Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Virus/Rootkit?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Yurij32
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 zář 2020 21:04

Virus/Rootkit?

#1 Příspěvek od Yurij32 »

Dobrý deň,
notebook sa chova neštandardne aj po reinštalácií OS mám podozrenie na bootkit. Prosím preto o kontrolu logu. Dakujem za rady.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2020
Ran by PC (administrator) on DESKTOP-T9944MO (Acer HadesS) (22-09-2020 21:17:45)
Running from C:\Users\PC\Desktop\FRST
Loaded Profiles: PC
Platform: Windows 10 Pro Version 1909 18363.1082 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnapp.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\85.0.564.51\elevation_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12009.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\slui.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16161536 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [217144 2020-07-15] (Bitdefender SRL -> Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9CE3939C-C7CC-4876-8625-0088235FEFFF} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [545840 2020-07-16] (Bitdefender SRL -> Bitdefender)
Task: {A9E71E43-9801-4D4C-85FC-6CB18C63E898} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-06-23] (Bitdefender SRL -> Bitdefender)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{66d3a4e1-7cb2-44cf-b68f-dee33f4d994a}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{d888add3-6229-4ab3-8bce-1c0b986b0572}: [DhcpNameServer] 8.8.8.8

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-20]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-07-22] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [132480 2020-06-24] (AnchorFree Inc -> AnchorFree Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-07-16] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-07-16] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [230128 2020-07-15] (Bitdefender SRL -> Bitdefender)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1356792 2020-06-23] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6150504 2020-08-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-07-16] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-07-16] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [2113184 2020-06-18] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [757240 2020-04-30] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
R0 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [453344 2020-06-02] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [194712 2020-06-15] (Bitdefender SRL -> BitDefender LLC)
R2 Ignis; C:\Windows\system32\DRIVERS\ignis.sys [185320 2020-09-09] (Bitdefender SRL -> Bitdefender)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [638368 2020-01-31] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-22 21:16 - 2020-09-22 21:16 - 000028492 _____ C:\Users\PC\Desktop\Addition.txt
2020-09-22 21:15 - 2020-09-22 21:17 - 000000000 ____D C:\Users\PC\Desktop\FRST
2020-09-22 21:13 - 2020-09-22 21:17 - 000000000 ____D C:\FRST
2020-09-22 21:10 - 2020-09-22 21:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-09-22 20:35 - 2020-09-22 20:35 - 000082604 _____ C:\ProgramData\agent.update.1600799695.bdinstall.v2.bin
2020-09-20 15:47 - 2020-09-20 15:47 - 000002543 _____ C:\Users\PC\Desktop\siete.txt
2020-09-11 15:29 - 2020-09-11 15:29 - 032928920 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsRaw.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 031598936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsRaw.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 025444864 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 022642176 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 019852288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 018032128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 009926456 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 007910152 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 007845080 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 007761408 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 006526448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 006233080 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 006069360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 005907456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 005284328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 005041152 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 005003832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 004605952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 004538368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 004129416 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003985920 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003822592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003805696 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003740456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003727872 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 003714048 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003581240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 003501568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003371176 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003136000 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 003084800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 002799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 002711552 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 002697536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 002585032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 002576896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 002483712 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 002291712 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 002260824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001885184 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001751040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001750016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001726264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001698816 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001672544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001670144 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001653792 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001522176 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001486848 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 001459200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001421392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001399216 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001397560 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 001393960 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001274128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001260752 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2020-09-11 15:29 - 2020-09-11 15:29 - 001182720 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001170960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001151808 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001149712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 001099600 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001092096 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001077048 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 001054160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001039872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2020-09-11 15:29 - 2020-09-11 15:29 - 001009200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 001008952 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000932256 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000928768 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000894032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000844088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000841216 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000823752 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000822784 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000783496 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000775480 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000768504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000748384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000744240 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2020-09-11 15:29 - 2020-09-11 15:29 - 000738072 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-09-11 15:29 - 2020-09-11 15:29 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000716304 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000705536 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000682752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2020-09-11 15:29 - 2020-09-11 15:29 - 000675032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000669696 _____ (Microsoft Corporation) C:\Windows\system32\WFSR.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000666288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-09-11 15:29 - 2020-09-11 15:29 - 000652800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000628400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000621568 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000602112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000593480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000572208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000564480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000544336 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000510792 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000466352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000460192 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000441152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountExtension.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000415232 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMPOSE.