Solved PC is reinfecting or some bootkit

Pomlcka

Posts: 17   +0
Hello,

I think I have some form of persistent virus in my home pcs.
I have more times reinstalled OSs (win 10) and after some time most of services are disabled. In first case it was immediately, in second case after week (this computer). If I use netstat I can see my pc is connecting to various pages that are marked as malicious or suspicious and some processes (svchost ) are scanning listening many ports. I have eset, which is blocking some communications: UDP, ICMPv6 and UPnP... I tried some anti-virus programs with n result.
Before reinstallations I tried Hitman.pro trial which catch some conduit threat and it was reappearing after deletion by hitman and Malwarebytes catched something like registry.injection and hijack.dll.
I am copying log from FRST + addition:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
Ran by pomlc (administrator) on NOTEBOOOK (Acer Aspire ES1-571) (11-12-2020 10:59:42)
Running from C:\Users\pomlc\Desktop
Loaded Profiles: pomlc
Platform: Windows 10 Pro Version 20H2 19042.685 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB4DCEB-704C-46B1-9045-B9A2DEDD7CD8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3A282C57-53BC-49B2-A0E5-D6A3243BA4A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5A7BDAB6-3AE7-4D36-A495-D7ABF4FCB986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)
Task: {DCF73539-B62D-42EA-A8BD-04E3C1248EFF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FA3A3E4C-8A67-469B-B646-992F949D6D0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{263ce8fb-0cd9-4ca7-92a9-8d4efcbb6bf0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9c4c91b7-53fb-4f36-9a56-41306f76f495}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pomlc\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-10]

