Hrozby v notebooku

[vev]

Zdravím,
prosím vás, pomohli byste mi s výstrahou na notebooku? Zahlásilo mi to nějaké aktuální hrozby. Prosím, co s tím? :-O
Děkuji, vev

[Rudy]

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=152706 .

[vev]

Pěkný večer, snažila jsem se provést dle návodu, ale vyhodilo mi to "log" a "info", tak snad jsou to správné logy, které potřebujete... vkládám do příspěvku a děkuji za kontrolu


log:



Logfile of random's system information tool 1.10 (written by random/random)
Run by Uživatel at 2022-01-27 21:18:41
Microsoft Windows 10 Home
System drive C: has 173 GB (71%) free of 243 GB
Total RAM: 6006 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:54, on 27.01.2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1202)
Boot mode: Normal

Running processes:
C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.x86.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.69\BHO\ie_to_edge_bho.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\system32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\atiesrxx.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_683cbc - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @oem39.inf,%ServiceDisplayName%;Dolby DAX API Service (DolbyDAXAPI) - Dolby Laboratories - C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem45.inf,%ServiceDisplayName%;Elevoc Control Service (ElevocService) - Unknown owner - C:\WINDOWS\System32\ElevocControlService.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\97.0.4692.99\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem3.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @oem0.inf,%ServiceName%;Lenovo Fn and function keys service (LenovoFnAndFunctionKeys) - Lenovo(beijing) Limited - C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\LenovoUtilityService.exe
O23 - Service: LenovoVantageService - Lenovo Group Ltd. - C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe
O23 - Service: @oem49.inf,%LNBITS.SVCDESC%;Lenovo Notebook ITS Service (LITSSVC) - Unknown owner - C:\WINDOWS\System32\LNBITSSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Realtek Semiconductor - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe
O23 - Service: @oem33.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\WINDOWS\RtkBtManServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @oem19.inf,%UdcSvcDisplayName%;Universal Device Client Service (UDCService) - Unknown owner - C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9050 bytes

======Listing Processes======








C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5cbb8f4e-d69a-4f25-8daa-b551e7e30f92 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-a57d37bf-1a19-4a57-9e8b-31f3a50a4f00 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c9475688-aba3-4210-9577-0880515a2b53 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-fa50b787-fa34-4daa-afb9-979c2dd51d1c -LifetimeId:ab4f5f93-cfd8-4e3c-b873-0e10ae10a79e -DeviceGroupId: -HostArg:0
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s nsi
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\WINDOWS\system32\amdfendrsr.exe
C:\WINDOWS\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s netprofm
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s EventSystem
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Themes

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc -p

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\ElevocControlService.exe
C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\LenovoUtilityService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\WINDOWS\System32\LNBITSSvc.exe
C:\WINDOWS\RtkBtManServ.exe
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SstpSvc
"C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
"C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s WpnService

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Browser

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc


C:\WINDOWS\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup -s WbioSrvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\WINDOWS\System32\svchost.exe -k netsvcs -p
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s LicenseManager

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
atieclxx
"C:\WINDOWS\System32\DRIVER~1\FILERE~1\DAX3_S~1.INF\\DAX3API.exe" -capturestream
C:\WINDOWS\System32\AutoModeDetect.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
"ctfmon.exe"
C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\FnHotkeyUtility.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\System32\SecurityHealthSystray.exe"
"C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe" -background
"C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-169d63db-b3b8-4a34-9e46-513aa19eacc9 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-321d4f6d-503b-4c34-8c54-0d1ad369890d -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-dcbd1a38-fa6f-4a12-bd97-c10886836c5f -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cc744d3a-c38b-4ec1-9177-fe99e0b1f89b -LifetimeId:33237696-3888-4f5d-998b-939317cabd03 -DeviceGroupId: -HostArg:0

