Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
wanny1
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 20 dub 2008 13:26

Prosím o kontrolu logu

#1 Příspěvek od wanny1 »

Dobry den prajem,
prosim Vas o kontrolu logu.
Dakujem velmi pekne.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Seka (administrator) on SEKA-THINK (LENOVO 1143K4G) (29-04-2021 16:50:57)
Running from C:\Users\Seka\Desktop
Loaded Profiles: Seka
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.7-0\NisSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics Incorporated -> Synaptics)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\Run: [CiscoMeetingDaemon] => C:\Users\Seka\AppData\Local\WebEx\ciscowebexstart.exe [2499272 2021-02-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Seka\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Seka\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\RunOnce: [Uninstall 21.052.0314.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Seka\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\amd64"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\RunOnce: [Uninstall 21.052.0314.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Seka\AppData\Local\Microsoft\OneDrive\21.052.0314.0001"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D1886C8-5A6A-4C93-8D67-9C7AA0DEC3E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {277A4E06-A49B-4F4D-A231-FA32E1350F2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\MpCmdRun.exe [591160 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {330BFDC9-5F56-441D-B4DB-741B183D8DB1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255600 2021-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {33987CDF-1476-489A-8FD0-BA3CB3818258} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141192 2021-04-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {41CCEE0E-636F-4888-8A27-CB1E480230E3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141192 2021-04-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F555DD1-E636-462E-AE29-1AE48D32E119} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62152 2020-12-20] (Lenovo -> )
Task: {559C3DA0-CDF0-48F0-95E7-99300807DB41} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248800 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {62FD9FFF-8131-4D99-9405-6AA1186CFAC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\MpCmdRun.exe [591160 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6743A247-04FC-4C54-BF85-99CEBA396CEC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\MpCmdRun.exe [591160 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C970BB0-10D7-412A-BCCD-D9A1ABA1A0DD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248800 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D4EEB10-63A2-49E2-8277-F093826A59D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {9F110929-73EB-404E-B431-462A119964F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {BD570226-CBEE-4E0A-8AFB-5C9CAB440FD6} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
Task: {E7526F4E-0D9D-49AC-921D-9E262BE4B417} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\MpCmdRun.exe [591160 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8B80502-504C-4A26-8AF1-28799DF1BDE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255600 2021-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED88D3A8-4A62-4C12-A209-048A682CEABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {F27D8AC2-4359-420C-9F2B-2B158909C9EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F8E2F781-AB39-488F-A777-6DFDC5F0ABDE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{f06c9e1d-6c66-4450-b99f-3ac97e98c758}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-29]
Edge Extension: (TotalСashback — кэшбэк-сервис) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eofogjfkadmolbbmnlbohhbkhbodcjjm [2021-02-12]
Edge Extension: (Word) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-02-09]
Edge Extension: (Excel) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-02-09]
Edge Extension: (PowerPoint) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-02-09]
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default [2021-04-29]
CHR Extension: (Prezentácie) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-09]
CHR Extension: (Dokumenty) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-09]
CHR Extension: (Disk Google) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-09]
CHR Extension: (YouTube) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-09]
CHR Extension: (Tabuľky) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-09]
CHR Extension: (Gmail) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-19]
CHR Profile: C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-04-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\NisSrv.exe [2599296 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\MsMpEng.exe [128376 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U877; C:\WINDOWS\system32\DRIVERS\5U877.sys [166016 2011-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [43720 2020-11-06] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
S3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [25496 2011-06-22] (Wireless Display -> Intel Corporation)
R2 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [101888 2011-05-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-11-11] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421096 2021-04-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73976 2021-04-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-29 16:50 - 2021-04-29 16:52 - 000017093 _____ C:\Users\Seka\Desktop\FRST.txt
2021-04-29 16:50 - 2021-04-29 16:51 - 000000000 ____D C:\FRST
2021-04-29 16:48 - 2021-04-29 16:48 - 002298368 _____ (Farbar) C:\Users\Seka\Desktop\FRST64.exe
2021-04-29 16:47 - 2021-04-29 16:48 - 002298368 _____ (Farbar) C:\Users\Seka\Downloads\FRST64.exe
2021-04-29 16:09 - 2021-04-29 16:10 - 000000000 ____D C:\Users\Seka\Documents\Scitanie obyvatelstva 2021
2021-04-27 17:27 - 2021-04-27 17:27 - 000244294 _____ C:\Users\Seka\Documents\11_Dodatok_2021 k OP_1_máj_2021.zip
2021-04-27 17:25 - 2021-04-27 17:25 - 001797550 _____ C:\Users\Seka\Downloads\ZZ_2017_55_20210301.pdf
2021-04-25 09:48 - 2021-04-25 09:48 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-04-25 09:48 - 2021-04-25 09:48 - 000001827 _____ C:\ProgramData\Desktop\iTunes.lnk
2021-04-25 09:48 - 2021-04-25 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-04-25 09:47 - 2021-04-25 09:48 - 000000000 ____D C:\Program Files\iTunes
2021-04-22 17:49 - 2021-04-22 17:49 - 000003456 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-22 17:49 - 2021-04-22 17:49 - 000003332 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 18:21 - 2021-04-20 18:21 - 000099840 _____ C:\Users\Seka\Downloads\Pracovny_vykaz marec 2021 (1).xls
2021-04-20 09:12 - 2021-04-20 09:12 - 000099840 _____ C:\Users\Seka\Downloads\Pracovny_vykaz marec 2021.xls
2021-04-18 15:39 - 2021-04-18 15:39 - 002320006 _____ C:\Users\Seka\Downloads\Gemerské Zvesti č. 9-2010.pdf
2021-04-16 15:00 - 2021-04-16 15:00 - 006606904 _____ C:\Users\Seka\Downloads\ČS z FKnM 03_2020_SO pre OPĽZ_OIP a príloha č.1.pdf
2021-04-14 16:50 - 2021-04-14 16:50 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-14 16:47 - 2021-04-14 16:47 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 16:47 - 2021-04-14 16:47 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 20:16 - 2021-04-13 20:16 - 000011635 _____ C:\Users\Seka\Downloads\Zoznam zc_Monitoring na projekt urovni.xlsx
2021-04-13 17:46 - 2021-04-13 17:46 - 001237720 _____ C:\Users\Seka\Downloads\15874 (1).zip
2021-03-30 16:44 - 2021-03-30 16:44 - 000099513 _____ C:\Users\Seka\Downloads\zsskCD (5).pdf
2021-03-30 16:41 - 2021-03-30 16:41 - 000096420 _____ C:\Users\Seka\Downloads\zsskCD (4).pdf
2021-03-30 16:39 - 2021-03-30 16:39 - 000096862 _____ C:\Users\Seka\Downloads\zsskCD (3).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-29 16:42 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-29 16:41 - 2021-02-09 20:03 - 000000000 ____D C:\Program Files\CCleaner