Chrome:
=======
CHR Profile: C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default [2020-12-11]
CHR Extension: (Prezentácie) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-07]
CHR Extension: (Dokumenty) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-07]
CHR Extension: (Disk Google) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-07]
CHR Extension: (YouTube) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-07]
CHR Extension: (Tabuľky) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-07]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-07]
CHR Extension: (Gmail) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [89968 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-11 10:59 - 2020-12-11 11:00 - 000011023 _____ C:\Users\pomlc\Desktop\FRST.txt
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\Users\pomlc\Desktop\FRST-OlderVersion
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\FRST
2020-12-11 10:37 - 2020-12-03 14:16 - 046768128 _____ C:\Users\pomlc\Desktop\659ce.msi
2020-12-11 10:36 - 2020-12-11 10:59 - 002288640 _____ (Farbar) C:\Users\pomlc\Desktop\FRST64.exe
2020-12-10 20:49 - 2020-12-10 20:49 - 000073621 _____ C:\Users\pomlc\Desktop\services.exe.txt
2020-12-10 20:08 - 2020-12-10 20:08 - 000000917 _____ C:\Users\pomlc\Desktop\ckfiles.txt
2020-12-10 20:06 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Downloads\CKScanner.exe
2020-12-10 20:05 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Desktop\CKScanner.exe
2020-12-10 19:59 - 2020-12-10 19:59 - 000028034 _____ C:\Users\pomlc\Desktop\smss.exe.txt
2020-12-10 19:50 - 2020-12-10 19:51 - 000727444 _____ C:\Windows\Minidump\121020-8140-01.dmp
2020-12-10 19:45 - 2020-12-10 19:51 - 000036200 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-12-10 19:45 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Desktop\procexp.exe
2020-12-10 19:44 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Downloads\procexp.exe
2020-12-10 19:14 - 2020-12-10 19:14 - 000000000 ____D C:\Users\pomlc\AppData\Local\MicrosoftEdge
2020-12-10 19:13 - 2020-12-10 19:13 - 000852504 _____ C:\Users\pomlc\Downloads\SecurityCheck.exe
2020-12-10 19:05 - 2020-12-10 19:05 - 001228152 _____ (AVG Technologies) C:\Users\pomlc\Downloads\avg_driver_updater_online_setup.exe
2020-12-10 18:48 - 2020-12-10 18:51 - 000000000 ____D C:\Users\pomlc\Desktop\spybotes
2020-12-10 17:40 - 2020-12-10 17:40 - 000034719 _____ C:\Users\pomlc\Desktop\includese.zip
2020-12-10 17:39 - 2020-12-10 17:39 - 000070043 _____ C:\Users\pomlc\Desktop\zospybotu.zip
2020-12-10 17:37 - 2020-12-10 17:37 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-10 17:37 - 2020-12-10 17:37 - 000010912 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-12-10 17:36 - 2020-12-10 17:36 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-10 17:33 - 2020-12-10 17:33 - 000000000 ____D C:\Users\pomlc\AppData\Local\Safer-Networking Ltd
2020-12-10 17:29 - 2020-12-10 17:29 - 000000000 ____D C:\Safer-Networking Ltd
2020-12-10 17:28 - 2020-12-10 20:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2020-12-10 18:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-12-10 17:28 - 2020-12-10 17:28 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2020-12-10 17:28 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2020-12-10 17:23 - 2020-12-10 17:26 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\pomlc\Downloads\spybotsd-2.8.68.0.exe
2020-12-10 16:40 - 2020-12-11 10:13 - 001587062 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-10 16:23 - 2020-12-11 10:09 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-10 16:23 - 2020-12-10 16:23 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-10 16:08 - 2020-12-10 16:12 - 000000000 ____D C:\Users\pomlc\Desktop\bordel
2020-12-10 15:48 - 2020-12-10 15:49 - 000000000 ____D C:\KVRT_Data
2020-12-10 15:46 - 2020-12-11 10:13 - 000664864 _____ C:\Windows\system32\perfh01B.dat
2020-12-10 15:46 - 2020-12-11 10:13 - 000121936 _____ C:\Windows\system32\perfc01B.dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000207 _____ C:\Windows\tweaking.com-regbackup-NOTEBOOOK-Windows-10-Pro-(64-bit).dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000000 ____D C:\RegBackup
2020-12-10 14:36 - 2020-12-10 14:36 - 000001989 _____ C:\Users\pomlc\Desktop\Repair_Windows.exe – odkaz.lnk
2020-12-10 14:30 - 2020-12-10 14:30 - 000361792 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2020-12-10 14:30 - 2020-12-10 14:30 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-10 14:26 - 2020-12-10 17:10 - 000000000 ____D C:\Users\pomlc\Desktop\aa
2020-12-10 14:26 - 2020-12-10 15:19 - 000002176 _____ C:\Users\pomlc\Desktop\Rkill.txt
2020-12-10 14:22 - 2020-12-11 10:11 - 000000000 ____D C:\Users\pomlc\Desktop\mirka-notas3
2020-12-10 12:00 - 2020-12-10 12:00 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup (1).exe
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-10 11:58 - 2020-12-10 11:58 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup.exe
2020-12-10 08:37 - 2020-12-10 08:37 - 000000000 ____D C:\Users\pomlc\Downloads\be
2020-12-10 08:34 - 2020-12-10 08:34 - 000000000 ____D C:\asd
2020-12-10 08:23 - 2020-12-10 08:23 - 000000000 ____D C:\Users\pomlc\AppData\Local\WmiExplorer
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ C:\Users\pomlc\AppData\Local\resmon.resmoncfg
2020-12-10 08:01 - 2020-12-10 08:01 - 000228140 _____ C:\Users\pomlc\Downloads\WMIExplorer_2.0.0.0.zip
2020-12-10 08:01 - 2020-12-10 08:01 - 000000000 ____D C:\Users\pomlc\Desktop\WMIExplorer_2.0.0.0
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer.exe
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer (1).exe
2020-12-07 14:14 - 2020-12-10 15:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-07 14:13 - 2020-12-07 14:13 - 000000000 ____D C:\Windows\pss
2020-12-07 14:06 - 2020-12-07 14:06 - 000002331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-07 14:05 - 2020-12-07 14:05 - 000000000 ____D C:\Program Files\Google
2020-12-07 14:04 - 2020-12-07 14:10 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-07 14:04 - 2020-12-07 14:10 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-07 13:58 - 2020-12-07 14:15 - 000000000 ____D C:\Users\pomlc\AppData\Local\Google
2020-12-07 13:58 - 2020-12-07 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-07 13:58 - 2020-12-07 13:58 - 001317080 _____ (Google LLC) C:\Users\pomlc\Downloads\ChromeSetup.exe
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____D C:\Users\pomlc\Desktop\mirka_notas2
2020-12-07 13:54 - 2020-12-07 13:54 - 000055993 _____ C:\Users\pomlc\Desktop\ibatextaky.zip
2020-12-07 13:54 - 2020-12-07 13:54 - 000000000 ____D C:\Users\pomlc\Desktop\ibatextaky
2020-12-07 13:08 - 2020-12-07 13:08 - 000081659 _____ C:\Users\pomlc\Desktop\vtempe.zip
2020-12-07 13:04 - 2020-12-07 13:04 - 000000000 ____D C:\Users\pomlc\Desktop\v tempe-onedrive
2020-12-07 12:55 - 2020-12-07 12:55 - 000089968 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-12-07 12:53 - 2020-12-10 19:51 - 000000000 ____D C:\Windows\Minidump
2020-12-07 12:53 - 2020-12-10 19:50 - 477160921 _____ C:\Windows\MEMORY.DMP
2020-12-05 09:20 - 2020-12-10 20:55 - 071041024 _____ C:\Windows\system32\config\SOFTWARE
2020-12-05 09:17 - 2020-12-05 09:20 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-12-04 20:49 - 2020-12-04 20:49 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Macromedia
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-04 18:57 - 2020-12-04 18:57 - 001333248 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-04 18:57 - 2020-12-04 18:57 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000165376 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-04 17:20 - 2020-12-04 17:20 - 000000000 ____D C:\Users\pomlc\AppData\Local\PeerDistRepub
2020-12-03 19:46 - 2020-12-03 19:46 - 002045618 _____ C:\Users\pomlc\Downloads\ProcessMonitor.zip
2020-12-03 19:46 - 2020-12-03 19:46 - 000000000 ____D C:\Users\pomlc\Desktop\ProcessMonitor
2020-12-03 16:21 - 2020-12-03 16:21 - 000137016 _____ C:\Windows\system32\HvsiManagementApi.dll
2020-12-03 16:21 - 2020-12-03 16:21 - 000101688 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2020-12-03 16:20 - 2020-12-03 16:20 - 001309504 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-12-03 16:20 - 2020-12-03 16:20 - 000045880 _____ C:\Windows\system32\HvSocket.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000455168 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2020-12-03 16:19 - 2020-12-03 16:19 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2020-12-03 16:18 - 2020-12-03 16:18 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2020-12-03 16:18 - 2020-12-03 16:18 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2020-12-03 16:18 - 2020-12-03 16:18 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2020-12-03 16:17 - 2020-12-03 16:17 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000707544 _____ C:\Windows\system32\TextShaping.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000645120 _____ C:\Windows\system32\WindowManagementAPI.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-12-03 16:17 - 2020-12-03 16:17 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2020-12-03 16:17 - 2020-12-03 16:17 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2020-12-03 16:16 - 2020-12-03 16:16 - 000455168 _____ C:\Windows\system32\ssdm.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000064552 _____ C:\Windows\system32\umpdc.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\ProgramData\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:19 - 2020-12-03 14:19 - 000000000 ____D C:\Users\pomlc\AppData\Local\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\Program Files\ESET
2020-12-03 14:14 - 2020-12-03 14:14 - 006341552 _____ (ESET) C:\Users\pomlc\Downloads\eset_internet_security_live_installer.exe
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Synaptics
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\ProgramData\Synaptics
2020-12-03 14:09 - 2020-12-03 14:09 - 000000000 ____D C:\Windows\system32\MRT
2020-12-03 14:04 - 2020-12-03 14:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-12-03 14:03 - 2020-12-03 14:03 - 000000000 ___HD C:\$WinREAgent
2020-12-03 14:02 - 2020-12-10 18:35 - 000000000 ____D C:\Users\pomlc\AppData\Local\D3DSCache
2020-12-03 14:00 - 2020-12-03 14:00 - 000000000 ____D C:\Users\pomlc\AppData\Local\Comms
2020-12-03 13:59 - 2020-12-03 18:31 - 000000000 ____D C:\Users\pomlc\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 13:58 - 2020-12-07 13:18 - 000000000 ___RD C:\Users\pomlc\OneDrive
2020-12-03 13:58 - 2020-12-03 13:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-12-03 13:57 - 2020-12-03 13:57 - 000000000 ____D C:\Users\pomlc\AppData\Local\Publishers
2020-12-03 13:56 - 2020-12-11 10:09 - 000000000 __SHD C:\Users\pomlc\IntelGraphicsProfiles
2020-12-03 13:56 - 2020-12-10 18:59 - 000000000 ____D C:\Users\pomlc\AppData\Local\Packages
2020-12-03 13:56 - 2020-12-07 17:59 - 000000000 ____D C:\ProgramData\Packages
2020-12-03 13:56 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Local\ConnectedDevicesPlatform
2020-12-03 13:56 - 2020-12-03 13:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-03 13:56 - 2020-12-03 13:56 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ___RD C:\Users\pomlc\3D Objects
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Adobe
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Local\VirtualStore
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2020-12-03 13:56 - 2017-06-27 05:55 - 000099816 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2020-12-03 13:53 - 2020-12-10 20:55 - 000000000 ____D C:\Users\pomlc
2020-12-03 13:53 - 2020-12-03 13:53 - 000000020 ___SH C:\Users\pomlc\ntuser.ini
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____D C:\Program Files\Synaptics
2020-12-03 13:52 - 2017-07-11 18:41 - 000077912 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2020-12-03 13:48 - 2020-12-10 16:23 - 000000000 ____D C:\Windows\CSC
2020-12-03 13:46 - 2020-12-03 13:46 - 000000000 _SHDL C:\Documents and Settings
2020-12-03 13:43 - 2020-12-10 20:55 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-03 13:43 - 2020-12-10 20:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-03 13:43 - 2020-12-10 19:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-03 13:43 - 2020-12-05 17:28 - 000000000 ____D C:\Windows\Panther
2020-12-03 13:43 - 2020-12-05 09:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-03 13:43 - 2020-12-03 13:43 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-11 10:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2020-12-11 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-10 20:55 - 2019-12-07 10:03 - 000262144 _____ C:\Windows\system32\config\BBI
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2020-12-10 17:38 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2020-12-10 17:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-08 20:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-12-07 12:51 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-12-05 09:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2020-12-04 21:59 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-04 16:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-12-03 19:51 - 2019-12-07 15:41 - 000000000 ___SD C:\Windows\system32\AppV
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2020-12-03 19:50 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2020-12-03 16:26 - 2019-12-07 15:41 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2020-12-03 16:26 - 2019-12-07 15:41 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2020-12-03 14:12 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2020-12-03 13:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-12-03 13:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-03 13:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2020-12-03 13:43 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories ========

