoPowerManager Folder C:\Windows\System32\LENOVO\POWERMGR



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#6 Příspěvek od Rudy »

To je v poho. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\RECHNUNG-JAN-2015-923617[93].doc
C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SCAN_Invoice_mineas[91].doc

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#7 Příspěvek od Mineas »

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by minea (18-08-2020 21:12:40) Run:1
Running from C:\Users\minea\Desktop
Loaded Profiles: minea
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\RECHNUNG-JAN-2015-923617[93].doc
C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SCAN_Invoice_mineas[91].doc

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\RECHNUNG-JAN-2015-923617[93].doc" => not found
"C:\Users\minea\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SCAN_Invoice_mineas[91].doc" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40129441 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 8039969 B
Edge => 53248 B
Chrome => 0 B
Firefox => 1096997721 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 74853180 B
LocalService => 74853180 B
NetworkService => 74861158 B
minea => 75884558 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:13:37 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#9 Příspěvek od Mineas »

V dané chvíli se vše zdá v pořádku. Nic nenaznačuje žádné problémy. Velmi děkuji za pomoc. Mohu poprosit o pomoc s ještě jedním problémem? Jak zkontrolovat externí disk (Adata)? Mám na něm dokumenty a další soubory za 15 let včetně 5 let studia vysoké školy. Chtěl bych se ujistil, že mezi zálohami nejsou zavirované soubory, které by mohly způsobit problémy. Antivir mi v posledním půl roce označil dva ze souborů v zálohách jako zavirované. Oba jsem hned odstranil, ale rád bych se ujistil, že zbytek je v pořádku.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#10 Příspěvek od Rudy »

Disk připojte a pusťte ne něj USBFix: https://www.instaluj.cz/usbfix .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#11 Příspěvek od Mineas »

Snad jsem to udělal správně. Výsledek se zdá v pořádku, děkuji.

# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Version : 11.022
# Database : 2020.08.02
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Full
# User : minea (Administrator)
# Device : LAPTOP-PGB37RNH
# Started : 19/08/2020 21:35:19
# ----------------------------------------------------

------------ | Analyzed disks |

C:\ NTFS (412GB/465GB) [Fixed]
E:\ NTFS (491GB/932GB) [Fixed]

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe" /background
04 - HKLM\..\Run : [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-3502756332-3725601925-1334996545-1001\..\Run : [OneDrive] "C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe" /background

------------ | Tasks |

Task - CLMLSvc_P2G8 --> C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
Task - CLVDLauncher --> C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
Task - Lenovo Active Protection System --> C:\Windows\system32\TpShUI.exe t
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Per-Machine Standalone Update Task --> C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
Task - RtHDVBg_Dolby --> "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
Task - RtHDVBg_LENOVO_MICPKEY --> "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
Task - RTKCPL --> "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /runcplsilence

------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |

[18/08/2020 - 21:14:49 | ASH | 3145728 Ko] - pagefile.sys
[18/08/2020 - 21:14:49 | ASH | 262144 Ko] - swapfile.sys
[19/08/2020 - 15:57:31 | ASH | 1634892 Ko] - hiberfil.sys
[04/07/2020 - 17:36:20 | SHD] - $Recycle.Bin
[04/07/2020 - 13:48:24 | HD] - PerfLogs
[04/07/2020 - 14:12:48 | SHD] - Recovery
[04/07/2020 - 14:13:11 | HD] - $SysReset
[04/07/2020 - 16:12:27 | HD] - OneDriveTemp
[04/07/2020 - 16:19:47 | D] - FibocomLog
[04/07/2020 - 16:22:52 | RD] - Users
[04/07/2020 - 17:01:05 | RHD] - MSOCache
[04/07/2020 - 22:36:01 | HD] - Intel
[04/07/2020 - 22:48:02 | SHD] - Documents and Settings
[02/08/2020 - 12:08:34 | HD] - ProgramData
[17/08/2020 - 12:54:03 | AD] - Windows
[18/08/2020 - 11:17:11 | D] - AdwCleaner
[18/08/2020 - 21:15:43 | D] - FRST
[19/08/2020 - 16:10:44 | RD] - Program Files
[19/08/2020 - 21:19:27 | D] - UsbFix
[19/08/2020 - 21:24:25 | RD] - Program Files (x86)

------------ | E:\ - Fixed drive (NTFS) |

[16/09/2013 - 12:36:32 | A | 12330 Ko] - HDDtoGO.exe
[19/08/2020 - 21:24:11 | A | 4661 Ko] - UsbFix_2019_11.022.exe
[18/07/2020 - 18:18:46 | SHD] - $RECYCLE.BIN
[21/01/2015 - 22:21:35 | D] - Knihy
[21/01/2015 - 22:50:06 | SHD] - RECYCLER
[22/01/2015 - 03:27:38 | D] - Fotografie
[24/06/2016 - 12:27:12 | D] - Mia
[29/05/2017 - 11:15:51 | D] - Programy
[29/05/2017 - 15:30:40 | RSHD] - obrázky
[25/01/2019 - 20:20:06 | D] - Videa
[06/05/2019 - 13:50:05 | HD] - HDDtoGOSettings
[27/09/2019 - 15:30:51 | D] - Ostatní
[04/07/2020 - 11:37:23 | D] - Martin
[13/07/2020 - 16:14:24 | D] - Hry

Infected elements : 0
Analyzed elements : 69620 in 00h 00m 08s

# UsbFix-Report-06.txt [4203B]

------------ | E.O.F |

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#12 Příspěvek od Rudy »

Ano. Žádné infikované soubory nebyly na disku nalezny.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#13 Příspěvek od Mineas »

Děkuji moc. Vypadá to, že v notebooku ani zálohách nic špatného není. Tím je asi problém vyřešený?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#14 Příspěvek od Rudy »

Pokud nemáte ještě nějaký jiný problém, mělo by být dořešeno.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mineas
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 16 úno 2008 17:52
Bydliště: Praha 10
Kontaktovat uživatele:

Re: Zamrznutí windows, pravděpodobně vir

#15 Příspěvek od Mineas »

Vše se zdá v pořádku, děkuji. Použité programy a dokumenty z plochy asi mohu smazat a tím věc uzavřít?

Odpovědět