Preventívna kontrola
Napsal: 08 bře 2022 19:08
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2022
Ran by Dominika (administrator) on DOMINIKA (LENOVO 81D1) (08-03-2022 18:57:23)
Running from C:\Users\domin\OneDrive\Počítač
Loaded Profiles: Dominika
Platform: Microsoft Windows 11 Home Version 21H2 22000.527 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCopyAccelerator.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971256 2019-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-02-22] (Intel Corporation -> Intel)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\Installer\setup.exe [3188648 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\Run: [MicrosoftEdgeAutoLaunch_83497DAD29FF071D0AEDF40311C6C56D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\Software\...\AppCompatFlags\Custom\olwin.exe: [{8e349ecb-f876-41f3-af8a-837fa3eeec17}.sdb] -> GOG.com Outlaws
HKLM\Software\...\AppCompatFlags\InstalledSDB\{8e349ecb-f876-41f3-af8a-837fa3eeec17}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{8e349ecb-f876-41f3-af8a-837fa3eeec17}.sdb [2015-03-05]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15A1E5BE-8D18-4B08-ACA2-FBCE0B186B97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {178D055F-53E8-4EEC-A772-D463D6E589F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {198F5597-D99F-47CD-BF55-4BFB6F4E78E5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c917ef3d-cda5-4bfe-ba53-98d81efd86b7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {37BC9AC1-C972-4A96-B116-6A648E27B1A1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a8df07d2-a257-4da5-954a-daf9aa56a1d1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {37CA7C12-5BB9-4191-BF44-0350AD1BEEAE} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {3BDFA0EB-55DC-4055-8F07-7C9098B1588A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c375bea4-52af-4c49-89b2-30090459ea95 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {58E5A057-D00A-4BA8-9174-3550BD7E8D8A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\69c84df9-01d9-4db3-a264-e612d8e2a5ed => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5D725867-02AA-42A2-9788-1FC2390483C7} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {62A42693-77AE-40AE-8BB9-DD8C2FFEA6F4} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {A12C1E73-DD09-4A23-966E-4A8043F6B364} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {B1A89E2B-F51A-43A6-809E-FB419F39ADC3} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {BBBDC642-E3A0-4EF9-9B9B-E32CF88E7FF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D4D81DC3-7374-42DC-B7DC-9AF2096CEF56} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {E356F6C4-1873-434D-AFD5-A3508AA4306C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2aeb6137-e9e1-48f8-8562-ac4a7c83d64b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {E55B7071-6C9A-426B-B82C-9A1AB8997548} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {E99B91FD-5999-40ED-85F7-94D981D59C45} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {F25887FC-8584-4790-A76C-648534F102DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0d82e113-8304-4f0a-b79b-f21609811a35}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{66ab52eb-fa83-4bb6-8941-9c2da4d06973}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\domin\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-03-08]
Edge DownloadDir: Profile 1 -> C:\Users\domin\OneDrive\Počítač
Edge Notifications: Profile 1 -> hxxps://imendocals.com; hxxps://www84.orvilleandrea.pro
Edge HomePage: Profile 1 -> hxxp://www.google.sk/
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2022-02-22] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [181176 2022-02-22] (Intel Corporation -> Intel)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-06-05] (Microsoft Corporation) [File not signed]
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [43720 2020-10-27] (ESET, spol. s r.o. -> ESET)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-01-28] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsl0f403a29; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{258F3F97-0B1E-4572-9B09-1CD26079463C}\MpKslDrv.sys [135440 2022-03-08] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-08 17:46 - 2022-03-08 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlaws [GOG.com]
2022-03-08 17:45 - 2022-03-08 17:45 - 000000000 ____D C:\GOG Games
2022-03-08 17:19 - 2022-03-08 17:19 - 000000000 ____D C:\Users\domin\AppData\Roaming\WinRAR
2022-03-08 17:17 - 2022-03-08 17:19 - 000000000 ____D C:\Program Files\WinRAR
2022-03-08 17:17 - 2022-03-08 17:17 - 000000000 ____D C:\Users\domin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-08 17:17 - 2022-03-08 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-08 16:33 - 2022-03-08 16:33 - 000000000 ____D C:\Users\domin\AppData\Local\ADMITLoving
2022-03-08 16:27 - 2022-03-08 16:27 - 000000000 ___HD C:\ProgramData\CyberLink