2021-04-29 16:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-29 16:11 - 2021-03-08 17:16 - 001148103 _____ C:\Users\Seka\Downloads\18889 (1).zip
2021-04-29 16:08 - 2021-02-12 20:47 - 000000000 ____D C:\Users\Seka\Documents\Súbory programu Outlook
2021-04-29 16:01 - 2021-02-05 18:55 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4046335105-2706149465-2342894865-1000
2021-04-29 16:01 - 2021-02-05 18:22 - 000002363 _____ C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-29 16:01 - 2016-08-04 17:49 - 000000000 ___RD C:\Users\Seka\OneDrive
2021-04-29 15:58 - 2021-02-05 18:30 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-29 15:52 - 2021-02-05 18:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-29 15:50 - 2021-01-29 23:27 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-29 15:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-29 15:49 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-29 15:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-29 15:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-28 19:48 - 2021-02-05 18:48 - 000000000 ____D C:\Users\Seka\AppData\Local\Packages
2021-04-28 19:12 - 2021-02-05 18:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-28 16:21 - 2021-02-05 18:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-28 16:19 - 2021-02-09 19:36 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-28 16:19 - 2021-02-09 19:36 - 000002293 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-28 16:19 - 2021-02-09 19:36 - 000002293 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-27 15:49 - 2021-02-09 19:49 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-27 15:49 - 2021-02-09 19:49 - 000002229 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-27 15:49 - 2021-02-09 19:49 - 000002229 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-26 17:27 - 2021-02-12 22:21 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-26 17:18 - 2021-02-09 19:35 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 17:18 - 2021-02-09 19:35 - 000003452 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-23 14:27 - 2021-02-05 00:06 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-22 17:19 - 2021-02-05 21:42 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-14 19:50 - 2021-02-05 18:06 - 000438936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 19:45 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 19:45 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-14 19:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-14 19:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-14 19:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 17:03 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 16:46 - 2021-02-05 18:11 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 15:48 - 2021-02-05 21:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 15:40 - 2021-02-05 21:38 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Seka (29-04-2021 16:55:51)
Running from C:\Users\Seka\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-02-05 16:42:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4046335105-2706149465-2342894865-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4046335105-2706149465-2342894865-503 - Limited - Disabled)
Guest (S-1-5-21-4046335105-2706149465-2342894865-501 - Limited - Disabled)
Seka (S-1-5-21-4046335105-2706149465-2342894865-1000 - Administrator - Enabled) => C:\Users\Seka
WDAGUtilityAccount (S-1-5-21-4046335105-2706149465-2342894865-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Disabled - Out of date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\ActiveTouchMeetingClient) (Version: 41.2.4 - Cisco Webex LLC)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Excel (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
iTunes (HKLM\...\{A284F6B0-4515-490E-97ED-1D5D1A03FD9D}) (Version: 12.11.3.17 - Apple Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.49 - Microsoft Corporation)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProPlusRetail - sk-sk) (Version: 16.0.13901.20462 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20462 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20462 - Microsoft Corporation) Hidden
PowerPoint (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
WinRAR 6.00 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Word (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-13] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2015-11-04 17:40 - 2015-11-04 17:40 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-10] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\Control Panel\Desktop\\Wallpaper -> c:\users\seka\pictures\black-hole-space-4k.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SynLenovoHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\StartupApproved\Run: => "CiscoMeetingDaemon"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6765EB1E-74DF-4E8B-86D1-2E6ECE106E8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12102B25-2467-499E-963D-976739FBF789}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7FC152BE-DAE9-45B6-A9D3-B9B1C6C0D1A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20589F5B-F5A0-4177-9D25-B55E3CFEE62D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE50319F-CAB1-44D8-A462-CF0D7C3E1FDD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F4D7D38-54F1-442A-A2F0-15CEE432B227}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B7C58CF-D505-4139-9BC4-BE8EADC827CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEC12BE6-D5F2-4466-8904-88AC70CB3B60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3DB89A9-39C9-4286-AB5C-A964D4AC9C5B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12D7086C-D9B3-45DE-BA28-C2B790C14626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3057174D-053F-4520-B660-CB93637B709F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6357C40B-1C09-4355-9680-837CE75EF6C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BAF89BCD-6CE6-45D7-8B4E-A25B95C37117}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{787D3C1D-E7EE-41E1-A77D-90D1D874F9C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC26F8C1-FEDD-468C-8305-A9EEDAE00BC4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (04/29/2021 04:42:17 PM) (Source: DCOM) (EventID: 10000) (User: SEKA-THINK)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/29/2021 04:35:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/29/2021 04:35:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/29/2021 04:35:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (04/29/2021 04:35:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (04/29/2021 04:35:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bonjour Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (04/29/2021 04:35:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (04/29/2021 03:52:10 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Windows Defender:
================
Date: 2021-04-28 16:32:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-27 16:01:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-12 15:12:53
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: App:Utorrent
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\Seka\Downloads\uTorrent (1).exe; file:_C:\Users\Seka\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-12 15:12:40
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: App:Utorrent
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\Seka\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-12 12:03:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: App:Utorrent
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\Seka\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.331.815.0, AS: 1.331.815.0, NIS: 1.331.815.0
Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-07 10:58:05
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.331.374.0;1.331.374.0
Engine version: 1.1.17800.5