C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
-name fca31dc7-a5ef-4733-8817-0623991f8ddc -runas -pluginName IdeaNotebookPlugin -pluginVersion 1.2.78.16
-name d7dd9213-937a-43db-a5cf-e0493f6f31a4 -runas -pluginName LenovoVisionProtectionPlugin -pluginVersion 1.2.98.14
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\Google\Chrome\Application\chrome.exe"
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=97.0.4692.99 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffd327ca850,0x7ffd327ca860,0x7ffd327ca870
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAIAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1432 /prefetch:2
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:8
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --launch-time-ticks=351763738925 --mojo-platform-channel-handle=5392 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --launch-time-ticks=351764625033 --mojo-platform-channel-handle=3212 /prefetch:1
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe" -name f5ef3397-e23e-4a40-9389-eda2209bd5a9 -runas SYSTEM -pluginName GenericTelemetryPlugin -pluginVersion 2.1.0.20
-name 922c2348-3b87-4463-a6fc-516c34d86690 -runas -pluginName GenericMessagingPlugin -pluginVersion 3.2.0.57
-name a01f0e8d-c4fe-4101-baf2-6e064de61d0c -runas -pluginName DolbyAudioPlugin -pluginVersion 1.2.240.5
"C:\WINDOWS\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe" -name 85021f57-3d7e-4e91-bd6b-8f8504351add -runas SYSTEM -pluginName LenovoAuthenticationPlugin -pluginVersion 1.3.0.13
"C:\WINDOWS\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe" -name 279263ad-0ba4-4a1f-9bc7-25172bbd28b4 -runas SYSTEM -pluginName LenovoAppScenarioPluginSystem -pluginVersion 1.2.190.5
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CaptureService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
-name e86cf9a0-b30c-4a81-a257-b8795d9c6741 -runas -pluginName GenericDisplayPlugin -pluginVersion 1.2.179.5
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe"
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe" GenericTelemetryAddin C:\ProgramData\Lenovo\Vantage\Addins\\GenericTelemetryAddin\2.0.0.3\GenericTelemetryAddin.dll ce6088c4be294dc5b1b7292b7b5b01f4 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe" VantageCoreAddin C:\ProgramData\Lenovo\Vantage\Addins\\VantageCoreAddin\1.0.0.28\VantageCoreAddin.dll 0fe9b1909f0f429ca1b12f01d7d6aa53 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.x86.exe" DeviceSettingsHeartbeatAddin C:\ProgramData\Lenovo\Vantage\Addins\\DeviceSettingsHeartbeatAddin\1.0.0.21\DeviceSettingsHeartbeatAddin.dll 11f3b4fa811545aa8e8f344e72e7f14d 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe" DeviceSettingsSystemAddin C:\ProgramData\Lenovo\Vantage\Addins\\DeviceSettingsSystemAddin\1.0.1.58\DeviceSettingsSystemAddin.dll de784bb65ade43bf81644ebb3c29babb 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe" LenovoServiceBridgeAddin C:\ProgramData\Lenovo\Vantage\Addins\\LenovoServiceBridgeAddin\1.0.0.54\LenovoServiceBridgeAddin.dll a920e7b59cdd4fdb8dc36be3bb0631b2 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.Amd64.exe" LenovoBoostAddin C:\ProgramData\Lenovo\Vantage\Addins\\LenovoBoostAddin\1.0.0.32\LenovoBoostAddin.dll 4d4e0d05bad64a79a6a96529248690b8 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe" LenovoSecurityAddin C:\ProgramData\Lenovo\Vantage\Addins\\LenovoSecurityAddin\1.0.0.31\LenovoSecurityAddin.dll b8fd31c3239c4b97a4b37d8d0a87a793 010a9fde-85f5-4463-8d25-304c825c32e4
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --service-sandbox-type=audio --mojo-platform-channel-handle=7952 /prefetch:8
C:\WINDOWS\system32\AUDIODG.EXE 0x528
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 816 820 828 8192 824 796
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --launch-time-ticks=352406922438 --mojo-platform-channel-handle=2892 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1680,858064504382945603,4994467319994047807,131072 --lang=cs --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --launch-time-ticks=352422883730 --mojo-platform-channel-handle=5824 /prefetch:1
C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s XblAuthManager
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
"C:\Users\Uživatel\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.69\BHO\ie_to_edge_bho_64.dll [2022-01-20 532352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.69\BHO\ie_to_edge_bho.dll [2022-01-20 421760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2019-12-07 86016]
"RtkAudUService"=C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe [2020-10-14 1183968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2022-01-23 2593128]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2021-12-07 35373696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"FilterAdministratorToken"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"aux1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.inf - install -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2022-01-27 21:18:41 ----D---- C:\rsit
2022-01-27 21:18:41 ----D---- C:\Program Files\trend micro
2022-01-23 18:49:55 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2022-01-23 18:49:55 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2022-01-23 18:49:54 ----A---- C:\WINDOWS\system32\tcbloader.dll
2022-01-23 18:49:54 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2022-01-23 18:49:54 ----A---- C:\WINDOWS\system32\hvix64.exe
2022-01-23 18:49:54 ----A---- C:\WINDOWS\system32\hvax64.exe
2022-01-23 18:49:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2022-01-23 18:49:53 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2022-01-23 18:49:53 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2022-01-23 18:49:53 ----A---- C:\WINDOWS\SYSWOW64\GameInput.dll
2022-01-23 18:49:53 ----A---- C:\WINDOWS\system32\sppsvc.exe
2022-01-23 18:49:53 ----A---- C:\WINDOWS\system32\sppcext.dll
2022-01-23 18:49:53 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2022-01-23 18:49:53 ----A---- C:\WINDOWS\system32\netlogon.dll
2022-01-23 18:49:53 ----A---- C:\WINDOWS\system32\msv1_0.dll
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\ISM.dll
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\GameInput.dll
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\FWPUCLNT.DLL
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\drivers\wfplwfs.sys
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2022-01-23 18:49:52 ----A---- C:\WINDOWS\system32\BFE.DLL
2022-01-23 18:49:52 ----A---- C:\WINDOWS\explorer.exe
2022-01-23 18:45:19 ----HD---- C:\$WinREAgent
2022-01-23 18:45:12 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2022-01-23 18:45:11 ----A---- C:\WINDOWS\system32\poqexec.exe
2022-01-15 16:47:16 ----D---- C:\Users\Uživatel\AppData\Roaming\Jpeg Resampler
2022-01-15 15:36:30 ----D---- C:\Program Files (x86)\JpegResampler2010
2022-01-15 15:26:25 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2022-01-15 15:26:00 ----D---- C:\ProgramData\Malwarebytes
2022-01-15 15:12:56 ----D---- C:\Users\Uživatel\AppData\Roaming\Skype
2022-01-15 15:01:48 ----D---- C:\Program Files\CCleaner
2022-01-15 14:58:59 ----D---- C:\Program Files (x86)\DsNET Corp
2022-01-12 22:23:11 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2022-01-12 22:23:11 ----A---- C:\WINDOWS\SYSWOW64\DolbyDecMFT.dll
2022-01-12 22:23:11 ----A---- C:\WINDOWS\system32\DolbyDecMFT.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\tsgqec.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\runas.exe
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\provsvc.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\nshwfp.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\msimsg.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\certutil.exe
2022-01-12 22:23:10 ----A---- C:\WINDOWS\SYSWOW64\certreq.exe
2022-01-12 22:23:10 ----A---- C:\WINDOWS\system32\mfcore.dll
2022-01-12 22:23:10 ----A---- C:\WINDOWS\system32\browser.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\xolehlp.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\tar.exe
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\net1.exe
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\mtxclu.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\msdtcprx.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\iassam.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\iasads.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\dhcpsapi.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\dataclen.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\curl.exe
2022-01-12 22:23:09 ----A---- C:\WINDOWS\SYSWOW64\archiveint.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\system32\WebClnt.dll
2022-01-12 22:23:09 ----A---- C:\WINDOWS\system32\provsvc.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\tsgqec.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\runas.exe
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\rdpudd.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\nshwfp.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\nltest.exe
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\mstscax.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\msimsg.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\msi.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\ListSvc.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\ksetup.exe
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\Chakra.dll
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\drivers\rdpvideominiport.sys
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\drivers\PktMon.sys
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\certutil.exe
2022-01-12 22:23:08 ----A---- C:\WINDOWS\system32\certreq.exe
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\tar.exe
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\net1.exe
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\mtxclu.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\mshtml.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\msdtctm.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\iasads.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\dsauth.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\dataclen.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\curl.exe
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\computecore.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\CBDHSvc.dll
2022-01-12 22:23:07 ----A---- C:\WINDOWS\system32\archiveint.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\wkscli.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\wincredui.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\srvcli.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\schedcli.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\scesrv.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\raschap.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\pku2u.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\offlinelsa.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\netprovfw.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\netjoin.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\netid.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\msimg32.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\joinutil.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\gmsaclient.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\SYSWOW64\BitLockerCsp.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\system32\vertdll.dll
2022-01-12 22:23:06 ----A---- C:\WINDOWS\system32\skci.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\uReFS.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\shacctprofile.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\samcli.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\netutils.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\netmsg.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\ncryptprov.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\logoncli.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\es.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\comsvcs.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\CertPolEng.dll
2022-01-12 22:23:05 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.System.Launcher.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryCore.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.HumanInterfaceDevice.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Core.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.AccountsControl.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\win32u.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\twinui.appcore.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\thumbcache.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\StateRepository.Core.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\profext.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\negoexts.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\KerbClientShared.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\CertEnrollCtrl.exe