2022-03-03 21:08 - 2022-03-03 21:08 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2022-02-26 09:36 - 2022-02-26 09:36 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2022-02-20 20:12 - 2022-02-20 20:12 - 000015024 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-20 20:10 - 2022-02-20 20:10 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-02-20 19:55 - 2022-02-20 19:55 - 000000000 ___HD C:\$WinREAgent
2022-02-20 19:49 - 2022-02-20 19:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-19 13:14 - 2022-02-19 13:14 - 000001434 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2022-02-07 12:49 - 2022-02-07 12:49 - 000499136 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-02-07 12:49 - 2022-02-07 12:49 - 000431936 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000943472 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000703224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000588128 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000448392 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 027889576 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 020629912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001887392 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001887392 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001464992 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001464992 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001323760 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001323760 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001043176 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001043176 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 000453032 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 000375720 _____ C:\WINDOWS\system32\ze_loader.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 000142240 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-02-07 12:46 - 2022-02-07 12:46 - 000209944 _____ C:\WINDOWS\system32\ControlLib.dll
2022-02-07 12:46 - 2022-02-07 12:46 - 000166024 _____ C:\WINDOWS\system32\ControlLib32.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-08 18:58 - 2021-10-29 12:26 - 000000000 ____D C:\FRST
2022-03-08 18:52 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-08 18:48 - 2021-10-29 08:37 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-08 17:39 - 2021-10-29 10:29 - 000000000 ____D C:\Users\domin\AppData\Local\D3DSCache
2022-03-08 17:19 - 2021-10-29 08:37 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-08 17:19 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-08 17:18 - 2021-10-29 10:30 - 000000000 ____D C:\ProgramData\Packages
2022-03-08 17:18 - 2021-10-29 10:29 - 000000000 ____D C:\Users\domin\AppData\Local\Packages
2022-03-08 16:08 - 2021-10-29 18:51 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-03 21:22 - 2021-10-29 08:35 - 000000000 ____D C:\WINDOWS\INF
2022-03-03 21:09 - 2021-10-29 18:48 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-03-03 21:09 - 2021-10-29 18:48 - 000000000 ____D C:\Intel
2022-03-03 21:09 - 2021-10-29 18:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-03 21:09 - 2021-10-29 18:45 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-03 21:09 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-03 21:09 - 2021-10-29 08:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-03-03 20:41 - 2021-10-29 18:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-27 18:56 - 2021-10-29 10:25 - 000000000 ____D C:\Users\domin
2022-02-27 11:56 - 2021-12-14 08:12 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3322863907-1844715729-2578679110-1001
2022-02-27 11:56 - 2021-10-29 10:35 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3322863907-1844715729-2578679110-1001
2022-02-27 11:56 - 2021-10-29 10:35 - 000002378 _____ C:\Users\domin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-26 09:36 - 2018-07-04 20:29 - 000000000 ____D C:\Program Files (x86)\Intel
2022-02-26 09:36 - 2018-07-04 20:25 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-20 20:40 - 2021-10-29 19:16 - 000803468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-20 20:35 - 2021-10-29 18:45 - 000293832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-20 20:26 - 2021-10-29 08:29 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-20 20:10 - 2021-10-29 18:51 - 003101696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-19 13:11 - 2021-10-29 18:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-12 13:30 - 2021-10-29 13:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-12 13:29 - 2021-10-29 13:06 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-12 08:56 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2022
Ran by Dominika (08-03-2022 19:04:14)
Running from C:\Users\domin\OneDrive\Počítač
Microsoft Windows 11 Home Version 21H2 22000.527 (X64) (2021-10-29 18:13:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3322863907-1844715729-2578679110-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3322863907-1844715729-2578679110-503 - Limited - Disabled)
Dominika (S-1-5-21-3322863907-1844715729-2578679110-1001 - Administrator - Enabled) => C:\Users\domin