Date: 2021-02-07 10:58:02
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.331.384.0;1.331.384.0
Engine version: 1.1.17800.5

CodeIntegrity:
===============
Date: 2021-04-29 16:57:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-29 16:55:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO LENOVO - 125 03/01/2013
Motherboard: LENOVO 1143K4G
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 4007.23 MB
Available physical RAM: 1564.33 MB
Total Virtual: 5403.23 MB
Available Virtual: 2947.28 MB

==================== Drives ================================

Drive c: (Windows10_OS) (Fixed) (Total:447.85 GB) (Free:230.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.24 GB) NTFS

\\?\Volume{0751cdc4-7f48-11e1-b9a7-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.12 GB) NTFS
\\?\Volume{ccd2e061-0000-0000-0000-005470000000}\ () (Fixed) (Total:0.82 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CCD2E061)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=842 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

wanny1
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 20 dub 2008 13:26

Re: Prosím o kontrolu logu

#3 Příspěvek od wanny1 »

Dakujem, vkladam log.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-03-2021
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [03/05/2021 07:40:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#4 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Task: {4F555DD1-E636-462E-AE29-1AE48D32E119} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62152 2020-12-20] (Lenovo -> )
Task: {559C3DA0-CDF0-48F0-95E7-99300807DB41} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248800 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D4EEB10-63A2-49E2-8277-F093826A59D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {ED88D3A8-4A62-4C12-A209-048A682CEABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {F27D8AC2-4359-420C-9F2B-2B158909C9EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F8E2F781-AB39-488F-A777-6DFDC5F0ABDE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

wanny1
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 20 dub 2008 13:26

Re: Prosím o kontrolu logu

#5 Příspěvek od wanny1 »

Dobry vecer prajem,
hotovo, vkladam log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Seka (05-05-2021 21:26:24) Run:1
Running from C:\Users\Seka\Desktop
Loaded Profiles: Seka
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {4F555DD1-E636-462E-AE29-1AE48D32E119} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62152 2020-12-20] (Lenovo -> )
Task: {559C3DA0-CDF0-48F0-95E7-99300807DB41} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248800 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D4EEB10-63A2-49E2-8277-F093826A59D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {ED88D3A8-4A62-4C12-A209-048A682CEABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {F27D8AC2-4359-420C-9F2B-2B158909C9EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F8E2F781-AB39-488F-A777-6DFDC5F0ABDE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

EmptyTemp:

*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F555DD1-E636-462E-AE29-1AE48D32E119}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F555DD1-E636-462E-AE29-1AE48D32E119}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Power Manager\Uninstall task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Power Manager\Uninstall task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{559C3DA0-CDF0-48F0-95E7-99300807DB41}" => not found
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D4EEB10-63A2-49E2-8277-F093826A59D2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D4EEB10-63A2-49E2-8277-F093826A59D2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED88D3A8-4A62-4C12-A209-048A682CEABD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED88D3A8-4A62-4C12-A209-048A682CEABD}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F27D8AC2-4359-420C-9F2B-2B158909C9EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F27D8AC2-4359-420C-9F2B-2B158909C9EB}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8E2F781-AB39-488F-A777-6DFDC5F0ABDE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8E2F781-AB39-488F-A777-6DFDC5F0ABDE}" => removed successfully
C:\WINDOWS\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7482524 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2341224 B
Edge => 0 B
Chrome => 9947630 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Seka => 86449584 B

RecycleBin => 0 B
EmptyTemp: => 110.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:26:38 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#6 Příspěvek od Diallix »

Super, mozem poprosit nove logy FRST + ADDITION?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

wanny1
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 20 dub 2008 13:26

Re: Prosím o kontrolu logu

#7 Příspěvek od wanny1 »