2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ () C:\Users\pomlc\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Pomlcka

Posts: 17   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020
Ran by pomlc (11-12-2020 11:02:57)
Running from C:\Users\pomlc\Desktop
Windows 10 Pro Version 20H2 19042.685 (X64) (2020-12-03 12:47:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3130570375-147764310-2110794736-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3130570375-147764310-2110794736-503 - Limited - Disabled)
Guest (S-1-5-21-3130570375-147764310-2110794736-501 - Limited - Disabled)
pomlc (S-1-5-21-3130570375-147764310-2110794736-1001 - Administrator - Enabled) => C:\Users\pomlc
WDAGUtilityAccount (S-1-5-21-3130570375-147764310-2110794736-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4703 - Intel Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.2 - Tweaking.com)

Packages:

=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-05] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3130570375-147764310-2110794736-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================


==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================



==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3130570375-147764310-2110794736-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FCC404C-E0AE-4A47-B6D9-F686F5430A14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================


ATTENTION: System Restore is disabled (Total:118.63 GB) (Free:90.48 GB) (76%)
Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: Tlačový front koreňa
Description: Lokálny tlačový front
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Serial IO DMA Controller
Description: Intel(R) Serial IO DMA Controller
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================


Application errors:
==================
Error: (12/11/2020 10:59:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x237c
Čas spustenia chybujúcej aplikácie: 0x01d6cfa4452a9abd
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 4476ecde-7fef-4e51-ace7-23437c4a802b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 10:57:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x12d8
Čas spustenia chybujúcej aplikácie: 0x01d6cfa41714376c
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 6194f693-afd4-4e9f-b557-df5c0761f9ba
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 10:49:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x478
Čas spustenia chybujúcej aplikácie: 0x01d6cfa2df8a3911
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 2df1724f-883a-40af-9bbf-2dc88049609f
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 10:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x374
Čas spustenia chybujúcej aplikácie: 0x01d6cfa2b1763a11
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 3f03da06-bc1a-4e68-8718-6653b8b327e5
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 10:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x1fb0
Čas spustenia chybujúcej aplikácie: 0x01d6cfa179ec4174
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: ff4d7659-708d-4b57-92db-d41653dd69ba
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 10:37:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x1940
Čas spustenia chybujúcej aplikácie: 0x01d6cfa14bd36bb8
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 6adc59f2-1dad-4917-8bf9-dd79f9a4b298
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


Error: (12/11/2020 10:29:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x19a0
Čas spustenia chybujúcej aplikácie: 0x01d6cfa01448bf38
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 310da79d-60ec-49fd-9b72-02724a63dbcc
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 10:27:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0xb08
Čas spustenia chybujúcej aplikácie: 0x01d6cf9fe62c756c
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: c6ea38a4-c9c7-452d-8eb0-cf71033ec1d7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (12/11/2020 10:14:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Browser zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (12/11/2020 10:14:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Browser bol dosiahnutý časový limit (30000 ms).

Error: (12/11/2020 10:14:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Browser zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (12/11/2020 10:14:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Browser bol dosiahnutý časový limit (30000 ms).

Error: (12/11/2020 10:14:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Browser zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (12/11/2020 10:14:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Browser bol dosiahnutý časový limit (30000 ms).

Error: (12/11/2020 10:14:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Browser zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (12/11/2020 10:14:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Browser bol dosiahnutý časový limit (30000 ms).


Windows Defender:
===================================

Date: 2020-12-05 11:44:49.7060000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B1FDF589-CDB4-48DF-83E9-9D491393ADFF}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-12-05 10:52:27.5030000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {FA854BC1-7062-41A8-87B9-8ABFEE01EA41}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-05 09:58:33.0000000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {420A63E9-F2EF-495F-8FB7-CF752E5E9F00}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-05 09:31:05.6210000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A7B69498-BB8E-4DAC-A595-BD2AAC313988}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-12-05 10:43:32.3730000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2100.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2020-12-05 09:31:13.3890000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2100.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================


Date: 2020-12-11 11:00:13.6440000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:55:09.5270000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:50:04.5520000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:45:00.5030000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:39:57.4810000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:34:52.7700000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:29:48.7640000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 10:24:44.8060000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.06 03/22/2018
Motherboard: Acer Aspire ES1-571
Processor: Intel(R) Pentium(R) 3558U @ 1.70GHz
Percentage of memory in use: 85%
Total physical RAM: 4017.32 MB
Available physical RAM: 590.22 MB
Total Virtual: 5425.32 MB
Available Virtual: 1316.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.63 GB) (Free:90.48 GB) NTFS

\\?\Volume{a52c0894-91cb-4557-ab5c-2dbd276de55a}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{41d708c1-6254-4717-9dc4-4479c039f8ac}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 02C30305)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Pomlcka

Posts: 17   +0
Hello Broni,

thank you for your answer.
I am copying report from RogueKiller and MBAM , but I can not start AdwCleaner. It seems something prevents it from start. I had same problem before with Adwcleaner, can you help with it?
Thank you
Rogue:
RogueKiller Anti-Malware V14.8.0.0 (x64) [Nov 17 2020] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : pomlc [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20201210_103309, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/12/11 13:39:43 (Duration : 00:17:44)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[MalPE.99 (Potentially Malicious)] (file) SecurityCheck.exe -- C:\Users\pomlc\Downloads\SecurityCheck.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Malwarebytes:
Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 11. 12. 2020
Čas skenovania: 14:21
Súbor denníka: ba90db3e-3bb3-11eb-85f6-3065ecb078cb.json

-Údaje o softvéri-
Verzia: 4.3.0.98
Verzia súčastí: 1.0.1130
Aktualizovať verziu balíka: 1.0.34205
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 8
Procesor: x64
Systém súborov: NTFS
Používateľ: NOTEBOOOK\pomlc

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 263850
Zistené hrozby: 0
Hrozby umiestnené do karantény: 0
Uplynulý čas: 5 min, 5 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 0
(Nezistili sa nijaké škodlivé položky)

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)


(end)
 

Pomlcka

Posts: 17   +0
I changed predefined language in MBAM, so here is report from MBAM in English :
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/11/20
Scan Time: 2:21 PM
Log File: ba90db3e-3bb3-11eb-85f6-3065ecb078cb.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.34205
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: NOTEBOOOK\pomlc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 263850
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Pomlcka

Posts: 17   +0
Hello,
meanwhile I noticed, that windows refuse to open vpn settings in my pc: window stay stuck with picture of gear
 

Broni

Posts: 55,721   +501
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Pomlcka