Guest (S-1-5-21-3322863907-1844715729-2578679110-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3322863907-1844715729-2578679110-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Intel Driver && Support Assistant (HKLM-x32\...\{24ED9BA6-04C1-4F09-AB37-A7DC5ECDE6ED}) (Version: 22.1.8.8 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{9154f79b-8fb8-46ef-b7a6-95f136391303}) (Version: 10.1.17479.8054 - Intel(R) Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1743.4.0.1217 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{5604a897-b259-42f9-80fa-d71081fad4a6}) (Version: 22.1.8.8 - Intel)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{572E990E-67FD-4014-884C-A730BFC7E1D7}) (Version: 4.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Outlaws (HKLM-x32\...\1425302464_is1) (Version: 2.1.0.11 - GOG.com)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 6.02 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20500.501.0_x64__rz1tebttyb220 [2021-10-29] (Dolby Laboratories)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.33.0_x64__5grkq8ppsgwt4 [2022-02-20] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-26] (LENOVO INC.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Ovládacie centrum pre grafiku Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-08] (INTEL CORP) [Startup Task]
Power2Go for Lenovo -> C:\Program Files\WindowsApps\cyberlinkcorp.th.power2goforlenovo_8.0.12518.0_x86__m916jedk64snt [2021-10-29] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.4112.0_x86__m916jedk64snt [2022-01-04] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.7.195.0_x64__dt26b99r8h8gj [2021-10-29] (Realtek Semiconductor Corp)
Rozšírenie pre video MPEG-2 -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-10-29] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\domin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2021-04-22 07:31 - 2021-04-22 07:31 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2022-02-20 19:35 - 2022-02-20 19:35 - 000137168 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
2021-07-23 10:36 - 2021-07-23 10:36 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2021-05-21 07:12 - 2021-05-21 07:12 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-07-23 10:36 - 2021-07-23 10:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\iCLS\;C:\Program Files\Intel\TXE Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img19.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_83497DAD29FF071D0AEDF40311C6C56D"
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B1463F93-7514-4A51-8949-C21A873FD146}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{034AF11D-3272-4F36-B82B-349069845C15}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{2D277146-9FC3-4E33-9D30-8B15851CCC53}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{16B8DD88-AA34-4A0C-A9CE-6A25930918C9}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{EEDA5F04-8997-4DD6-B1CE-D74A73395C05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C2F0D8C0-2AFF-4682-B63D-25F222418EB3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D09C7D1D-862A-4F7F-8030-35C69737020B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D42CDB7-2931-4CBF-AA95-ED6884101244}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9DE5AF4F-FE95-4541-9FC5-A86A9F86548D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BCB6D80D-74DD-4ABE-AB7D-0AA6AB4BCB58}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB3472EB-A9F7-4276-AEB1-B5D90C4D6711}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99BABE1E-26C0-4B9D-B752-44B5A7AFDE1D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/08/2022 05:48:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 616, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5768, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3116, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3116, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5768, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3116, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 616, ProfSvc PID: 1784.
System errors:
=============
Error: (03/08/2022 03:40:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/08/2022 03:38:04 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{66AB52EB-FA83-4BB6-8941-9C2DA4D06973} because another computer on the network has the same name. The server could not start.
Error: (03/08/2022 03:37:58 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.
Error: (03/03/2022 09:22:50 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb698 for Disk 1 (PDO name: \Device\00000067) failed due to a hardware error.
Error: (03/03/2022 09:20:53 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb6a0 for Disk 1 (PDO name: \Device\00000064) failed due to a hardware error.
Error: (03/03/2022 09:20:26 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (03/03/2022 09:14:14 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb698 for Disk 1 (PDO name: \Device\00000061) failed due to a hardware error.
Error: (03/03/2022 09:13:38 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb6a0 for Disk 1 (PDO name: \Device\0000005e) failed due to a hardware error.