Dakujem, novy log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Seka (administrator) on SEKA-THINK (LENOVO 1143K4G) (06-05-2021 13:53:30)
Running from C:\Users\Seka\Desktop
Loaded Profiles: Seka
Platform: Windows 10 Home Version 20H2 19042.964 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics Incorporated -> Synaptics)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [164808 2021-04-29] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\Run: [CiscoMeetingDaemon] => C:\Users\Seka\AppData\Local\WebEx\ciscowebexstart.exe [2499272 2021-02-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D1886C8-5A6A-4C93-8D67-9C7AA0DEC3E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {12FBB0E3-A89E-48E2-A1F5-82C611A4631D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {234BC3CB-2C03-40FC-9E82-9FC016987F69} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {62590772-5117-4903-A786-E553A1DB306A} - \Microsoft\Office\Office Automatic Updates 2.0 -> No File <==== ATTENTION
Task: {7B2FB934-E68F-427E-81B1-C2C9B5727CE4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABB82F0F-183E-40AD-868C-56CB3F271A17} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD570226-CBEE-4E0A-8AFB-5C9CAB440FD6} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
Task: {C66FC7DC-B1C4-4BB1-974D-0B72788B9874} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C89ABEB6-C6F8-412C-AF74-50435C8274B9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141144 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{f06c9e1d-6c66-4450-b99f-3ac97e98c758}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-06]
Edge Extension: (TotalСashback — кэшбэк-сервис) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eofogjfkadmolbbmnlbohhbkhbodcjjm [2021-02-12]
Edge Extension: (Word) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-02-09]
Edge Extension: (Excel) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-02-09]
Edge Extension: (PowerPoint) - C:\Users\Seka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-02-09]
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default [2021-05-06]
CHR Extension: (Prezentácie) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-09]
CHR Extension: (Dokumenty) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-09]
CHR Extension: (Disk Google) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-09]
CHR Extension: (YouTube) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-09]
CHR Extension: (Tabuľky) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-09]
CHR Extension: (Gmail) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-19]
CHR Profile: C:\Users\Seka\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2954416 2021-04-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2954416 2021-04-29] (ESET, spol. s r.o. -> ESET)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\NisSrv.exe [2599296 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.7-0\MsMpEng.exe [128376 2021-04-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U877; C:\WINDOWS\system32\DRIVERS\5U877.sys [166016 2011-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [169400 2021-04-29] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [112576 2021-04-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [192624 2021-04-29] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [43832 2021-04-29] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70160 2021-04-29] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107400 2021-04-29] (ESET, spol. s r.o. -> ESET)
S3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [25496 2011-06-22] (Wireless Display -> Intel Corporation)
R2 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [101888 2011-05-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-11-11] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421096 2021-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73976 2021-04-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-06 13:17 - 2021-05-06 13:17 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-06 13:16 - 2021-05-06 13:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-06 13:16 - 2021-05-06 13:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-06 13:16 - 2021-05-06 13:16 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-06 13:16 - 2021-05-06 13:16 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-06 13:16 - 2021-05-06 13:16 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-06 13:15 - 2021-05-06 13:15 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-06 13:15 - 2021-05-06 13:15 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-06 13:15 - 2021-05-06 13:15 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-06 13:15 - 2021-05-06 13:15 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-06 13:14 - 2021-05-06 13:14 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-06 13:14 - 2021-05-06 13:14 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-05 21:26 - 2021-05-05 21:26 - 000008221 _____ C:\Users\Seka\Desktop\Fixlog.txt
2021-05-03 08:05 - 2021-05-03 08:05 - 000053606 _____ C:\Users\Seka\Downloads\Priloha 21_Informácia o konaní vzdelávacích aktivít, EduPoint - 21-05 v01.xlsx
2021-05-03 08:01 - 2021-05-03 08:01 - 000022266 _____ C:\Users\Seka\Downloads\Pridelené projekty_Sekulová.xlsx
2021-05-03 07:41 - 2021-05-03 07:41 - 000001596 _____ C:\Users\Seka\Desktop\AdwCleaner[C00].txt
2021-05-03 07:35 - 2021-05-03 07:35 - 008534696 _____ (Malwarebytes) C:\Users\Seka\Downloads\adwcleaner_8.2.exe
2021-04-29 16:55 - 2021-04-29 16:57 - 000023001 _____ C:\Users\Seka\Desktop\Addition.txt