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\CertEnroll.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\certca.dll
2022-01-12 22:23:04 ----A---- C:\WINDOWS\SYSWOW64\AppContracts.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\wscproxystub.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\wscisvif.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\wscapi.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\wscadminui.exe
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\sechost.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\netapi32.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\msobjs.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\msaudite.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\SYSWOW64\adtschema.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\system32\TSpkg.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\system32\pku2u.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\system32\LsaIso.exe
2022-01-12 22:23:03 ----A---- C:\WINDOWS\system32\keymgr.dll
2022-01-12 22:23:03 ----A---- C:\WINDOWS\system32\iumcrypt.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\WUDFPlatform.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\WUDFHost.exe
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\WUDFCompanionHost.exe
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\wincredui.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\usermgr.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\tdh.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\taskcomp.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\sppobjs.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\shutdownux.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\shell32.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\scesrv.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\rastls.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\rasmans.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\raschap.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\rascustom.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\ntlanman.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\netprovfw.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\netjoin.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\msimg32.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\msctf.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\mf3216.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\LocationFrameworkPS.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\LocationFramework.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\joinutil.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\gdi32full.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\efscore.dll
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\drivers\WUDFRd.sys
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\drivers\WUDFPf.sys
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\djoin.exe
2022-01-12 22:23:02 ----A---- C:\WINDOWS\system32\BitLockerCsp.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\wkssvc.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\wkscli.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\srvcli.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\schedcli.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\schannel.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\sechost.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\offlinelsa.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\ntdll.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\msobjs.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\msaudite.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\lsasrv.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\KernelBase.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\gmsaclient.dll
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\drivers\http.sys
2022-01-12 22:23:01 ----A---- C:\WINDOWS\system32\adtschema.dll
2022-01-12 22:23:00 ----A---- C:\WINDOWS\system32\profsvc.dll
2022-01-12 22:23:00 ----A---- C:\WINDOWS\system32\logoncli.dll
2022-01-12 22:23:00 ----A---- C:\WINDOWS\system32\authz.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\winresume.exe
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\winload.exe
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\uReFS.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\trkwks.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\shacct.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\samsrv.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\samlib.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\samcli.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\refsutil.exe
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\offlinesam.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\netmsg.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\ncryptprov.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\es.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\dwmcore.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\drivers\refsv1.sys
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\drivers\pcw.sys
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\comsvcs.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\ci.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\CertPolEng.dll
2022-01-12 22:22:59 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\wpnapps.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\win32u.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\win32kfull.sys
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\win32k.sys
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\PasswordEnrollmentManager.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\netapi32.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\kerberos.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\KerbClientShared.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\drivers\bindflt.sys
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\bindfltapi.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2022-01-12 22:22:58 ----A---- C:\WINDOWS\system32\ApplicationFrame.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\wintrust.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\Windows.System.Launcher.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\windows.storage.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\Windows.AccountsControl.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\win32kbase.sys
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\twinui.appcore.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\profext.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\negoexts.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\cloudAP.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\CertEnroll.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\certcli.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\certca.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\cdd.dll
2022-01-12 22:22:57 ----A---- C:\WINDOWS\system32\AppContracts.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\wscsvc.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\wscproxystub.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\wscisvif.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\wscapi.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\wscadminui.exe
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\winlogonext.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\usercpl.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\twinui.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\TaskFlowDataEngine.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\SpeechPal.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\ShareHost.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\ptpprov.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\PinEnrollmentHelper.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\netplwiz.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\ManageCI.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\kernel32.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\kdcpw.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\drivers\storport.sys
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\deviceregistration.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\cdpsvc.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\browcli.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\authui.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\agentactivationruntimewindows.dll
2022-01-12 22:22:56 ----A---- C:\WINDOWS\system32\advapi32.dll
2022-01-12 22:22:55 ----A---- C:\WINDOWS\system32\vmbuspipe.dll
2022-01-12 22:22:55 ----A---- C:\WINDOWS\system32\drivers\vmbus.sys
2022-01-12 22:22:55 ----A---- C:\WINDOWS\system32\drivers\Vid.sys
2022-01-12 22:22:55 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2022-01-12 22:22:55 ----A---- C:\WINDOWS\system32\drivers\spacedump.sys
2022-01-12 22:22:55 ----A---- C:\WINDOWS\system32\drivers\netvsc.sys
2022-01-02 17:22:40 ----D---- C:\MOJE
2021-12-29 19:34:32 ----D---- C:\WINDOWS\SystemTemp
2021-12-29 19:29:34 ----A---- C:\WINDOWS\SYSWOW64\FXSXP32.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\SYSWOW64\FXSEXT32.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\SYSWOW64\FXSAPI.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\WinFax.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXSTIFF.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXST30.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXSRESM.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXSCOMPOSE.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXSCOMEX.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXSCOM.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\FXSAPI.dll
2021-12-29 19:29:34 ----A---- C:\WINDOWS\system32\drivers\dumpfve.sys
2021-12-29 19:29:32 ----A---- C:\WINDOWS\system32\DMRServer.dll
2021-12-29 19:29:31 ----A---- C:\WINDOWS\SYSWOW64\offreg.dll
2021-12-29 19:29:28 ----A---- C:\WINDOWS\system32\offreg.dll
2021-12-29 19:29:26 ----A---- C:\WINDOWS\system32\edgehtml.dll
2021-12-29 19:29:26 ----A---- C:\WINDOWS\system32\computestorage.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\winsku.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\winbrand.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\TpmTool.exe
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\rtutils.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\feclient.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\SYSWOW64\AppxPackaging.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\system32\rtutils.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2021-12-29 19:29:25 ----A---- C:\WINDOWS\system32\BioIso.exe
2021-12-29 19:29:24 ----A---- C:\WINDOWS\SYSWOW64\imagehlp.dll
2021-12-29 19:29:24 ----A---- C:\WINDOWS\SYSWOW64\bcryptprimitives.dll
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\MdmDiagnostics.dll
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\feclient.dll
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\efssvc.dll
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\efslsaext.dll
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2021-12-29 19:29:24 ----A---- C:\WINDOWS\system32\bcryptprimitives.dll
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\winsku.dll
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\winbrand.dll
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\kdnet.dll
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\imagehlp.dll
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2021-12-29 19:29:23 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\WinREAgent.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\wcimage.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\wc_storage.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\FntCache.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\DWrite.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\daxexec.dll
2021-12-29 19:29:22 ----A---- C:\WINDOWS\system32\AppxPackaging.dll
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\wpx.dll
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\TpmTool.exe
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\spoolsv.exe
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\localspl.dll
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\FaxPrinterInstaller.dll
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\drivers\PEAuth.sys
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2021-12-29 19:29:21 ----A---- C:\WINDOWS\system32\bcdedit.exe
2021-12-29 19:29:21 ----A---- C:\WINDOWS\splwow64.exe