Windows Defender:
================
Date: 2022-03-08 17:41:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-08 16:34:52
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe; file:_C:\Users\domin\OneDrive\Počítač\outlaws_TOHl-O1.exe; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe|https://d3icosvzxa9p37.cloudfront.net/W ... 2774454557; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_TOHl-O1.exe|https://d3icosvzxa9p37.cloudfront.net/H ... 3kGqCJdqAO
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.359.1570.0, AS: 1.359.1570.0, NIS: 1.359.1570.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-03-08 16:34:43
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe|https://d3icosvzxa9p37.cloudfront.net/W ... 2774454557
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.359.1570.0, AS: 1.359.1570.0, NIS: 1.359.1570.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-03-08 16:34:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe|https://d3icosvzxa9p37.cloudfront.net/W ... 2774454557
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.359.1570.0, AS: 1.359.1570.0, NIS: 1.359.1570.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-02-27 16:29:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2022-02-19 13:09:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.64.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.
Date: 2022-01-18 18:40:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.2069.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2022-01-18 18:40:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.2069.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-11-09 19:52:43
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.353.706.0;1.353.706.0
Engine version: 1.1.18700.4
Date: 2021-11-09 19:52:42
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.353.717.0;1.353.717.0
Engine version: 1.1.18700.4
CodeIntegrity:
===============
Date: 2021-10-29 12:45:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.
Date: 2021-10-29 11:50:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2021-10-29 11:35:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 7XCN41WW 06/17/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
Percentage of memory in use: 73%
Total physical RAM: 3918.57 MB
Available physical RAM: 1021.29 MB
Total Virtual: 5198.57 MB
Available Virtual: 891.96 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:464.51 GB) (Free:410.34 GB) NTFS
\\?\Volume{0f49ae9f-2fe1-4928-bcb9-aee148d821f1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{f4193deb-79d4-49f0-9fbb-4a0a96b287a5}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
Ran by Dominika (administrator) on DOMINIKA (LENOVO 81D1) (08-03-2022 18:57:23)
Running from C:\Users\domin\OneDrive\Počítač
Loaded Profiles: Dominika
Platform: Microsoft Windows 11 Home Version 21H2 22000.527 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCopyAccelerator.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971256 2019-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-02-22] (Intel Corporation -> Intel)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\Installer\setup.exe [3188648 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\Run: [MicrosoftEdgeAutoLaunch_83497DAD29FF071D0AEDF40311C6C56D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\Software\...\AppCompatFlags\Custom\olwin.exe: [{8e349ecb-f876-41f3-af8a-837fa3eeec17}.sdb] -> GOG.com Outlaws
HKLM\Software\...\AppCompatFlags\InstalledSDB\{8e349ecb-f876-41f3-af8a-837fa3eeec17}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{8e349ecb-f876-41f3-af8a-837fa3eeec17}.sdb [2015-03-05]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15A1E5BE-8D18-4B08-ACA2-FBCE0B186B97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {178D055F-53E8-4EEC-A772-D463D6E589F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {198F5597-D99F-47CD-BF55-4BFB6F4E78E5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c917ef3d-cda5-4bfe-ba53-98d81efd86b7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {37BC9AC1-C972-4A96-B116-6A648E27B1A1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a8df07d2-a257-4da5-954a-daf9aa56a1d1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {37CA7C12-5BB9-4191-BF44-0350AD1BEEAE} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {3BDFA0EB-55DC-4055-8F07-7C9098B1588A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c375bea4-52af-4c49-89b2-30090459ea95 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {58E5A057-D00A-4BA8-9174-3550BD7E8D8A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\69c84df9-01d9-4db3-a264-e612d8e2a5ed => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5D725867-02AA-42A2-9788-1FC2390483C7} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {62A42693-77AE-40AE-8BB9-DD8C2FFEA6F4} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {A12C1E73-DD09-4A23-966E-4A8043F6B364} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {B1A89E2B-F51A-43A6-809E-FB419F39ADC3} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {BBBDC642-E3A0-4EF9-9B9B-E32CF88E7FF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D4D81DC3-7374-42DC-B7DC-9AF2096CEF56} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {E356F6C4-1873-434D-AFD5-A3508AA4306C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2aeb6137-e9e1-48f8-8562-ac4a7c83d64b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {E55B7071-6C9A-426B-B82C-9A1AB8997548} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {E99B91FD-5999-40ED-85F7-94D981D59C45} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {F25887FC-8584-4790-A76C-648534F102DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0d82e113-8304-4f0a-b79b-f21609811a35}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{66ab52eb-fa83-4bb6-8941-9c2da4d06973}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\domin\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-03-08]