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000404480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000400696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000379904 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000372536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000356160 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000312832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000299072 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000279552 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000273208 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostUser.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000271872 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000209216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000181248 _____ (Microsoft Corporation) C:\Windows\system32\FXSUTILITY.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000165184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000132408 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000123392 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000108856 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000104248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000093496 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000090944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000089344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\BarcodeProvisioningPlugin.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2020-09-11 15:29 - 2020-09-11 15:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000066872 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\RemovableMediaProvisioningPlugin.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000063296 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthHost.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000047008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2020-09-11 15:29 - 2020-09-11 15:29 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMPOSERES.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\FaxPrinterInstaller.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\provdiagnostics.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-09-11 15:29 - 2020-09-11 15:29 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-09-11 15:22 - 2020-08-15 07:25 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-09-11 15:22 - 2020-08-15 07:15 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-09-09 13:05 - 2020-09-09 13:05 - 000000000 ____D C:\Users\PC\AppData\Local\ESET
2020-09-09 13:02 - 2020-09-09 13:02 - 005504824 _____ (ESET) C:\Users\PC\Downloads\eset_smart_security_premium_live_installer.exe
2020-09-09 13:00 - 2020-09-09 13:00 - 000000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2020-08-24 09:04 - 2020-08-24 09:04 - 000000017 _____ C:\Users\PC\AppData\Local\resmon.resmoncfg
2020-08-24 09:03 - 2020-08-24 09:03 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2020-08-24 08:57 - 2020-08-24 08:57 - 000000000 ____D C:\Users\PC\AppData\Local\CEF
2020-08-24 08:50 - 2020-08-24 08:50 - 000000000 ____D C:\Users\PC\Desktop\LocaleMetaData
2020-08-24 08:49 - 2020-08-24 08:50 - 000069632 _____ C:\Users\PC\Desktop\eventy.evtx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-22 21:16 - 2020-08-21 18:51 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI
2020-09-22 21:16 - 2019-03-19 06:50 - 000000000 ____D C:\Windows\INF
2020-09-22 21:12 - 2020-08-21 19:59 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-09-22 21:12 - 2020-08-21 19:59 - 000000000 __SHD C:\Users\PC\IntelGraphicsProfiles
2020-09-22 21:12 - 2020-08-21 19:17 - 000000000 ____D C:\ProgramData\NVIDIA
2020-09-22 21:12 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\system32\MsDtc
2020-09-22 21:11 - 2020-08-21 18:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-22 21:11 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-09-22 21:11 - 2019-03-19 06:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-09-22 20:34 - 2020-08-21 18:52 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-09-22 20:19 - 2019-03-19 06:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-09-20 15:54 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\Registration
2020-09-20 15:34 - 2020-08-21 18:42 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-09-14 14:29 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\AppReadiness
2020-09-11 16:25 - 2020-08-21 18:42 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\SystemResources
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\system32\oobe
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\Provisioning
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-09-11 16:24 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\bcastdvr
2020-09-11 15:33 - 2020-08-21 22:05 - 000000000 ____D C:\Windows\system32\MRT
2020-09-11 15:32 - 2020-08-21 22:04 - 129170736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-09-11 15:32 - 2019-03-19 06:37 - 000000000 ____D C:\Windows\CbsTemp
2020-09-11 15:29 - 2020-08-21 18:46 - 002876416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-09-11 15:27 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-09-11 15:25 - 2020-08-21 19:01 - 000000000 ____D C:\ProgramData\Packages
2020-09-11 15:14 - 2020-08-21 18:49 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-09-11 15:14 - 2020-08-21 18:49 - 000002265 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-09-11 15:14 - 2020-08-21 18:49 - 000002265 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-09-11 15:14 - 2020-08-21 18:48 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2309873218-3521867023-4178774582-1001
2020-09-11 15:14 - 2020-08-21 18:48 - 000000000 ___RD C:\Users\PC\OneDrive
2020-09-11 15:14 - 2020-08-21 18:44 - 000002346 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-09-10 14:57 - 2020-08-21 18:45 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2020-09-09 13:35 - 2020-08-21 19:09 - 000000000 ____D C:\ProgramData\Bitdefender
2020-09-09 13:28 - 2020-08-21 19:09 - 000185320 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2020-09-09 13:10 - 2020-08-21 18:48 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-09-09 13:10 - 2020-08-21 18:48 - 000003452 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-09-09 13:00 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\system32\NDF
2020-09-04 16:14 - 2020-08-21 19:39 - 000000000 ____D C:\Windows\Panther
2020-08-24 08:31 - 2020-08-21 22:53 - 000000000 ____D C:\Users\PC\AppData\Local\D3DSCache

==================== Files in the root of some directories ========

2020-08-24 09:04 - 2020-08-24 09:04 - 000000017 _____ () C:\Users\PC\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2020
Ran by PC (22-09-2020 21:18:34)
Running from C:\Users\PC\Desktop\FRST
Windows 10 Pro Version 1909 18363.1082 (X64) (2020-08-21 16:44:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2309873218-3521867023-4178774582-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2309873218-3521867023-4178774582-503 - Limited - Disabled)
Guest (S-1-5-21-2309873218-3521867023-4178774582-501 - Limited - Disabled)
PC (S-1-5-21-2309873218-3521867023-4178774582-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-2309873218-3521867023-4178774582-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Out of date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: Bitdefender Firewall (Disabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.173 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.2.14 - Bitdefender)
Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 25.0.1.12 - Bitdefender)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.51 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft OneDrive (HKU\S-1-5-21-2309873218-3521867023-4178774582-1001\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
NVIDIA Grafický ovládač 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Ovládací panel NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-09-11] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-07-16] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-07-16] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-07-16] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-07-16] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-07-16] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-07-16] (Bitdefender SRL -> Bitdefender)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2020-09-22 21:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2309873218-3521867023-4178774582-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AfVpnService => 3
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AssignedAccessManagerSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: autotimesvc => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BdVpnService => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: BTAGService => 3
MSCONFIG\Services: BthAvctpSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DispBrokerDesktopSvc => 2
MSCONFIG\Services: DisplayEnhancementService => 3
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: edgeupdate => 2
MSCONFIG\Services: edgeupdatem => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: LxpSvc => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: MicrosoftEdgeElevationService => 3
MSCONFIG\Services: MixedRealityOpenXRSvc => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: perceptionsimulation => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TroubleshootingSvc => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 2
MSCONFIG\Services: VacSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 2
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: WManSvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WpcMonSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{78596848-CE28-42EA-941D-FBBC0C227F4A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE8E4F2A-81F8-4084-A601-06CA23C0E6BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4901B78-372D-4C73-80AA-74C1DD4BC096}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{164778B5-550B-468D-86A0-9481B47796ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