======List of files/folders modified in the last 1 month======

2022-01-27 21:18:48 ----D---- C:\WINDOWS\prefetch
2022-01-27 21:18:41 ----RD---- C:\Program Files
2022-01-27 21:18:29 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2022-01-27 21:11:47 ----D---- C:\WINDOWS\Temp
2022-01-27 21:11:17 ----D---- C:\WINDOWS\system32\config
2022-01-27 21:09:17 ----D---- C:\WINDOWS\AppReadiness
2022-01-27 21:09:00 ----D---- C:\Program Files (x86)\Google
2022-01-27 21:06:28 ----D---- C:\WINDOWS\system32\sru
2022-01-27 21:06:18 ----D---- C:\WINDOWS\System32
2022-01-27 21:06:15 ----D---- C:\WINDOWS\system32\drivers\UMDF
2022-01-27 21:06:14 ----D---- C:\WINDOWS\system32\DriverStore
2022-01-27 21:06:14 ----D---- C:\WINDOWS\system32\catroot2
2022-01-27 21:06:13 ----D---- C:\WINDOWS\INF
2022-01-23 19:28:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-23 19:24:44 ----D---- C:\WINDOWS\WinSxS
2022-01-23 19:24:42 ----D---- C:\WINDOWS\ServiceState
2022-01-23 19:24:40 ----ASH---- C:\DumpStack.log.tmp
2022-01-23 19:24:16 ----D---- C:\WINDOWS\SysWOW64
2022-01-23 19:24:16 ----D---- C:\WINDOWS\system32\drivers
2022-01-23 19:24:16 ----D---- C:\WINDOWS\bcastdvr
2022-01-23 19:24:16 ----D---- C:\Windows
2022-01-23 19:24:01 ----D---- C:\WINDOWS\CbsTemp
2022-01-23 19:23:36 ----D---- C:\WINDOWS\system32\SleepStudy
2022-01-23 18:46:55 ----SHD---- C:\System Volume Information
2022-01-23 17:29:47 ----HD---- C:\Program Files\WindowsApps
2022-01-23 17:23:55 ----D---- C:\WINDOWS\system32\Tasks
2022-01-16 21:48:19 ----SHD---- C:\WINDOWS\Installer
2022-01-15 16:45:21 ----RD---- C:\Program Files (x86)
2022-01-15 15:26:00 ----HD---- C:\ProgramData
2022-01-15 15:12:58 ----SD---- C:\Users\Uživatel\AppData\Roaming\Microsoft
2022-01-15 15:12:48 ----D---- C:\Program Files (x86)\Microsoft
2022-01-15 13:23:54 ----D---- C:\WINDOWS\Logs
2022-01-15 13:21:31 ----RD---- C:\WINDOWS\Microsoft.NET
2022-01-15 13:21:28 ----RD---- C:\WINDOWS\assembly
2022-01-13 01:07:02 ----A---- C:\WINDOWS\system32\ImController.InfInstaller.exe
2022-01-13 01:06:58 ----A---- C:\WINDOWS\system32\WudfUpdate_02000.dll
2022-01-13 01:06:58 ----A---- C:\WINDOWS\system32\ImController.CoInstaller.dll
2022-01-13 01:06:16 ----A---- C:\WINDOWS\system32\iMDriverHelper.dll
2022-01-12 22:34:13 ----SD---- C:\WINDOWS\system32\DiagSvcs
2022-01-12 22:34:13 ----D---- C:\WINDOWS\SYSWOW64\wbem
2022-01-12 22:34:13 ----D---- C:\WINDOWS\SYSWOW64\en-US
2022-01-12 22:34:13 ----D---- C:\WINDOWS\SYSWOW64\Dism
2022-01-12 22:34:13 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2022-01-12 22:34:13 ----D---- C:\WINDOWS\SystemResources
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\setup
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\oobe
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\migration
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\en-US
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\Dism
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\cs-CZ
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\CodeIntegrity
2022-01-12 22:34:13 ----D---- C:\WINDOWS\system32\Boot
2022-01-12 22:19:19 ----D---- C:\Users\Uživatel\AppData\Roaming\Adobe
2022-01-12 22:14:22 ----D---- C:\WINDOWS\system32\MRT
2022-01-12 22:14:19 ----AC---- C:\WINDOWS\system32\MRT.exe
2022-01-02 15:54:05 ----D---- C:\WINDOWS\system32\Logs
2022-01-02 15:54:05 ----D---- C:\Program Files\Microsoft Update Health Tools
2021-12-29 20:06:10 ----SD---- C:\WINDOWS\system32\Microsoft
2021-12-29 20:05:16 ----D---- C:\WINDOWS\servicing
2021-12-29 19:36:47 ----D---- C:\WINDOWS\system32\WDI
2021-12-29 18:34:52 ----D---- C:\WINDOWS\system32\LogFiles
2021-12-29 18:06:06 ----D---- C:\ProgramData\Adobe
2021-12-29 18:02:51 ----D---- C:\ProgramData\Packages
2021-12-29 17:59:58 ----D---- C:\WINDOWS\system32\drivers\wd
2021-12-29 17:58:19 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdpsp;@oem36.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\WINDOWS\System32\drivers\amdpsp.sys [2020-03-24 135184]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2021-11-04 57168]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2019-12-07 88080]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2021-11-04 41984]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2019-12-07 78136]
R1 CimFS;CimFS; C:\WINDOWS\system32\drivers\CimFS.sys [2021-11-04 98304]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2019-12-07 59392]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2019-12-07 8704]
R2 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2022-01-12 149320]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2021-11-07 496640]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2020-11-19 53248]
R3 ACPIVPC;@oem21.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2021-07-26 44024]
R3 amdacpbus;@oem29.inf,%amdacpbus.SVCDESC%;Audio Coprocessr Driver for DSP; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpbus.inf_amd64_09f1c82527189d2f\amdacpbus.sys [2020-12-06 9086384]
R3 amdfendr;@oem27.inf,%AMDFENDR_svcdesc%;AMD Crash Defender Driver; C:\WINDOWS\System32\drivers\amdfendr.sys [2020-12-14 91568]
R3 amdgpio2;@oem28.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\WINDOWS\System32\drivers\amdgpio2.sys [2020-03-16 46344]
R3 amdi2c;@oem4.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\WINDOWS\System32\drivers\amdi2c.sys [2020-09-30 66864]
R3 amdwddmg;amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\amdkmdag.sys [2021-10-07 80471928]
R3 AtiHDAudioService;@oem42.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2020-06-09 107936]
R3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2021-12-06 1559552]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2021-12-06 110592]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2019-12-07 66576]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2020-10-14 5930072]
R3 MsQuic;@%SystemRoot%\system32\drivers\msquic.sys,-1; C:\WINDOWS\system32\drivers\msquic.sys [2020-11-19 322376]
R3 rt640x64;@oem24.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2021-07-26 1151992]
R3 RtkBtFilter;@oem33.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [2020-11-25 801296]
R3 RTWlanE;@oem9.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\WINDOWS\System32\drivers\rtwlane.sys [2020-11-07 11582560]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2019-12-07 43832]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2019-12-07 319800]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2019-12-07 884752]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2019-12-07 172344]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2019-12-07 124216]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2019-12-07 135992]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2019-12-07 81720]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2019-12-07 105480]
S0 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2019-12-07 168464]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2019-12-07 58680]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2019-12-07 68408]
S0 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2019-12-07 138040]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2019-12-07 42296]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2019-12-07 158736]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2019-12-07 23040]
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\WINDOWS\system32\drivers\Acx01000.sys [2019-12-07 415232]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2021-12-06 18432]
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\WINDOWS\System32\drivers\BthA2dp.sys [2021-11-04 279040]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2021-12-06 113664]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2020-11-19 106496]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys [2021-12-06 45568]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2019-12-07 133632]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2019-12-07 44032]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [2019-12-07 23040]
S3 GeneStor;@oem51.inf,%GeneStor.SvcDesc%;Genesys Logic Storage Driver; C:\WINDOWS\System32\drivers\GeneStor.sys [2020-05-19 134272]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2019-12-07 55824]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\WINDOWS\System32\drivers\hidspi.sys [2019-12-07 66560]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2021-11-04 95056]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2019-12-07 30208]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2019-12-07 1853752]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2019-12-07 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2019-12-07 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2019-12-07 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2019-12-07 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2019-12-07 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2019-12-07 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2019-12-07 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2019-12-07 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [2019-12-07 177152]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [2019-12-07 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2019-12-07 558904]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2020-11-19 47104]
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver; C:\WINDOWS\System32\drivers\intelpmax.sys [2019-12-07 30720]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2019-12-07 59704]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2019-12-07 537608]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2019-12-07 64016]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2022-01-15 129752]
S3 MbbCx;MBB Network Adapter Class Extension; C:\WINDOWS\system32\drivers\MbbCx.sys [2021-11-04 391168]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-12-07 65024]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2019-12-07 1131320]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2019-12-07 146232]
S3 NDKPing;NDKPing Driver; C:\WINDOWS\system32\drivers\NDKPing.sys [2019-12-07 72720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2021-12-06 214528]
S3 PktMon;Packet Monitor Driver; C:\WINDOWS\system32\drivers\PktMon.sys [2022-01-12 130360]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2019-12-07 17408]
S3 portcfg;portcfg; C:\WINDOWS\System32\drivers\portcfg.sys [2019-12-07 27136]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2022-01-12 990536]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2019-12-07 213504]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2019-12-07 115712]
S3 RTSUER;@oem48.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2020-04-13 448096]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2019-12-07 35128]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2019-12-07 35128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2021-11-17 169728]
R2 AMD Crash Defender Service;AMD Crash Defender Service; C:\WINDOWS\system32\amdfendrsr.exe [2020-12-14 513968]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\atiesrxx.exe [2021-10-07 594824]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R2 CDPUserSvc_683cbc;Uživatelská služba platformy připojených zařízení_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R2 DolbyDAXAPI;@oem39.inf,%ServiceDisplayName%;Dolby DAX API Service; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe [2020-10-15 2173912]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R2 ElevocService;@oem45.inf,%ServiceDisplayName%;Elevoc Control Service; C:\WINDOWS\System32\ElevocControlService.exe [2020-11-30 164568]
R2 ImControllerService;@oem3.inf,%ImcSvcDisplayName%;System Interface Foundation Service; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2022-01-13 84264]
R2 LenovoFnAndFunctionKeys;@oem0.inf,%ServiceName%;Lenovo Fn and function keys service; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\LenovoUtilityService.exe [2021-11-21 201472]
R2 LenovoVantageService;LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe [2021-12-14 31016]
R2 LITSSVC;@oem49.inf,%LNBITS.SVCDESC%;Lenovo Notebook ITS Service; C:\WINDOWS\System32\LNBITSSvc.exe [2021-02-06 1820080]
R2 OneSyncSvc_683cbc;Hostitel synchronizace_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R2 RtkAudioUniversalService;Realtek Audio Universal Service; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe [2020-10-14 1183968]
R2 RtkBtManServ;@oem33.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service; C:\WINDOWS\RtkBtManServ.exe [2020-11-25 779792]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2020-11-19 329504]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 CaptureService_683cbc;CaptureService_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 cbdhsvc_683cbc;Uživatelská služba schránky_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 PimIndexMaintenanceSvc_683cbc;Data kontaktů_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2021-11-04 986032]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S2 edgeupdate;Microsoft Edge Update Service (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2021-08-05 214952]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2021-12-05 156232]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 AarSvc_683cbc;Agent Activation Runtime_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 BcastDVRUserService_683cbc;Uživatelská služba pro GameDVR a vysílání her_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 BluetoothUserService_683cbc;Služba pro podporu uživatelů Bluetooth_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 ConsentUxUserSvc_683cbc;ConsentUX_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2021-11-04 382696]
S3 CredentialEnrollmentManagerUserSvc_683cbc;CredentialEnrollmentManagerUserSvc_683cbc; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2021-11-04 382696]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 DeviceAssociationBrokerSvc_683cbc;DeviceAssociationBroker_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 DevicePickerUserSvc_683cbc;DevicePicker_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 DevicesFlowUserSvc_683cbc;Tok zařízení_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2022-01-12 94208]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 edgeupdatem;Microsoft Edge Update Service (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2021-08-05 214952]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2019-11-08 46184]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 GoogleChromeElevationService;Google Chrome Elevation Service (GoogleChromeElevationService); C:\Program Files\Google\Chrome\Application\97.0.4692.99\elevation_service.exe [2022-01-19 1470296]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2021-12-05 156232]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 MessagingService_683cbc;Služba zasílání zpráv_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service (MicrosoftEdgeElevationService); C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.69\elevation_service.exe [2022-01-20 1610128]
S3 MixedRealityOpenXRSvc;@%SystemRoot%\system32\MixedRealityRuntime.dll,-101; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2021-11-19 243128]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [2021-11-04 106496]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 PrintWorkflowUserSvc_683cbc;PrintWorkflow_683cbc; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2021-11-04 1265152]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2020-11-19 57360]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2020-11-19 57360]