Edge DownloadDir: Profile 1 -> C:\Users\domin\OneDrive\Počítač
Edge Notifications: Profile 1 -> hxxps://imendocals.com; hxxps://www84.orvilleandrea.pro
Edge HomePage: Profile 1 -> hxxp://www.google.sk/
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2022-02-22] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [181176 2022-02-22] (Intel Corporation -> Intel)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-06-05] (Microsoft Corporation) [File not signed]
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [43720 2020-10-27] (ESET, spol. s r.o. -> ESET)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-01-28] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsl0f403a29; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{258F3F97-0B1E-4572-9B09-1CD26079463C}\MpKslDrv.sys [135440 2022-03-08] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-08 17:46 - 2022-03-08 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlaws [GOG.com]
2022-03-08 17:45 - 2022-03-08 17:45 - 000000000 ____D C:\GOG Games
2022-03-08 17:19 - 2022-03-08 17:19 - 000000000 ____D C:\Users\domin\AppData\Roaming\WinRAR
2022-03-08 17:17 - 2022-03-08 17:19 - 000000000 ____D C:\Program Files\WinRAR
2022-03-08 17:17 - 2022-03-08 17:17 - 000000000 ____D C:\Users\domin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-08 17:17 - 2022-03-08 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-08 16:33 - 2022-03-08 16:33 - 000000000 ____D C:\Users\domin\AppData\Local\ADMITLoving
2022-03-08 16:27 - 2022-03-08 16:27 - 000000000 ___HD C:\ProgramData\CyberLink
2022-03-03 21:08 - 2022-03-03 21:08 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2022-02-26 09:36 - 2022-02-26 09:36 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2022-02-20 20:12 - 2022-02-20 20:12 - 000015024 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-20 20:10 - 2022-02-20 20:10 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-02-20 19:55 - 2022-02-20 19:55 - 000000000 ___HD C:\$WinREAgent
2022-02-20 19:49 - 2022-02-20 19:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-19 13:14 - 2022-02-19 13:14 - 000001434 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2022-02-07 12:49 - 2022-02-07 12:49 - 000499136 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-02-07 12:49 - 2022-02-07 12:49 - 000431936 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000943472 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000703224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000588128 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-02-07 12:48 - 2022-02-07 12:48 - 000448392 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 027889576 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 020629912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001887392 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001887392 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001464992 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001464992 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-02-07 12:47 - 2022-02-07 12:47 - 001323760 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001323760 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001043176 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 001043176 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 000453032 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 000375720 _____ C:\WINDOWS\system32\ze_loader.dll
2022-02-07 12:47 - 2022-02-07 12:47 - 000142240 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-02-07 12:46 - 2022-02-07 12:46 - 000209944 _____ C:\WINDOWS\system32\ControlLib.dll
2022-02-07 12:46 - 2022-02-07 12:46 - 000166024 _____ C:\WINDOWS\system32\ControlLib32.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-08 18:58 - 2021-10-29 12:26 - 000000000 ____D C:\FRST
2022-03-08 18:52 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-08 18:48 - 2021-10-29 08:37 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-08 17:39 - 2021-10-29 10:29 - 000000000 ____D C:\Users\domin\AppData\Local\D3DSCache
2022-03-08 17:19 - 2021-10-29 08:37 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-08 17:19 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-08 17:18 - 2021-10-29 10:30 - 000000000 ____D C:\ProgramData\Packages
2022-03-08 17:18 - 2021-10-29 10:29 - 000000000 ____D C:\Users\domin\AppData\Local\Packages
2022-03-08 16:08 - 2021-10-29 18:51 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-03 21:22 - 2021-10-29 08:35 - 000000000 ____D C:\WINDOWS\INF
2022-03-03 21:09 - 2021-10-29 18:48 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-03-03 21:09 - 2021-10-29 18:48 - 000000000 ____D C:\Intel
2022-03-03 21:09 - 2021-10-29 18:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-03 21:09 - 2021-10-29 18:45 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-03 21:09 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-03 21:09 - 2021-10-29 08:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-03-03 20:41 - 2021-10-29 18:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-27 18:56 - 2021-10-29 10:25 - 000000000 ____D C:\Users\domin
2022-02-27 11:56 - 2021-12-14 08:12 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3322863907-1844715729-2578679110-1001
2022-02-27 11:56 - 2021-10-29 10:35 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3322863907-1844715729-2578679110-1001