04-09-2020 16:59:09 Scheduled Checkpoint
11-09-2020 15:21:45 Windows Update

==================== Faulty Device Manager Devices ============

Name: Tlačový front koreňa
Description: Lokálny tlačový front
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microphone (Realtek High Definition Audio)
Description: Zvukový koncový bod
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/22/2020 09:17:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:17:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:17:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:16:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:16:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:15:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:14:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/22/2020 09:13:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (09/22/2020 09:13:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T9944MO)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (09/22/2020 09:12:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T9944MO)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (09/22/2020 09:12:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba sieťového zdieľania pre prehrávač Windows Media Player bola ukončená s nasledujúcou chybou:
An attempt was made to reference a token that does not exist.

Error: (09/22/2020 09:12:00 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/22/2020 09:11:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (09/22/2020 09:11:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (09/22/2020 09:11:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T9944MO)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (09/22/2020 09:11:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T9944MO)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-09-22 21:12:04.532
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-09-22 21:12:04.532
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-09-22 21:12:04.531
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-09-22 21:12:04.524
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-09-22 21:12:04.523
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-09-20 15:51:43.824
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:43.818
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:43.798
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:43.791
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:43.784
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:43.610
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:43.598
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-20 15:51:42.415
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.17 03/22/2018
Motherboard: Acer HadesS
Processor: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz
Percentage of memory in use: 38%
Total physical RAM: 8115.27 MB
Available physical RAM: 5018.14 MB
Total Virtual: 9395.27 MB
Available Virtual: 6434.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.94 GB) (Free:187.45 GB) NTFS

\\?\Volume{7fe08cb5-bbde-4bc8-9b16-76889996cba7}\ (Obnovenie) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{e68ab049-1430-477c-95b4-908e82dd628d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 13906
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Virus/Rootkit?

#2 Příspěvek od JaRon »

ahoj,
prescanuj PC s MBAM a aj s MBAR (ANTIROOTKIT)
FRST |ADWCleaner |MBAM |CCleaner |Avenger |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Yurij32
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 zář 2020 21:04

Re: Virus/Rootkit?

#3 Příspěvek od Yurij32 »

Ďakujem za odpoveď. Bohužiaľ nič nenašli...

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/23/20
Scan Time: 7:47 PM
Log File: d13de192-fdc4-11ea-9a6e-206a8aa04151.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30300
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1082)
CPU: x64
File System: NTFS
User: DESKTOP-T9944MO\PC

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 257403
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 13906
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Virus/Rootkit?

#4 Příspěvek od JaRon »

problem pravdepodobne nebude AV
odinstaluj SpyBot a jeden z dvojice Bitdefender/Eset
s príkazového riadku spust sfc /scannow
vycisti PC s CCleanerom vcetne registrov a napis, aky je problem :???:
FRST |ADWCleaner |MBAM |CCleaner |Avenger |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Yurij32
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 zář 2020 21:04

Re: Virus/Rootkit?

#5 Příspěvek od Yurij32 »

Hotovo, log z SFC prikladám v prílohe. Napríklad v deň pridania logu z FRST som po zapnutí PC zistil že viac ako polovica Services je nastavená na Disabled. Jednalo sa o internet, Windows update, časti Bitdefendera a kopu iného... Zajtra ešte podrobnejšie preskúmam systém. Ďakujem za ochotu a snahu.
Přílohy
CBS.rar
(15.34 KiB) Staženo 10 x

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 13906
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Virus/Rootkit?

#6 Příspěvek od JaRon »

neviem ako je to s legalnostou Windows, ale podla logov ide zrejme o tento problem:
https://www.itexperience.net/fix-event- ... x800705b4/
FRST |ADWCleaner |MBAM |CCleaner |Avenger |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Yurij32
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 zář 2020 21:04

Re: Virus/Rootkit?

#7 Příspěvek od Yurij32 »

Ospravedlnujem sa za oneskorenú odpoveď. Windows je legálny stiahnutý priamo z Microsoftu, v momente testu iba neaktivovaný. Nie som si istý ako by event 8198 mohol odstaviť skoro všetky služby. Ďakujem za Váš čas a doterajšie rady.

Odpovědět