-----------------EOF-----------------

[vev]

a info:


info.txt logfile of random's system information tool 1.10 2022-01-27 21:18:56

======MBR======

0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005AE36342000000000200EEFE7F9901000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->"C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824458876}
aTube Catcher-->C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging
IrfanView 4.59 (32-bit)-->"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"
Jpeg Resampler Vs 6+-->"C:\Program Files (x86)\JpegResampler2010\unins000.exe"
Kontrola stavu osobního počítače s Windows-->MsiExec.exe /X{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}
Lenovo System Update-->"C:\Program Files (x86)\Lenovo\System Update\unins000.exe"
Lenovo Vantage Service-->"C:\Program Files (x86)\Lenovo\VantageService\\3.10.26.0\Uninstall.exe"
LibreOffice 7.2.3.2-->MsiExec.exe /I{81490660-3C36-47B4-AE9F-73B6C5BD4F98}
Microsoft Edge-->"C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.69\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging
Microsoft Update Health Tools-->MsiExec.exe /X{E876418F-BE59-4D8C-B9A5-74B056B676FA}
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720-->"C:\ProgramData\Package Cache\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.26.28720-->MsiExec.exe /I{CB4A0FDE-1126-4AE2-97C6-A243692C3D95}
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.26.28720-->MsiExec.exe /I{DD1EC0FD-3F0A-4740-A05E-1DCD14A6B0D1}
Mozilla Firefox (x64 cs)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Skype verze 8.79-->"C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.exe"
VLC media player-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"

======System event log======

Computer Name: WIN-90BQ4M3842Q
Event Code: 20
Message: Poslední stav úspěšného vypnutí byl true. Poslední stav úspěšného spuštění byl true.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20211206013956.671993-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-90BQ4M3842Q
Event Code: 153
Message: Zabezpečení založené na virtualizaci (zásady: 0) je disabled.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20211206013956.671930-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-90BQ4M3842Q
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20211206014005.784423-000
Event Type: Informace
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 19043 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20211206014005.784423-000
Event Type: Informace
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 12
Message: Operační systém se spustil v systémovém čase ‎2021‎-‎12‎-‎06T01:39:56.500000000Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20211206013956.671883-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: WIN-90BQ4M3842Q
Event Code: 0
Message: Služba byla úspěšně spuštěna.
Record Number: 5
Source Name: ImControllerService
Time Written: 20211206014007.143890-000
Event Type: Informace
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 0
Message: Service stopped.
Record Number: 4
Source Name: edgeupdate
Time Written: 20211206014006.393838-000
Event Type: Informace
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20211206014006.198169-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-90BQ4M3842Q
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20211206014005.878452-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-90BQ4M3842Q
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20211206014005.878178-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: WIN-90BQ4M3842Q
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x1dc
Název nového procesu: C:\Windows\System32\autochk.exe
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x1b4
Název tvůrčího procesu: C:\Windows\System32\smss.exe
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20211206013958.420820-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x1b4
Název nového procesu: C:\Windows\System32\smss.exe
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x4
Název tvůrčího procesu:
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20211206013958.160186-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 4826
Message: Načetla se konfigurační data spouštění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
ID přihlášení: 0x3E7

Obecné nastavení:
Možnosti načtení: -
Upřesňující možnosti: Ne
Zásady přístupu ke konfiguraci: Výchozí
Protokolování systémových událostí: Ne
Ladění jádra: Ne
Typ spuštění VSM: Vypnuto

Nastavení podpisu:
Testovací podepsání: Ne
Podepsání za běhu: Ne
Zakázat kontroly integrity: Ne

Nastavení HyperVisoru:
Možnosti načtení HyperVisoru: -
Typ spuštění HyperVisoru: Vypnuto
Ladění HyperVisoru: Ne
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20211206013958.157515-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 4696
Message: Primární token byl přiřazen k procesu.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
ID přihlášení: 0x3E7

Informace o procesu:
ID procesu: 0x4
Název procesu:

Cílový proces:
ID cílového procesu: 0x7c
Název cílového procesu: Registry

Informace o novému tokenu:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x3E7
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20211206013958.157512-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-90BQ4M3842Q
Event Code: 4688
Message: Byl vytvořen nový proces.

Tvůrčí subjekt:
ID zabezpečení: S-1-5-18
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x3E7

Cílový subjekt:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
Přihlašovací ID: 0x0

Informace o procesu:
ID nového procesu: 0x7c
Název nového procesu: Registry
Typ zvýšení oprávnění tokenu: %%1936
Povinný štítek: S-1-16-16384
ID tvůrčího procesu: 0x4
Název tvůrčího procesu:
Příkazový řádek procesu:

Typ zvýšení oprávnění tokenu označuje typ tokenu, který byl přiřazen novému procesu v souladu se zásadami nástroje Řízení uživatelských účtů.

Typ 1 je úplný token, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Úplný token se používá pouze v případě, že je vypnut nástroj Řízení uživatelských účtů nebo pokud uživatel je integrovaný účet Administrator nebo účet služby.