2021-04-29 16:50 - 2021-05-06 13:55 - 000014098 _____ C:\Users\Seka\Desktop\FRST.txt
2021-04-29 16:50 - 2021-05-06 13:54 - 000000000 ____D C:\FRST
2021-04-29 16:48 - 2021-04-29 16:48 - 002298368 _____ (Farbar) C:\Users\Seka\Desktop\FRST64.exe
2021-04-29 16:47 - 2021-04-29 16:48 - 002298368 _____ (Farbar) C:\Users\Seka\Downloads\FRST64.exe
2021-04-29 16:09 - 2021-04-29 16:10 - 000000000 ____D C:\Users\Seka\Documents\Scitanie obyvatelstva 2021
2021-04-27 17:27 - 2021-04-27 17:27 - 000244294 _____ C:\Users\Seka\Documents\11_Dodatok_2021 k OP_1_máj_2021.zip
2021-04-27 17:25 - 2021-04-27 17:25 - 001797550 _____ C:\Users\Seka\Downloads\ZZ_2017_55_20210301.pdf
2021-04-25 09:48 - 2021-04-25 09:48 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-04-25 09:48 - 2021-04-25 09:48 - 000001827 _____ C:\ProgramData\Desktop\iTunes.lnk
2021-04-25 09:48 - 2021-04-25 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-04-25 09:47 - 2021-04-25 09:48 - 000000000 ____D C:\Program Files\iTunes
2021-04-20 18:21 - 2021-04-20 18:21 - 000099840 _____ C:\Users\Seka\Downloads\Pracovny_vykaz marec 2021 (1).xls
2021-04-20 09:12 - 2021-04-20 09:12 - 000099840 _____ C:\Users\Seka\Downloads\Pracovny_vykaz marec 2021.xls
2021-04-18 15:39 - 2021-04-18 15:39 - 002320006 _____ C:\Users\Seka\Downloads\Gemerské Zvesti č. 9-2010.pdf
2021-04-16 15:00 - 2021-04-16 15:00 - 006606904 _____ C:\Users\Seka\Downloads\ČS z FKnM 03_2020_SO pre OPĽZ_OIP a príloha č.1.pdf
2021-04-14 16:47 - 2021-04-14 16:47 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 20:16 - 2021-04-13 20:16 - 000011635 _____ C:\Users\Seka\Downloads\Zoznam zc_Monitoring na projekt urovni.xlsx
2021-04-13 17:46 - 2021-04-13 17:46 - 001237720 _____ C:\Users\Seka\Downloads\15874 (1).zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-06 13:52 - 2021-02-05 18:30 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-06 13:52 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-06 13:51 - 2021-02-09 20:03 - 000000000 ____D C:\Program Files\CCleaner
2021-05-06 13:50 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-06 13:48 - 2021-02-05 18:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-06 13:46 - 2021-01-29 23:27 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-06 13:46 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-06 13:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-06 13:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-06 13:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-06 13:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-06 13:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-06 13:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-06 13:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-06 13:31 - 2019-12-07 16:37 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-06 13:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-06 13:29 - 2021-02-05 18:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-06 13:25 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-06 13:24 - 2019-12-07 16:39 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-06 12:33 - 2012-05-02 15:31 - 000000000 ____D C:\Users\Seka\Documents\zaloha ccleaner
2021-05-06 12:31 - 2021-02-12 20:47 - 000000000 ____D C:\Users\Seka\Documents\Súbory programu Outlook
2021-05-05 21:26 - 2021-03-09 16:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-05-04 20:58 - 2021-02-05 18:48 - 000000000 ____D C:\Users\Seka\AppData\Local\Packages
2021-05-04 08:21 - 2021-02-12 22:21 - 000000000 ____D C:\Program Files\Microsoft Office
2021-05-03 07:39 - 2021-02-09 20:03 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-05-01 14:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-01 13:24 - 2021-02-09 19:36 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-01 13:24 - 2021-02-09 19:36 - 000002294 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-01 13:24 - 2021-02-09 19:36 - 000002294 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-29 17:19 - 2020-10-26 10:28 - 000192624 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-04-29 17:19 - 2020-10-26 10:28 - 000169400 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-04-29 17:19 - 2020-10-26 10:28 - 000112576 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2021-04-29 17:19 - 2020-10-26 10:28 - 000107400 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-04-29 17:19 - 2020-10-26 10:28 - 000070160 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2021-04-29 17:19 - 2020-09-05 14:21 - 000043832 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2021-04-29 16:11 - 2021-03-08 17:16 - 001148103 _____ C:\Users\Seka\Downloads\18889 (1).zip
2021-04-29 16:01 - 2021-02-05 18:55 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4046335105-2706149465-2342894865-1000
2021-04-29 16:01 - 2021-02-05 18:22 - 000002363 _____ C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-29 16:01 - 2016-08-04 17:49 - 000000000 ___RD C:\Users\Seka\OneDrive