Posts: 17   +0
Hello,

here are logs ( I run scan when I was online, I don't know it that affect logs):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
Ran by pomlc (administrator) on NOTEBOOOK (Acer Aspire ES1-571) (11-12-2020 18:29:34)
Running from C:\Users\pomlc\Desktop
Loaded Profiles: pomlc
Platform: Windows 10 Pro Version 20H2 19042.685 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <8>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB4DCEB-704C-46B1-9045-B9A2DEDD7CD8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3A282C57-53BC-49B2-A0E5-D6A3243BA4A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5A7BDAB6-3AE7-4D36-A495-D7ABF4FCB986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)
Task: {DCF73539-B62D-42EA-A8BD-04E3C1248EFF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FA3A3E4C-8A67-469B-B646-992F949D6D0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{263ce8fb-0cd9-4ca7-92a9-8d4efcbb6bf0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9c4c91b7-53fb-4f36-9a56-41306f76f495}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pomlc\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-10]

Chrome:
=======
CHR Profile: C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default [2020-12-11]
CHR DownloadDir: C:\Users\pomlc\Desktop
CHR Extension: (Prezentácie) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-07]
CHR Extension: (Dokumenty) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-07]
CHR Extension: (Disk Google) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-07]
CHR Extension: (YouTube) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-07]
CHR Extension: (Tabuľky) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-07]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-07]
CHR Extension: (Gmail) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 Browser; %SystemRoot%\System32\browser.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-11] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [139424 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [89968 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [41624 2020-12-11] (Adlice -> )
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-12-11] (Adlice -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Pomlcka