Typ 2 je token se zvýšenými oprávněními, u kterého nebyla odebrána žádná oprávnění ani nebyly zakázány skupiny. Token se zvýšenými oprávněními se používá, pokud je zapnut nástroj Řízení uživatelských účtů a uživatel se rozhodne spustit program pomocí možnosti Spustit jako správce. Token se zvýšenými oprávněními se také používá, pokud je aplikace nakonfigurována tak, aby vždy vyžadovala oprávnění správce nebo maximální oprávnění, a uživatel je členem skupiny Administrators.

Typ 3 je omezený token s odebranými oprávněními správce a zakázanými skupinami pro správu. Omezený token se používá, pokud je zapnut nástroj Řízení uživatelských účtů, aplikace nevyžaduje oprávnění správce a uživatel se nerozhodne spustit program pomocí možnosti Spustit jako správce.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20211206013958.157503-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=23
"PROCESSOR_IDENTIFIER"=AMD64 Family 23 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801

-----------------EOF-----------------

[Rudy]

Omlouvám se, dal jsem vám chybný odkaz. Lonk ne FRST+Addition najdete zde: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . Poprosím o nový sken a ještě jednou se omlouvám.

[vev]

Zdravím, vkládám logy z FRST. Díky za kontrolu...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2022
Ran by Uživatel (administrator) on VEV (LENOVO 82KD) (28-01-2022 22:17:35)
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel
Platform: Microsoft Windows 10 Home Version 21H2 19044.1469 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\atieclxx.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\atiesrxx.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.Amd64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\FnHotkeyUtility.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\LenovoUtilityService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\ElevocControlService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85a48ee0cac1d3dd\RtkAudUService64.exe [1183968 2020-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-4032367770-2957954575-1367609206-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35320448 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-25] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0102AB2D-0DD7-49D5-A735-9BAD0F9095A5} - System32\Tasks\McAfeeTsk\OOBEUpgrader => C:\Program Files\McAfee\MSC\OOBE_Upgrader.exe /Run (No File)
Task: {0AA4AC9E-99B2-498C-AB13-460E98436552} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {0DAB77C4-E13B-44C3-867A-B311F70B7613} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {1D68138B-4E01-4E56-9527-AFB48A8C5F75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC)
Task: {1E18EDC9-1FBD-4032-9F0E-A1952C88F0EC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a98fcc66-ed44-45bd-9219-f7e12ab8cdc5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {252EA0E8-2514-41DB-8249-67A1E185BBBC} - System32\Tasks\CCleanerSkipUAC - Uživatel => C:\Program Files\CCleaner\CCleaner.exe [29453952 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3A5C7255-2A53-4838-B450-959B37AEE8B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C633BF8-A6AE-4CD8-9243-1C00B7A1D8C3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64248 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {3DA5B848-14FC-4CD9-80D3-CA31D4E6C57F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\06fc3c63-835d-4d71-a20d-b769c3bbda70 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {5605575F-1F2B-4660-B130-5361DE3FEC6E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {57CC6F56-C512-4E43-BD99-6E75EC31993C} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {654263C5-3E72-4408-A377-09D612B7C9AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6CBEF361-EE00-46F9-B3B8-D803788F07C8} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {6D0F23CF-81F2-415F-ADCC-3DBBD3A7630E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\574fad2b-0b0b-4ae4-afb2-5cace8920260 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {7A60E2B2-3047-424C-AEA8-9FE382A92C99} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION
Task: {944B60B5-35F3-4D4D-8584-AA80E9348616} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {A0FE0BC9-3809-4441-BB6A-F05B98F9A476} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\653ae2f7-5365-4b1c-a375-d4032e2ea9cd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {A4EA29B3-3C61-43BB-9E6B-229F18D18D3C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A9871E77-6095-4DD0-9B90-7F37B26C70F0} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {AE8A06CB-51EA-48FB-BE25-AB3813444532} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B063963F-A154-4A26-97E2-2930E1BA8FCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC)
Task: {B65443A6-41F2-4E5A-BEFC-3E476A5C84EC} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {BB57EC14-3E5E-42EC-BF3C-087BA9EB70DF} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {C3DAD5D2-E7F7-4024-8CEA-FF372788DE06} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform)
Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - \OneDrive Standalone Update Task-S-1-5-21-2609494327-1214802505-4041507000-500 -> No File <==== ATTENTION
Task: {CD5FA559-040D-416F-AC68-61489BBDE192} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE3B3DDC-B916-43D0-8006-9C2A02429F1C} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {DE66F7B0-C59E-41D0-AC33-53373A1D698D} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {DE6A98E4-AED4-43D0-A630-FA3709D8FCA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5C6E488-17DC-4BFA-8D3E-6CB5AB43FBD4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2f6f9f41-6722-499b-a9fb-08c3b508630d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{629a3f1e-ed44-44f3-abad-11f770678120}: [DhcpNameServer] 150.209.1.2
Tcpip\..\Interfaces\{7ded90ca-d510-4ddb-ac0c-00741b03bb2a}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-12]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default [2022-01-28]
CHR DownloadDir: C:\Users\Uživatel\Desktop
CHR Extension: (Prezentace) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-05]
CHR Extension: (Dokumenty) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-05]
CHR Extension: (Disk Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-05]
CHR Extension: (YouTube) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-05]
CHR Extension: (Tabulky) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-05]
CHR Extension: (Gmail) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe [2173912 2020-10-15] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElevocService; C:\WINDOWS\System32\ElevocControlService.exe [164568 2020-11-30] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2f1b6109fa237c16\LenovoUtilityService.exe [201472 2021-11-21] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe [31016 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1820080 2021-02-06] (Lenovo -> Lenovo(beijing) Limited)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [116592 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-29] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0372415.inf_amd64_87f92c83980548cd\B372050\amdkmdag.sys [80471928 2021-10-07] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [134272 2020-05-19] (GENESYS LOGIC, INC. -> Genesys Logic)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2022-01-15] (Malwarebytes Corporation -> Malwarebytes Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-29] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-28 22:17 - 2022-01-28 22:18 - 000017014 _____ C:\Users\Uživatel\Desktop\FRST.txt
2022-01-28 22:17 - 2022-01-28 22:17 - 000000000 ____D C:\FRST
2022-01-28 22:16 - 2022-01-28 22:16 - 002311680 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST64.exe
2022-01-27 21:20 - 2022-01-27 21:19 - 000014654 _____ C:\Users\Uživatel\Desktop\info.txt
2022-01-27 21:18 - 2022-01-27 21:21 - 000000000 ____D C:\Program Files\trend micro
2022-01-27 21:18 - 2022-01-27 21:18 - 000000000 ____D C:\rsit
2022-01-27 21:17 - 2022-01-27 21:17 - 001222144 _____ C:\Users\Uživatel\Desktop\RSITx64.exe
2022-01-27 21:16 - 2022-01-28 22:14 - 000037694 _____ C:\Users\Uživatel\Desktop\FRST návod.odt
2022-01-23 18:49 - 2022-01-23 18:49 - 000011905 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-23 18:45 - 2022-01-23 18:45 - 000000000 ___HD C:\$WinREAgent
2022-01-15 16:47 - 2022-01-15 16:47 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\Jpeg Resampler
2022-01-15 15:36 - 2022-01-15 15:36 - 000001097 _____ C:\Users\Uživatel\Desktop\Jpeg Resampler 2010.lnk
2022-01-15 15:36 - 2022-01-15 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpeg Resampler 2010
2022-01-15 15:36 - 2022-01-15 15:36 - 000000000 ____D C:\Program Files (x86)\JpegResampler2010
2022-01-15 15:26 - 2022-01-15 15:39 - 000129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2022-01-15 15:26 - 2022-01-15 15:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-15 15:12 - 2022-01-15 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-01-15 15:12 - 2022-01-15 15:12 - 000001394 _____ C:\Users\Public\Desktop\Skype.lnk
2022-01-15 15:12 - 2022-01-15 15:12 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\Skype
2022-01-15 15:01 - 2022-01-28 22:00 - 000000000 ____D C:\Program Files\CCleaner
2022-01-15 15:01 - 2022-01-27 21:21 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-01-15 15:01 - 2022-01-15 15:01 - 000002892 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Uživatel
2022-01-15 15:01 - 2022-01-15 15:01 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-01-15 15:01 - 2022-01-15 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-01-15 14:59 - 2022-01-15 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2022-01-15 14:59 - 2022-01-15 14:59 - 000001274 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2022-01-15 14:58 - 2022-01-15 14:58 - 000000000 ____D C:\Program Files (x86)\DsNET Corp
2022-01-12 22:23 - 2022-01-12 22:23 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-12 22:23 - 2022-01-12 22:23 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-12 22:18 - 2022-01-12 22:18 - 000000000 ____D C:\Users\Uživatel\AppData\LocalLow\Adobe
2022-01-12 22:11 - 2022-01-12 22:11 - 000002213 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2022-01-09 21:37 - 2022-01-09 21:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-01-09 21:33 - 2022-01-12 22:18 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Adobe
2022-01-05 20:59 - 2022-01-27 21:12 - 000000000 ____D C:\Users\Uživatel\Desktop\Ulož exterňák
2022-01-02 17:22 - 2022-01-02 17:39 - 000000000 ____D C:\MOJE
2021-12-29 19:34 - 2021-12-29 19:34 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-29 19:29 - 2021-12-29 19:29 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-29 19:29 - 2021-12-29 19:29 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-29 18:29 - 2021-12-29 18:29 - 000000436 _____ C:\Users\Uživatel\Desktop\Tento počítač.lnk
2021-12-29 17:57 - 2022-01-23 17:23 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4032367770-2957954575-1367609206-1001