2022-02-27 11:56 - 2021-10-29 10:35 - 000002378 _____ C:\Users\domin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-26 09:36 - 2018-07-04 20:29 - 000000000 ____D C:\Program Files (x86)\Intel
2022-02-26 09:36 - 2018-07-04 20:25 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-20 20:40 - 2021-10-29 19:16 - 000803468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-20 20:35 - 2021-10-29 18:45 - 000293832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-20 20:32 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-20 20:26 - 2021-10-29 08:29 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-20 20:10 - 2021-10-29 18:51 - 003101696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-19 13:11 - 2021-10-29 18:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-12 13:30 - 2021-10-29 13:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-12 13:29 - 2021-10-29 13:06 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-12 08:56 - 2021-10-29 08:37 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2022
Ran by Dominika (08-03-2022 19:04:14)
Running from C:\Users\domin\OneDrive\Počítač
Microsoft Windows 11 Home Version 21H2 22000.527 (X64) (2021-10-29 18:13:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3322863907-1844715729-2578679110-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3322863907-1844715729-2578679110-503 - Limited - Disabled)
Dominika (S-1-5-21-3322863907-1844715729-2578679110-1001 - Administrator - Enabled) => C:\Users\domin
Guest (S-1-5-21-3322863907-1844715729-2578679110-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3322863907-1844715729-2578679110-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Intel Driver && Support Assistant (HKLM-x32\...\{24ED9BA6-04C1-4F09-AB37-A7DC5ECDE6ED}) (Version: 22.1.8.8 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{9154f79b-8fb8-46ef-b7a6-95f136391303}) (Version: 10.1.17479.8054 - Intel(R) Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1743.4.0.1217 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{5604a897-b259-42f9-80fa-d71081fad4a6}) (Version: 22.1.8.8 - Intel)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{572E990E-67FD-4014-884C-A730BFC7E1D7}) (Version: 4.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Outlaws (HKLM-x32\...\1425302464_is1) (Version: 2.1.0.11 - GOG.com)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 6.02 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20500.501.0_x64__rz1tebttyb220 [2021-10-29] (Dolby Laboratories)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.33.0_x64__5grkq8ppsgwt4 [2022-02-20] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-26] (LENOVO INC.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-08] (Microsoft Corporation)
Ovládacie centrum pre grafiku Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-08] (INTEL CORP) [Startup Task]
Power2Go for Lenovo -> C:\Program Files\WindowsApps\cyberlinkcorp.th.power2goforlenovo_8.0.12518.0_x86__m916jedk64snt [2021-10-29] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.4112.0_x86__m916jedk64snt [2022-01-04] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.7.195.0_x64__dt26b99r8h8gj [2021-10-29] (Realtek Semiconductor Corp)
Rozšírenie pre video MPEG-2 -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-10-29] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\domin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2021-04-22 07:31 - 2021-04-22 07:31 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2022-02-20 19:35 - 2022-02-20 19:35 - 000137168 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
2021-07-23 10:36 - 2021-07-23 10:36 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2021-05-21 07:12 - 2021-05-21 07:12 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-07-23 10:36 - 2021-07-23 10:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\iCLS\;C:\Program Files\Intel\TXE Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img19.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_83497DAD29FF071D0AEDF40311C6C56D"
HKU\S-1-5-21-3322863907-1844715729-2578679110-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B1463F93-7514-4A51-8949-C21A873FD146}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{034AF11D-3272-4F36-B82B-349069845C15}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{2D277146-9FC3-4E33-9D30-8B15851CCC53}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{16B8DD88-AA34-4A0C-A9CE-6A25930918C9}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{EEDA5F04-8997-4DD6-B1CE-D74A73395C05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C2F0D8C0-2AFF-4682-B63D-25F222418EB3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D09C7D1D-862A-4F7F-8030-35C69737020B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D42CDB7-2931-4CBF-AA95-ED6884101244}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9DE5AF4F-FE95-4541-9FC5-A86A9F86548D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BCB6D80D-74DD-4ABE-AB7D-0AA6AB4BCB58}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB3472EB-A9F7-4276-AEB1-B5D90C4D6711}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99BABE1E-26C0-4B9D-B752-44B5A7AFDE1D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/08/2022 05:48:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 616, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5768, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3116, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3116, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5768, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3116, ProfSvc PID: 1784.