Posts: 17   +0
==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-11 18:28 - 2020-12-11 18:28 - 000000000 ____D C:\Users\pomlc\Desktop\reporty
2020-12-11 14:44 - 2020-12-11 14:44 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-11 14:44 - 2020-12-11 14:44 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-11 14:38 - 2020-12-11 14:44 - 000139424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-11 14:27 - 2020-12-11 14:27 - 008447152 _____ (Malwarebytes) C:\Users\pomlc\Desktop\AdwCleaner.exe
2020-12-11 14:10 - 2020-12-11 14:10 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-11 14:10 - 2020-12-11 14:10 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-11 14:10 - 2020-12-11 14:10 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-11 14:10 - 2020-12-11 14:10 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-11 14:10 - 2020-12-11 14:10 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-11 14:10 - 2020-12-11 14:10 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-11 14:10 - 2020-12-11 14:10 - 000000000 ____D C:\Users\pomlc\AppData\Local\mbam
2020-12-11 14:10 - 2020-12-11 14:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-11 14:08 - 2020-12-11 14:08 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-11 14:07 - 2020-12-11 14:07 - 002086424 _____ (Malwarebytes) C:\Users\pomlc\Desktop\MBSetup.exe
2020-12-11 13:38 - 2020-12-11 14:38 - 000041624 _____ C:\Windows\system32\Drivers\rkflt.sys
2020-12-11 13:37 - 2020-12-11 14:38 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
2020-12-11 13:37 - 2020-12-11 13:42 - 000000000 ____D C:\ProgramData\RogueKiller
2020-12-11 13:37 - 2020-12-11 13:37 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-12-11 13:37 - 2020-12-11 13:37 - 000000899 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-12-11 13:37 - 2020-12-11 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-12-11 13:37 - 2020-12-11 13:37 - 000000000 ____D C:\Program Files\RogueKiller
2020-12-11 13:35 - 2020-12-11 13:36 - 040473968 _____ (Adlice Software ) C:\Users\pomlc\Desktop\setup.exe
2020-12-11 13:32 - 2020-12-11 13:33 - 040473968 _____ (Adlice Software ) C:\Users\pomlc\Downloads\setup.exe
2020-12-11 13:00 - 2020-12-11 13:00 - 000440028 _____ C:\Windows\Minidump\121120-6062-01.dmp
2020-12-11 11:27 - 2020-12-11 11:27 - 000020615 _____ C:\Users\pomlc\Desktop\postnute_na_techspot.zip
2020-12-11 11:17 - 2020-12-11 11:19 - 000029608 _____ C:\Users\pomlc\Desktop\aa.txt
2020-12-11 11:02 - 2020-12-11 11:04 - 000029608 _____ C:\Users\pomlc\Desktop\Addition.txt
2020-12-11 10:59 - 2020-12-11 18:30 - 000012026 _____ C:\Users\pomlc\Desktop\FRST.txt
2020-12-11 10:59 - 2020-12-11 18:29 - 000000000 ____D C:\FRST
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\Users\pomlc\Desktop\FRST-OlderVersion
2020-12-11 10:37 - 2020-12-03 14:16 - 046768128 _____ C:\Users\pomlc\Desktop\659ce.msi
2020-12-11 10:36 - 2020-12-11 10:59 - 002288640 _____ (Farbar) C:\Users\pomlc\Desktop\FRST64.exe
2020-12-10 20:49 - 2020-12-10 20:49 - 000073621 _____ C:\Users\pomlc\Desktop\services.exe.txt
2020-12-10 20:08 - 2020-12-10 20:08 - 000000917 _____ C:\Users\pomlc\Desktop\ckfiles.txt
2020-12-10 20:06 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Downloads\CKScanner.exe
2020-12-10 20:05 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Desktop\CKScanner.exe
2020-12-10 19:59 - 2020-12-10 19:59 - 000028034 _____ C:\Users\pomlc\Desktop\smss.exe.txt
2020-12-10 19:50 - 2020-12-10 19:51 - 000727444 _____ C:\Windows\Minidump\121020-8140-01.dmp
2020-12-10 19:45 - 2020-12-10 19:51 - 000036200 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-12-10 19:45 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Desktop\procexp.exe
2020-12-10 19:44 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Downloads\procexp.exe
2020-12-10 19:14 - 2020-12-10 19:14 - 000000000 ____D C:\Users\pomlc\AppData\Local\MicrosoftEdge
2020-12-10 19:05 - 2020-12-10 19:05 - 001228152 _____ (AVG Technologies) C:\Users\pomlc\Downloads\avg_driver_updater_online_setup.exe
2020-12-10 18:48 - 2020-12-10 18:51 - 000000000 ____D C:\Users\pomlc\Desktop\spybotes
2020-12-10 17:40 - 2020-12-10 17:40 - 000034719 _____ C:\Users\pomlc\Desktop\includese.zip
2020-12-10 17:39 - 2020-12-10 17:39 - 000070043 _____ C:\Users\pomlc\Desktop\zospybotu.zip
2020-12-10 17:37 - 2020-12-10 17:37 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-10 17:37 - 2020-12-10 17:37 - 000010912 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-12-10 17:36 - 2020-12-10 17:36 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-10 17:33 - 2020-12-10 17:33 - 000000000 ____D C:\Users\pomlc\AppData\Local\Safer-Networking Ltd
2020-12-10 17:29 - 2020-12-10 17:29 - 000000000 ____D C:\Safer-Networking Ltd
2020-12-10 17:28 - 2020-12-11 14:38 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2020-12-10 18:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-12-10 17:28 - 2020-12-10 17:28 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2020-12-10 17:28 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2020-12-10 17:23 - 2020-12-10 17:26 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\pomlc\Downloads\spybotsd-2.8.68.0.exe
2020-12-10 16:40 - 2020-12-11 14:42 - 001587062 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-10 16:23 - 2020-12-11 18:27 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-10 16:23 - 2020-12-10 16:23 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-10 16:08 - 2020-12-10 16:12 - 000000000 ____D C:\Users\pomlc\Desktop\bordel
2020-12-10 15:48 - 2020-12-10 15:49 - 000000000 ____D C:\KVRT_Data
2020-12-10 15:46 - 2020-12-11 14:42 - 000664864 _____ C:\Windows\system32\perfh01B.dat
2020-12-10 15:46 - 2020-12-11 14:42 - 000121936 _____ C:\Windows\system32\perfc01B.dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000207 _____ C:\Windows\tweaking.com-regbackup-NOTEBOOOK-Windows-10-Pro-(64-bit).dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000000 ____D C:\RegBackup
2020-12-10 14:36 - 2020-12-10 14:36 - 000001989 _____ C:\Users\pomlc\Desktop\Repair_Windows.exe – odkaz.lnk
2020-12-10 14:30 - 2020-12-10 14:30 - 000361792 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2020-12-10 14:30 - 2020-12-10 14:30 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-10 14:26 - 2020-12-10 17:10 - 000000000 ____D C:\Users\pomlc\Desktop\aa
2020-12-10 14:26 - 2020-12-10 15:19 - 000002176 _____ C:\Users\pomlc\Desktop\Rkill.txt
2020-12-10 14:22 - 2020-12-11 11:12 - 000000000 ____D C:\Users\pomlc\Desktop\mirka-notas3
2020-12-10 12:00 - 2020-12-10 12:00 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup (1).exe
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-10 11:58 - 2020-12-10 11:58 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup.exe
2020-12-10 08:37 - 2020-12-10 08:37 - 000000000 ____D C:\Users\pomlc\Downloads\be
2020-12-10 08:34 - 2020-12-10 08:34 - 000000000 ____D C:\asd
2020-12-10 08:23 - 2020-12-10 08:23 - 000000000 ____D C:\Users\pomlc\AppData\Local\WmiExplorer
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ C:\Users\pomlc\AppData\Local\resmon.resmoncfg
2020-12-10 08:01 - 2020-12-10 08:01 - 000228140 _____ C:\Users\pomlc\Downloads\WMIExplorer_2.0.0.0.zip
2020-12-10 08:01 - 2020-12-10 08:01 - 000000000 ____D C:\Users\pomlc\Desktop\WMIExplorer_2.0.0.0
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer.exe
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer (1).exe
2020-12-07 14:14 - 2020-12-10 15:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-07 14:13 - 2020-12-07 14:13 - 000000000 ____D C:\Windows\pss
2020-12-07 14:06 - 2020-12-07 14:06 - 000002331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-07 14:05 - 2020-12-07 14:05 - 000000000 ____D C:\Program Files\Google
2020-12-07 14:04 - 2020-12-07 14:10 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-07 14:04 - 2020-12-07 14:10 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-07 13:58 - 2020-12-07 14:15 - 000000000 ____D C:\Users\pomlc\AppData\Local\Google
2020-12-07 13:58 - 2020-12-07 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-07 13:58 - 2020-12-07 13:58 - 001317080 _____ (Google LLC) C:\Users\pomlc\Downloads\ChromeSetup.exe
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____D C:\Users\pomlc\Desktop\mirka_notas2
2020-12-07 13:54 - 2020-12-07 13:54 - 000055993 _____ C:\Users\pomlc\Desktop\ibatextaky.zip
2020-12-07 13:54 - 2020-12-07 13:54 - 000000000 ____D C:\Users\pomlc\Desktop\ibatextaky
2020-12-07 13:08 - 2020-12-07 13:08 - 000081659 _____ C:\Users\pomlc\Desktop\vtempe.zip
2020-12-07 13:04 - 2020-12-07 13:04 - 000000000 ____D C:\Users\pomlc\Desktop\v tempe-onedrive
2020-12-07 12:55 - 2020-12-07 12:55 - 000089968 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-12-07 12:53 - 2020-12-11 13:00 - 394831409 _____ C:\Windows\MEMORY.DMP
2020-12-07 12:53 - 2020-12-11 13:00 - 000000000 ____D C:\Windows\Minidump
2020-12-05 09:20 - 2020-12-11 14:37 - 071041024 _____ C:\Windows\system32\config\SOFTWARE
2020-12-05 09:17 - 2020-12-05 09:20 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-12-04 20:49 - 2020-12-04 20:49 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Macromedia
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-04 18:57 - 2020-12-04 18:57 - 001333248 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-04 18:57 - 2020-12-04 18:57 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000165376 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-04 17:20 - 2020-12-04 17:20 - 000000000 ____D C:\Users\pomlc\AppData\Local\PeerDistRepub
2020-12-03 19:46 - 2020-12-03 19:46 - 002045618 _____ C:\Users\pomlc\Downloads\ProcessMonitor.zip
2020-12-03 19:46 - 2020-12-03 19:46 - 000000000 ____D C:\Users\pomlc\Desktop\ProcessMonitor
2020-12-03 16:21 - 2020-12-03 16:21 - 000137016 _____ C:\Windows\system32\HvsiManagementApi.dll
2020-12-03 16:21 - 2020-12-03 16:21 - 000101688 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2020-12-03 16:20 - 2020-12-03 16:20 - 001309504 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-12-03 16:20 - 2020-12-03 16:20 - 000045880 _____ C:\Windows\system32\HvSocket.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000455168 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2020-12-03 16:19 - 2020-12-03 16:19 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2020-12-03 16:18 - 2020-12-03 16:18 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2020-12-03 16:18 - 2020-12-03 16:18 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2020-12-03 16:18 - 2020-12-03 16:18 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2020-12-03 16:17 - 2020-12-03 16:17 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000707544 _____ C:\Windows\system32\TextShaping.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000645120 _____ C:\Windows\system32\WindowManagementAPI.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-12-03 16:17 - 2020-12-03 16:17 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2020-12-03 16:17 - 2020-12-03 16:17 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2020-12-03 16:16 - 2020-12-03 16:16 - 000455168 _____ C:\Windows\system32\ssdm.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000064552 _____ C:\Windows\system32\umpdc.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\ProgramData\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:19 - 2020-12-03 14:19 - 000000000 ____D C:\Users\pomlc\AppData\Local\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\Program Files\ESET
2020-12-03 14:14 - 2020-12-03 14:14 - 006341552 _____ (ESET) C:\Users\pomlc\Downloads\eset_internet_security_live_installer.exe
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Synaptics
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\ProgramData\Synaptics
2020-12-03 14:09 - 2020-12-03 14:09 - 000000000 ____D C:\Windows\system32\MRT
2020-12-03 14:04 - 2020-12-03 14:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-12-03 14:03 - 2020-12-03 14:03 - 000000000 ___HD C:\$WinREAgent
2020-12-03 14:02 - 2020-12-11 11:10 - 000000000 ____D C:\Users\pomlc\AppData\Local\D3DSCache
2020-12-03 14:00 - 2020-12-03 14:00 - 000000000 ____D C:\Users\pomlc\AppData\Local\Comms
2020-12-03 13:59 - 2020-12-03 18:31 - 000000000 ____D C:\Users\pomlc\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 13:58 - 2020-12-07 13:18 - 000000000 ___RD C:\Users\pomlc\OneDrive
2020-12-03 13:58 - 2020-12-03 13:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-12-03 13:57 - 2020-12-03 13:57 - 000000000 ____D C:\Users\pomlc\AppData\Local\Publishers
2020-12-03 13:56 - 2020-12-11 18:27 - 000000000 __SHD C:\Users\pomlc\IntelGraphicsProfiles
2020-12-03 13:56 - 2020-12-10 18:59 - 000000000 ____D C:\Users\pomlc\AppData\Local\Packages
2020-12-03 13:56 - 2020-12-07 17:59 - 000000000 ____D C:\ProgramData\Packages
2020-12-03 13:56 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Local\ConnectedDevicesPlatform
2020-12-03 13:56 - 2020-12-03 13:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-03 13:56 - 2020-12-03 13:56 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ___RD C:\Users\pomlc\3D Objects
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Adobe
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Local\VirtualStore
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2020-12-03 13:56 - 2017-06-27 05:55 - 000099816 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2020-12-03 13:53 - 2020-12-11 13:00 - 000000000 ____D C:\Users\pomlc
2020-12-03 13:53 - 2020-12-03 13:53 - 000000020 ___SH C:\Users\pomlc\ntuser.ini
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____D C:\Program Files\Synaptics
2020-12-03 13:52 - 2017-07-11 18:41 - 000077912 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2020-12-03 13:48 - 2020-12-10 16:23 - 000000000 ____D C:\Windows\CSC
2020-12-03 13:46 - 2020-12-03 13:46 - 000000000 _SHDL C:\Documents and Settings
2020-12-03 13:43 - 2020-12-11 15:40 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-03 13:43 - 2020-12-11 14:37 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-03 13:43 - 2020-12-11 14:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-03 13:43 - 2020-12-05 17:28 - 000000000 ____D C:\Windows\Panther
2020-12-03 13:43 - 2020-12-05 09:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-03 13:43 - 2020-12-03 13:43 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-11 14:42 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2020-12-11 14:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-11 14:37 - 2019-12-07 10:03 - 000262144 _____ C:\Windows\system32\config\BBI
2020-12-11 13:27 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2020-12-10 17:38 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2020-12-10 17:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-08 20:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-12-07 12:51 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-12-05 09:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2020-12-04 21:59 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-04 16:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-12-03 19:51 - 2019-12-07 15:41 - 000000000 ___SD C:\Windows\system32\AppV
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2020-12-03 19:50 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2020-12-03 16:26 - 2019-12-07 15:41 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2020-12-03 16:26 - 2019-12-07 15:41 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2020-12-03 14:12 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2020-12-03 13:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-12-03 13:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-03 13:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2020-12-03 13:43 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories ========