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-28 22:10 - 2021-12-06 02:40 - 000000000 ____D C:\ProgramData\Lenovo
2022-01-28 22:01 - 2021-12-05 21:30 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-28 22:00 - 2021-12-06 02:32 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-27 21:44 - 2021-12-06 02:56 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-27 21:44 - 2021-12-06 02:34 - 000717850 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-27 21:44 - 2021-12-06 02:34 - 000144992 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-27 21:44 - 2021-12-06 02:31 - 000000000 ____D C:\WINDOWS\INF
2022-01-27 21:40 - 2021-12-06 02:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-27 21:40 - 2021-12-06 02:39 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-27 21:40 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-27 21:39 - 2021-12-06 02:29 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-27 21:30 - 2021-12-06 02:29 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-27 21:09 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-27 21:07 - 2021-12-06 02:40 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-27 21:07 - 2021-12-06 02:40 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-25 21:17 - 2021-12-05 21:31 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-25 21:17 - 2021-12-05 21:31 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-23 19:24 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-23 19:23 - 2021-12-06 02:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-23 17:40 - 2021-12-06 02:53 - 000000000 ____D C:\Users\Uživatel\AppData\Local\PlaceholderTileLogoFolder
2022-01-23 17:29 - 2021-12-06 02:40 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-23 17:29 - 2021-12-06 02:32 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-23 17:29 - 2021-12-05 21:30 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-23 17:29 - 2021-12-05 21:30 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-23 17:23 - 2021-12-06 02:52 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4032367770-2957954575-1367609206-1001
2022-01-23 17:23 - 2021-12-06 02:49 - 000002401 _____ C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-16 21:49 - 2021-12-06 02:50 - 000000000 ____D C:\Users\Uživatel\AppData\Local\D3DSCache
2022-01-16 21:48 - 2021-12-05 21:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-15 14:35 - 2021-12-06 02:50 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Packages
2022-01-13 01:07 - 2021-08-12 10:55 - 000064248 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2022-01-13 01:06 - 2021-08-12 10:55 - 000431016 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2022-01-13 01:06 - 2021-08-12 10:55 - 000109312 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2022-01-13 01:06 - 2021-05-26 20:54 - 000109312 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2022-01-12 22:34 - 2021-12-06 02:39 - 000634256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-12 22:34 - 2021-12-06 02:32 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-12 22:34 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-12 22:34 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-12 22:34 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-12 22:34 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-12 22:34 - 2021-12-06 02:32 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-12 22:19 - 2021-12-06 02:50 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\Adobe
2022-01-12 22:15 - 2021-12-06 03:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-12 22:14 - 2021-12-06 03:05 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-12 22:12 - 2021-12-06 02:53 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Lenovo
2022-01-12 22:12 - 2021-12-06 02:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-01-09 21:33 - 2021-12-05 21:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-02 15:54 - 2021-12-06 03:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-29 20:05 - 2021-12-06 02:29 - 000000000 ____D C:\WINDOWS\servicing
2021-12-29 18:06 - 2021-12-05 21:45 - 000000000 ____D C:\ProgramData\Adobe
2021-12-29 18:02 - 2020-11-19 08:33 - 000000000 ____D C:\ProgramData\Packages
2021-12-29 17:59 - 2021-12-06 02:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[vev]

A ještě log "Addition"


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2022
Ran by Uživatel (28-01-2022 22:20:00)
Running from C:\Users\Uživatel\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1469 (X64) (2021-12-06 01:47:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4032367770-2957954575-1367609206-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4032367770-2957954575-1367609206-503 - Limited - Disabled)
Guest (S-1-5-21-4032367770-2957954575-1367609206-501 - Limited - Disabled)
Uživatel (S-1-5-21-4032367770-2957954575-1367609206-1001 - Administrator - Enabled) => C:\Users\Uživatel
WDAGUtilityAccount (S-1-5-21-4032367770-2957954575-1367609206-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
CCleaner (HKLM\...\CCleaner) (Version: 5.89 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
IrfanView 4.59 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.59 - Irfan Skiljan)
Jpeg Resampler Vs 6+ (HKLM-x32\...\JpegResampler2010_is1) (Version: - Jpeg Resampler)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0131 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.10.26.0 - Lenovo Group Ltd.)
LibreOffice 7.2.3.2 (HKLM\...\{81490660-3C36-47B4-AE9F-73B6C5BD4F98}) (Version: 7.2.3.2 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.69 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4032367770-2957954575-1367609206-1001\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 94.0.2 (x64 cs)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.40028.0_x64__0a9344xs7nr4m [2021-12-06] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\microsoft.av1videoextension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20800.804.0_x64__rz1tebttyb220 [2021-12-06] (Dolby Laboratories)
Elevoc Vocplus System -> C:\Program Files\WindowsApps\elevoctechnologyco.ltd.elevocvocplussystem_1.0.29.0_x64__ttaqwwhyt5s6t [2021-12-06] (Elevoc Technology Co., Ltd.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.15.0_x64__5grkq8ppsgwt4 [2021-12-29] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2112.10.0_x64__k1h2ywk1493x8 [2021-12-29] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-12] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.19.234.0_x64__dt26b99r8h8gj [2021-12-06] (Realtek Semiconductor Corp)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0 [2022-01-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => C:\Program Files (x86)\JpegResampler2010\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => C:\Program Files (x86)\JpegResampler2010\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-10-07] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => C:\Program Files (x86)\JpegResampler2010\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => C:\Program Files (x86)\JpegResampler2010\JRcm64.dll [2010-09-06] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-19] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4032367770-2957954575-1367609206-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4032367770-2957954575-1367609206-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{67638477-FE00-415C-8C0B-34DA633255C9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{55047435-0DE3-480E-8A13-DA9AA543287B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{5BCF31A0-C0CC-4860-A54E-B8AC1C1E85C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CC30323A-543E-4971-8B5E-37EA1FAB18C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{782D0C7B-2DB3-4372-9B71-1567D7A47E98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8CB73C96-7DCE-424F-95A0-14E68643618E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3BD015AA-E63D-4249-BE0F-2012F371F954}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3382B04F-613A-45B6-BE67-808726CFD5B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B0B85DF5-4467-4A4C-9DF8-379AEDDBF14F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{19C8165F-5323-4516-822C-59D8AB0EC1FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D5B2351-0103-45FE-89FB-B89BCA5AB437}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1668145-9354-4D69-A2DD-AC124845E6E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4E1EED3A-1EE2-4680-94BA-899670BFD5BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EB65DA3F-F0D9-43B6-B7A8-E039D6D34289}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D69682FD-3198-441F-A0F5-0052F900770E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C86B7A28-D374-485A-8690-54780072EA42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAF93F76-171B-45E0-944B-8188218D9E42}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1641552C-D1E0-488B-A1AB-8D995B92C46C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B81B9665-F785-402C-82B8-896EB434257C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-01-2022 22:15:11 Instalační služba modulů systému Windows
23-01-2022 18:45:00 Instalační služba modulů systému Windows
27-01-2022 21:30:05 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/27/2022 09:39:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/27/2022 09:39:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/23/2022 07:24:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/23/2022 07:24:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/23/2022 07:24:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/23/2022 07:24:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/15/2022 04:49:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/15/2022 04:49:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (01/27/2022 09:11:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LenovoVantageService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/27/2022 09:06:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Interface Foundation Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/23/2022 05:26:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LenovoVantageService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/15/2022 01:21:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: VEV)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (01/15/2022 01:20:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: NT AUTHORITY)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (01/15/2022 01:20:41 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/15/2022 12:35:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LenovoVantageService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/12/2022 10:11:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba LenovoVantageService je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