2021-04-29 15:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-28 16:21 - 2021-02-05 18:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-27 15:49 - 2021-02-09 19:49 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-27 15:49 - 2021-02-09 19:49 - 000002229 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-27 15:49 - 2021-02-09 19:49 - 000002229 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-26 17:18 - 2021-02-09 19:35 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 17:18 - 2021-02-09 19:35 - 000003452 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-23 14:27 - 2021-02-05 00:06 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-22 17:19 - 2021-02-05 21:42 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-14 19:50 - 2021-02-05 18:06 - 000438936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 19:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 19:45 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 16:46 - 2021-02-05 18:11 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 15:48 - 2021-02-05 21:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 15:40 - 2021-02-05 21:38 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Seka (06-05-2021 13:58:27)
Running from C:\Users\Seka\Desktop
Windows 10 Home Version 20H2 19042.964 (X64) (2021-02-05 16:42:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4046335105-2706149465-2342894865-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4046335105-2706149465-2342894865-503 - Limited - Disabled)
Guest (S-1-5-21-4046335105-2706149465-2342894865-501 - Limited - Disabled)
Seka (S-1-5-21-4046335105-2706149465-2342894865-1000 - Administrator - Enabled) => C:\Users\Seka
WDAGUtilityAccount (S-1-5-21-4046335105-2706149465-2342894865-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\ActiveTouchMeetingClient) (Version: 41.2.4 - Cisco Webex LLC)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.1.19.0 - ESET, spol. s r.o.)
Excel (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
iTunes (HKLM\...\{A284F6B0-4515-490E-97ED-1D5D1A03FD9D}) (Version: 12.11.3.17 - Apple Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProPlusRetail - sk-sk) (Version: 16.0.13929.20296 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
PowerPoint (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
WinRAR 6.00 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Word (HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-04-30] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-04-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-04-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-04-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Seka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\Control Panel\Desktop\\Wallpaper -> c:\users\seka\pictures\black-hole-space-4k.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SynLenovoHelper"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4046335105-2706149465-2342894865-1000\...\StartupApproved\Run: => "CiscoMeetingDaemon"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6765EB1E-74DF-4E8B-86D1-2E6ECE106E8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12102B25-2467-499E-963D-976739FBF789}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7FC152BE-DAE9-45B6-A9D3-B9B1C6C0D1A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20589F5B-F5A0-4177-9D25-B55E3CFEE62D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F4D7D38-54F1-442A-A2F0-15CEE432B227}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEC12BE6-D5F2-4466-8904-88AC70CB3B60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12D7086C-D9B3-45DE-BA28-C2B790C14626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3057174D-053F-4520-B660-CB93637B709F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6357C40B-1C09-4355-9680-837CE75EF6C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BAF89BCD-6CE6-45D7-8B4E-A25B95C37117}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{787D3C1D-E7EE-41E1-A77D-90D1D874F9C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC26F8C1-FEDD-468C-8305-A9EEDAE00BC4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6C7D3A88-EF9A-4336-9E8E-E7BF08B6285F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B576CF1E-C987-4CEF-902B-DA8B5CAD20C2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{351A02D4-1D25-45E5-B0BF-E9ED5442F20E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (05/06/2021 01:48:16 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/06/2021 01:46:52 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (05/06/2021 01:36:01 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/06/2021 01:34:31 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (05/06/2021 12:32:17 PM) (Source: DCOM) (EventID: 10000) (User: SEKA-THINK)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/05/2021 09:29:46 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/05/2021 09:28:22 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (05/05/2021 09:27:04 PM) (Source: DCOM) (EventID: 10010) (User: SEKA-THINK)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-04-28 16:32:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-27 16:01:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-12 15:12:53
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: App:Utorrent
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\Seka\Downloads\uTorrent (1).exe; file:_C:\Users\Seka\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-12 15:12:40
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: App:Utorrent
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\Seka\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-12 12:03:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: App:Utorrent
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: file:_C:\Users\Seka\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.331.815.0, AS: 1.331.815.0, NIS: 1.331.815.0
Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-07 10:58:05
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.331.374.0;1.331.374.0
Engine version: 1.1.17800.5