2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ () C:\Users\pomlc\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Pomlcka

Posts: 17   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020
Ran by pomlc (11-12-2020 18:34:15)
Running from C:\Users\pomlc\Desktop
Windows 10 Pro Version 20H2 19042.685 (X64) (2020-12-03 12:47:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3130570375-147764310-2110794736-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3130570375-147764310-2110794736-503 - Limited - Disabled)
Guest (S-1-5-21-3130570375-147764310-2110794736-501 - Limited - Disabled)
pomlc (S-1-5-21-3130570375-147764310-2110794736-1001 - Administrator - Enabled) => C:\Users\pomlc
WDAGUtilityAccount (S-1-5-21-3130570375-147764310-2110794736-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4703 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
RogueKiller version 14.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.0.0 - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.2 - Tweaking.com)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-05] (Microsoft Corporation) [MS Ad]


==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3130570375-147764310-2110794736-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================


==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================


==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3130570375-147764310-2110794736-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FCC404C-E0AE-4A47-B6D9-F686F5430A14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.63 GB) (Free:88.76 GB) (75%)
Check "VSS" service


==================== Faulty Device Manager Devices ============


Name: Tlačový front koreňa
Description: Lokálny tlačový front
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Serial IO DMA Controller
Description: Intel(R) Serial IO DMA Controller
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/11/2020 06:34:29 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (12/11/2020 06:33:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: MBAMService.exe, verzia: 3.2.0.943, časová značka: 0x5fbd5689
Názov chybujúceho modulu: MBAMCore.dll, verzia: 3.0.0.1094, časová značka: 0x5fd22fe1
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000019700
Identifikácia chybujúceho procesu: 0x2158
Čas spustenia chybujúcej aplikácie: 0x01d6cfc3b43b2055
Cesta chybujúcej aplikácie: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Cesta chybujúceho modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Identifikácia hlásenia: f2b2dad8-f8bc-497b-b403-f304e244c8a4
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 06:32:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6a0

Start Time: 01d6cfe31a4e4a95

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: a2651e55-cd94-4f67-83a6-89b1d8dcb440

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (12/11/2020 06:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x1d60
Čas spustenia chybujúcej aplikácie: 0x01d6cfe3868e676a
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 41028de6-21f5-4ca0-9783-821343976a28
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 06:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0xfb8
Čas spustenia chybujúcej aplikácie: 0x01d6cfe31bad7fad
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: a2b2aa2b-d8a0-4640-b912-e03735bab40b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 03:42:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1040

Start Time: 01d6cfcbc98fecd6

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: d3c98d65-7ee3-4537-ae5f-2fdcf5e4c792

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (12/11/2020 03:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: hhctrl.ocx_unloaded, verzia: 10.0.19041.1, časová značka: 0x52fb2e34
Kód výnimky: 0xc0000005
Odstup chyby: 0x000260b6
Identifikácia chybujúceho procesu: 0x2738
Čas spustenia chybujúcej aplikácie: 0x01d6cfcbc6d7958e
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: hhctrl.ocx
Identifikácia hlásenia: 7e4dd139-b34f-4a0a-a398-a51aa70afe7c
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/11/2020 03:42:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Názov chybujúceho modulu: SDUpdate.exe, verzia: 2.8.68.100, časová značka: 0x5ea5e0d1
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005c92
Identifikácia chybujúceho procesu: 0x2738
Čas spustenia chybujúcej aplikácie: 0x01d6cfcbc6d7958e
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Cesta chybujúceho modulu: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identifikácia hlásenia: 02b1393f-f052-41d1-af21-50e3260f471e
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:

=============
Error: (12/11/2020 06:34:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Malwarebytes Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 5000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (12/11/2020 06:27:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/11/2020 02:38:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/11/2020 02:37:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/11/2020 02:37:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Malwarebytes Service sa po prijatí ovládacieho príkazu pred vypnutím nevypla správne.