Windows Defender:
================
Date: 2022-01-23 17:27:03
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUADlManager:Win32/InstallCore
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\MOJE\Uložené i v NTB\Setup - instalačky\aTube_Catcher_4026407351 nová.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: VEV\Uživatel
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.355.2390.0, AS: 1.355.2390.0, NIS: 1.355.2390.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-23 17:26:52
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUADlManager:Win32/Toptools
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\MOJE\Uložené i v NTB\Setup - instalačky\FFInstOnline.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: VEV\Uživatel
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.355.2132.0, AS: 1.355.2132.0, NIS: 1.355.2132.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-23 17:26:49
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\MOJE\Uložené i v NTB\Setup - instalačky\ccsetup321.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: VEV\Uživatel
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.355.2132.0, AS: 1.355.2132.0, NIS: 1.355.2132.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-23 17:26:49
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/CandyOpen
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\MOJE\Uložené i v NTB\Setup - instalačky\atubecatcher-setup.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: VEV\Uživatel
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.355.2132.0, AS: 1.355.2132.0, NIS: 1.355.2132.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-23 17:26:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/Vigua.A
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\MOJE\Uložené i v NTB\Setup - instalačky\ashampoo_burning_studio_6_free_6.80_4312.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: VEV\Uživatel
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.355.2132.0, AS: 1.355.2132.0, NIS: 1.355.2132.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

CodeIntegrity:
===============
Date: 2021-12-06 02:49:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO GLCN40WW 07/23/2021
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 3 5300U with Radeon Graphics
Percentage of memory in use: 54%
Total physical RAM: 6005.99 MB
Available physical RAM: 2728.49 MB
Total Virtual: 6965.99 MB
Available Virtual: 2854.94 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:167.98 GB) NTFS

\\?\Volume{c7a9fb56-068b-4170-8dea-d818eca51e93}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{f097b473-34ff-4680-a182-4ff678b8b272}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4263E35A)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

OK. Teď spusťte tuto utililitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[vev]

Zdravím,
program jsem stáhla a spustila skenování, ale píše mi to toto - vizte níže v příloze (předinstalovaný software, co s tím?)... tak jsem raději skončila a čekám
Moc dííííky!

[Rudy]

To je OK, preinstalled jsou nějaké utility od výrobce NB, které v běžném systému nejsou a ADW je vyhodnotí, jako nestandardní součást. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
D:\MOJE\Uložené i v NTB\Setup - instalačky\aTube_Catcher_4026407351 nová.exe
D:\MOJE\Uložené i v NTB\Setup - instalačky\FFInstOnline.exe
D:\MOJE\Uložené i v NTB\Setup - instalačky\atubecatcher-setup.exe
Task: {1D68138B-4E01-4E56-9527-AFB48A8C5F75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC)
ask: {6CBEF361-EE00-46F9-B3B8-D803788F07C8} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {7A60E2B2-3047-424C-AEA8-9FE382A92C99} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION
ask: {B063963F-A154-4A26-97E2-2930E1BA8FCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC)
Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - \OneDrive Standalone Update Task-S-1-5-21-2609494327-1214802505-4041507000-500 -> No File <==== ATTENTION
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[vev]

Pěkný večer, posílám log z frst.
Děkuji...



Fix result of Farbar Recovery Scan Tool (x64) Version: 26-01-2022
Ran by Uživatel (29-01-2022 18:38:58) Run:1
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
D:\MOJE\Uložené i v NTB\Setup - instalačky\aTube_Catcher_4026407351 nová.exe
D:\MOJE\Uložené i v NTB\Setup - instalačky\FFInstOnline.exe
D:\MOJE\Uložené i v NTB\Setup - instalačky\atubecatcher-setup.exe
Task: {1D68138B-4E01-4E56-9527-AFB48A8C5F75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC)
ask: {6CBEF361-EE00-46F9-B3B8-D803788F07C8} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {7A60E2B2-3047-424C-AEA8-9FE382A92C99} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION
ask: {B063963F-A154-4A26-97E2-2930E1BA8FCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC)
Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - \OneDrive Standalone Update Task-S-1-5-21-2609494327-1214802505-4041507000-500 -> No File <==== ATTENTION
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

Processes closed successfully.
"D:\MOJE\Uložené i v NTB\Setup - instalačky\aTube_Catcher_4026407351 nová.exe" => not found
"D:\MOJE\Uložené i v NTB\Setup - instalačky\FFInstOnline.exe" => not found
"D:\MOJE\Uložené i v NTB\Setup - instalačky\atubecatcher-setup.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D68138B-4E01-4E56-9527-AFB48A8C5F75}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D68138B-4E01-4E56-9527-AFB48A8C5F75}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
ask: {6CBEF361-EE00-46F9-B3B8-D803788F07C8} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A60E2B2-3047-424C-AEA8-9FE382A92C99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A60E2B2-3047-424C-AEA8-9FE382A92C99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance" => removed successfully
ask: {B063963F-A154-4A26-97E2-2930E1BA8FCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-05] (Google LLC -> Google LLC) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2609494327-1214802505-4041507000-500" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 66759090 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4233966 B
Edge => 0 B
Chrome => 458408408 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8696 B
NetworkService => 43910 B
Uživatel => 232206036 B

RecycleBin => 0 B
EmptyTemp: => 726.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-01-2022 18:39:41)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 18:39:41 ====

[Rudy]

Smazáno, log je již OK.

[vev]

Takže hotovo? Děkuji moc za skvělou spolupráci! ☺

[Rudy]

Ano, hotovo. Nemáte zač!