Error: (03/01/2022 03:11:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 616, ProfSvc PID: 1784.
System errors:
=============
Error: (03/08/2022 03:40:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/08/2022 03:38:04 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{66AB52EB-FA83-4BB6-8941-9C2DA4D06973} because another computer on the network has the same name. The server could not start.
Error: (03/08/2022 03:37:58 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x10), Please contact your system vendor for technical assistance.
Error: (03/03/2022 09:22:50 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb698 for Disk 1 (PDO name: \Device\00000067) failed due to a hardware error.
Error: (03/03/2022 09:20:53 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb6a0 for Disk 1 (PDO name: \Device\00000064) failed due to a hardware error.
Error: (03/03/2022 09:20:26 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (03/03/2022 09:14:14 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb698 for Disk 1 (PDO name: \Device\00000061) failed due to a hardware error.
Error: (03/03/2022 09:13:38 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x5eb6a0 for Disk 1 (PDO name: \Device\0000005e) failed due to a hardware error.
Windows Defender:
================
Date: 2022-03-08 17:41:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-08 16:34:52
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe; file:_C:\Users\domin\OneDrive\Počítač\outlaws_TOHl-O1.exe; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe|https://d3icosvzxa9p37.cloudfront.net/W ... 2774454557; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_TOHl-O1.exe|https://d3icosvzxa9p37.cloudfront.net/H ... 3kGqCJdqAO
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.359.1570.0, AS: 1.359.1570.0, NIS: 1.359.1570.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-03-08 16:34:43
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe|https://d3icosvzxa9p37.cloudfront.net/W ... 2774454557
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.359.1570.0, AS: 1.359.1570.0, NIS: 1.359.1570.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-03-08 16:34:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe; webfile:_C:\Users\domin\OneDrive\Počítač\outlaws_A53Q-q1.exe|https://d3icosvzxa9p37.cloudfront.net/W ... 2774454557
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.359.1570.0, AS: 1.359.1570.0, NIS: 1.359.1570.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-02-27 16:29:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2022-02-19 13:09:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.64.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x80240016
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.
Date: 2022-01-18 18:40:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.2069.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2022-01-18 18:40:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.2069.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-11-09 19:52:43
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.353.706.0;1.353.706.0
Engine version: 1.1.18700.4
Date: 2021-11-09 19:52:42
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.353.717.0;1.353.717.0
Engine version: 1.1.18700.4
CodeIntegrity:
===============
Date: 2021-10-29 12:45:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.
Date: 2021-10-29 11:50:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.
Date: 2021-10-29 11:35:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 7XCN41WW 06/17/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
Percentage of memory in use: 73%
Total physical RAM: 3918.57 MB
Available physical RAM: 1021.29 MB
Total Virtual: 5198.57 MB
Available Virtual: 891.96 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:464.51 GB) (Free:410.34 GB) NTFS
\\?\Volume{0f49ae9f-2fe1-4928-bcb9-aee148d821f1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{f4193deb-79d4-49f0-9fbb-4a0a96b287a5}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