Error: (12/11/2020 02:35:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/11/2020 02:32:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/11/2020 01:29:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Windows Defender:

===================================
Date: 2020-12-05 11:44:49.7060000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B1FDF589-CDB4-48DF-83E9-9D491393ADFF}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-12-05 10:52:27.5030000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {FA854BC1-7062-41A8-87B9-8ABFEE01EA41}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-05 09:58:33.0000000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {420A63E9-F2EF-495F-8FB7-CF752E5E9F00}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-05 09:31:05.6210000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A7B69498-BB8E-4DAC-A595-BD2AAC313988}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-12-05 10:43:32.3730000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2100.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2020-12-05 09:31:13.3890000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2100.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2020-12-11 18:34:29.6440000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 18:34:04.6990000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 18:28:56.5040000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 15:38:59.6290000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 15:33:54.2610000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 15:28:48.8340000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 15:23:43.4520000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-11 15:18:38.7400000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.06 03/22/2018
Motherboard: Acer Aspire ES1-571
Processor: Intel(R) Pentium(R) 3558U @ 1.70GHz
Percentage of memory in use: 82%
Total physical RAM: 4017.32 MB
Available physical RAM: 688.54 MB
Total Virtual: 5937.32 MB
Available Virtual: 2388.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.63 GB) (Free:88.76 GB) NTFS

\\?\Volume{a52c0894-91cb-4557-ab5c-2dbd276de55a}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{41d708c1-6254-4717-9dc4-4479c039f8ac}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 02C30305)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3 KB · Views: 10

Pomlcka

Posts: 17   +0
Thank you,

here is fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020
Ran by pomlc (11-12-2020 19:07:48) Run:1
Running from C:\Users\pomlc\Desktop
Loaded Profiles: pomlc
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
S4 Browser; %SystemRoot%\System32\browser.dll [X]
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ () C:\Users\pomlc\AppData\Local\resmon.resmoncfg

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WorkFolders" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\WorkFolders" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01DF0815-250E-4BEF-A399-C43432F6D46B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000018 => removed successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
C:\Users\pomlc\AppData\Local\resmon.resmoncfg => moved successfully

==== End of Fixlog 19:07:48 ====
 

Broni

Posts: 55,721   +501
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

Pomlcka

Posts: 17   +0
Hi,

what are next steps?
I still can't run AdwCleaner : I double click/ run as admin -> I allow it in UAC -> nothing

Vpn settings still won't open. Once I managed to open it (don't know how)and it crashed immediately

Eset still blocking communication :
-NT Kernel & System ICMPv6, NetBios - out
- Svchost UDP port 67,68 and something on 1900 -in
- if I connect another device ( Android phone for example) to wifi, it immediately tries to communicate with pc via UDP or UPnP - this seems to not doing today
-localhost.localdomain 127.0.0.1
-and many others like ff02::1 and so on

Eset gives me messages 1 - 5 minutes afer start ,that the key:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start
and
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceAssociationService\Start
has changed.

If I check services after windows starts, their parameters are:
BITS - status: not running - startup type: Manual
Device Association Service - status: running - startup type: Manual(Trigger Start)

I saw that bitlocker was running in task manager, so I checked services and its parameters was:
Bitlocker - status: running - startup type: Manual(Trigger Start)

I don't now if these are normal Windows behavior or some sign of infection, so I am updating pc status.
Thanks
 
Last edited:

Broni

Posts: 55,721   +501
In this forum I'm only checking if your computer is clean.
So far, I didn't see much.
For now, please follow my previous reply.
If things checks out and you're still having same issues you'll have to create new topic in Windows forum.
 

Pomlcka

Posts: 17   +0
I am sorry, I started typing post before your reply so I did not see it.
I had problem - I can not start Temp File Cleaner (TFC) -exatly same as AdwCleaner. I tried boot to safe mode with networking and download them from there , but it was not working. If I try to start them in safe mode I get Application error: The application was unable to start correctly (0xc0000005)

sophos found nothing, so Details were greyed out.

Here are other logs:
Securiy check:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Spybot - Search and Destroy
ESET Security
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
ESET ESET Security eguiproxy.exe
ESET ESET Security eOPPFrame.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FSS:

Farbar Service Scanner Version: 09-11-2020
Ran by pomlc (administrator) on 12-12-2020 at 12:22:00
Running from "C:\Users\pomlc\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Pomlcka

Posts: 17   +0
I made FSS scan offline and here is FSS scan, when I was online:

Farbar Service Scanner Version: 09-11-2020
Ran by pomlc (administrator) on 12-12-2020 at 14:32:48
Running from "C:\Users\pomlc\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Posts: 55,721   +501
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

Pomlcka

Posts: 17   +0
Can you help me with my question from before? : I still can't run AdwCleaner and TFC - we did not use them at all..
I'm afraid my computer is not clean when I am not able to run applications you suggested before.


I can't follow your tip 6:

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).
 

Broni

Posts: 55,721   +501
There is nothing malicious there.
In fact, there wasn't much to start with.
I suggest new topic in Windows forum.
Good luck :)
 

Pomlcka

Posts: 17   +0
Sorry for delayed replay.
Thank you for your time and analysis.
Can you help me once more?:
1, I know that pc looks clean from ordinary frst logs, but I noticed (trough netstat command) that my pc is is connecting to IPs often marked as malicious or suspicious.
for example:
proccess svchost with different PIDS and proccess system always PID 4 are sometimes connecting to ip 46.228.223.177 , which is in red hat database here:
https://blackhat.directory/ip/46.228.223.177 and other databases

and is marked by user as AgentTeslav2 - RAT( remote access trojan) which is using .NET and dll hijacking( that I mentioned in first post)

2, Strange for me is that my eset is not controlling too many files (maybe 50-100) with message can not open[4]
3, it looks semething is not ok with nsft, where win resides. When I use live cd (kaspersky, ubuntu, or others ) it can not access it, only read only mode

Have your analysis contained this type of threats? or Have you some suggestions if we can check something more in my pc for such detection ? ( if there is something wrong ofc)

thank you
 

Pomlcka

Posts: 17   +0
1. status in netstat was established.ň
Here is log from netstat -banoqf : It is log from second pc in my home because it did not know how to save first one, but now there are other IPs from that server +
More connections are weird for me like 127.0.0.1 ( I did not set any local server )


Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1312
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:1462 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 4220
CDPSvc
[svchost.exe]
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 10500
Can not obtain ownership information
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 928
[lsass.exe]
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 988
Can not obtain ownership information
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1708
EventLog
[svchost.exe]
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1612
Schedule
[svchost.exe]
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3240
[spoolsv.exe]
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING 900
Can not obtain ownership information
TCP 127.0.0.1:14622 0.0.0.0:0 LISTENING 8368
[VoiceControlEngine.exe]
TCP 127.0.0.1:32682 0.0.0.0:0 LISTENING 6624
[MSI.CentralServer.exe]
TCP 127.0.0.1:49833 0.0.0.0:0 LISTENING 3740
[AdskLicensingService.exe]
TCP 192.168.0.100:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.0.100:49691 52.242.211.89:443 ESTABLISHED 3784
WpnService
[svchost.exe]
TCP 192.168.0.100:49824 142.250.27.188:5228 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50193 152.199.19.161:443 CLOSE_WAIT 7504
[SearchApp.exe]
TCP 192.168.0.100:50371 151.101.130.217:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50465 74.125.34.46:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50502 172.217.23.226:443 TIME_WAIT 0
TCP 192.168.0.100:50504 216.58.201.110:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50507 104.16.155.36:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50508 104.18.226.52:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50509 104.16.155.36:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50510 65.9.96.31:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50511 65.9.96.31:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50512 91.228.74.226:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50515 104.26.9.50:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50516 104.26.9.50:443 TIME_WAIT 0
TCP 192.168.0.100:50517 65.9.95.127:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50524 8.43.72.32:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50525 8.43.72.32:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50526 8.43.72.32:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50527 8.43.72.32:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50528 8.43.72.32:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50532 3.127.95.92:443 TIME_WAIT 0
TCP 192.168.0.100:50533 3.127.95.92:443 TIME_WAIT 0
TCP 192.168.0.100:50535 3.127.95.92:443 TIME_WAIT 0
TCP 192.168.0.100:50536 3.127.95.92:443 TIME_WAIT 0
TCP 192.168.0.100:50538 8.43.72.32:443 TIME_WAIT 0
TCP 192.168.0.100:50539 52.58.26.10:443 TIME_WAIT 0
TCP 192.168.0.100:50540 69.175.98.94:443 TIME_WAIT 0
TCP 192.168.0.100:50541 104.36.115.111:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50542 18.193.182.58:443 CLOSE_WAIT 6416
[System]
TCP 192.168.0.100:50543 35.190.80.1:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50544 104.103.79.189:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50546 104.26.2.70:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50547 130.211.23.194:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50548 216.58.201.65:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50549 216.58.201.98:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50550 216.58.201.65:443 TIME_WAIT 0
TCP 192.168.0.100:50551 216.58.201.98:443 TIME_WAIT 0
TCP 192.168.0.100:50552 35.226.36.58:443 CLOSE_WAIT 6416
[System]
TCP 192.168.0.100:50553 35.226.36.58:443 CLOSE_WAIT 6416
[System]
TCP 192.168.0.100:50554 104.18.226.52:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50555 91.228.74.133:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50556 91.228.74.133:443 TIME_WAIT 0
TCP 192.168.0.100:50557 23.111.11.83:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50558 65.9.96.9:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50559 23.111.11.71:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50560 104.26.4.215:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50561 104.26.4.215:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50567 104.26.0.139:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50568 104.26.0.139:443 TIME_WAIT 0
TCP 192.168.0.100:50572 151.101.193.108:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50573 151.101.193.108:443 TIME_WAIT 0
TCP 192.168.0.100:50575 92.123.37.143:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50576 104.36.115.113:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50577 92.123.37.143:443 TIME_WAIT 0
TCP 192.168.0.100:50578 92.123.37.20:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50580 92.123.37.20:443 TIME_WAIT 0
TCP 192.168.0.100:50581 68.67.181.211:443 TIME_WAIT 0
TCP 192.168.0.100:50582 104.36.115.113:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50583 172.217.23.225:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50584 172.217.23.225:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50585 93.184.220.29:80 TIME_WAIT 0
TCP 192.168.0.100:50586 92.123.37.143:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50588 92.123.38.14:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50590 18.195.78.141:443 CLOSE_WAIT 6416
[System]
TCP 192.168.0.100:50591 34.98.67.61:443 ESTABLISHED 6416
[System]
TCP 192.168.0.100:50592 46.228.223.169:80 ESTABLISHED 3616
CryptSvc
[svchost.exe]
TCP 192.168.0.100:50593 46.228.223.178:80 ESTABLISHED 3616
CryptSvc
[svchost.exe]
TCP [::]:135 [::]:0 LISTENING 1312
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:1462 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:7680 [::]:0 LISTENING 10500
Can not obtain ownership information
TCP [::]:49664 [::]:0 LISTENING 928
[lsass.exe]
TCP [::]:49665 [::]:0 LISTENING 988
Can not obtain ownership information
TCP [::]:49666 [::]:0 LISTENING 1708
EventLog
[svchost.exe]
TCP [::]:49667 [::]:0 LISTENING 1612
Schedule
[svchost.exe]
TCP [::]:49668 [::]:0 LISTENING 3240
[spoolsv.exe]
TCP [::]:49671 [::]:0 LISTENING 900
Can not obtain ownership information
UDP 0.0.0.0:500 *:* 3640
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3702 *:* 4180
[dashost.exe]
UDP 0.0.0.0:3702 *:* 4180
[dashost.exe]
UDP 0.0.0.0:4500 *:* 3640
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5050 *:* 4220
CDPSvc
[svchost.exe]
UDP 0.0.0.0:5353 *:* 1988
[System]
UDP 0.0.0.0:5353 *:* 2792
Dnscache
[svchost.exe]
UDP 0.0.0.0:5355 *:* 2792
Dnscache
[svchost.exe]
UDP 0.0.0.0:49670 *:* 3240
[spoolsv.exe]
UDP 0.0.0.0:59766 *:* 4180
[dashost.exe]
UDP 0.0.0.0:59959 *:* 1976
Can not obtain ownership information
UDP 0.0.0.0:59960 *:* 1976
Can not obtain ownership information
UDP 0.0.0.0:60246 *:* 1976
Can not obtain ownership information
UDP 127.0.0.1:1900 *:* 7404
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:14621 *:* 3848
[LightKeeperService.exe]
UDP 127.0.0.1:49664 *:* 4368
iphlpsvc
[svchost.exe]
UDP 127.0.0.1:49681 *:* 7404
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:49682 *:* 1976
Can not obtain ownership information
UDP 192.168.0.100:137 *:* 4
Can not obtain ownership information
UDP 192.168.0.100:138 *:* 4
Can not obtain ownership information
UDP 192.168.0.100:1900 *:* 7404
SSDPSRV
[svchost.exe]
UDP 192.168.0.100:49680 *:* 7404
SSDPSRV
[svchost.exe]
UDP [::]:500 *:* 3640
IKEEXT
[svchost.exe]
UDP [::]:3702 *:* 4180
[dashost.exe]
UDP [::]:3702 *:* 4180
[dashost.exe]
UDP [::]:4500 *:* 3640
IKEEXT
[svchost.exe]
UDP [::]:59767 *:* 4180
[dashost.exe]
UDP [::1]:1900 *:* 7404
SSDPSRV
[svchost.exe]
UDP [::1]:49679 *:* 7404
SSDPSRV
[svchost.exe]

2. thank you

3. I am sorry , NTFS, not sfts ( typo ) - I shutdown pc and tried boot Kaspersky Rescue disk, G-Data Rescue Disk and Ubuntu Live CD and everytime antiruses gives me message, that windows was not shut down correctly or is in hybernation and they cannot detect threats because hdd is in read-only mode. I had forbidden hibernation.
 

Pomlcka

Posts: 17   +0
1. thank you, I am not good in networks, so I can not figure if trafffic is normal, but
suspiciou for me was maily this two :
TCP 192.168.0.100:50592 46.228.223.169:80 ESTABLISHED 3616
CryptSvc
[svchost.exe]
TCP 192.168.0.100:50593 46.228.223.178:80 ESTABLISHED 3616
CryptSvc
[svchost.exe]
considered it is same hosting as 46.228.223.177, which was established earlier.

I know, that 127.0.0.1 is localhost, but I was wondering, why it is always listening on ports TCP and is listed on UDP , I thought it is used as local server for services and I was not starting any locelservers myself.

3. thank you, I forgot about that fast startup do some form of half-hybernation.
I disable fast startup and tried it with Kaspersky rescue disk and it was in normal mode ( not read only).