Date: 2021-02-07 10:58:02
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.331.384.0;1.331.384.0
Engine version: 1.1.17800.5

CodeIntegrity:
===============
Date: 2021-05-06 13:58:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-05-06 13:52:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO LENOVO - 125 03/01/2013
Motherboard: LENOVO 1143K4G
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 58%
Total physical RAM: 4007.23 MB
Available physical RAM: 1649.9 MB
Total Virtual: 5403.23 MB
Available Virtual: 3253.43 MB

==================== Drives ================================

Drive c: (Windows10_OS) (Fixed) (Total:447.85 GB) (Free:229.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.24 GB) NTFS

\\?\Volume{0751cdc4-7f48-11e1-b9a7-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.12 GB) NTFS
\\?\Volume{ccd2e061-0000-0000-0000-005470000000}\ () (Fixed) (Total:0.82 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CCD2E061)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=842 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#8 Příspěvek od Diallix »

Este urobime posledne docistenie:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics Incorporated -> Synaptics)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
Task: {62590772-5117-4903-A786-E553A1DB306A} - \Microsoft\Office\Office Automatic Updates 2.0 -> No File <==== ATTENTION
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SynLenovoHelper"

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

wanny1
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 20 dub 2008 13:26

Re: Prosím o kontrolu logu

#9 Příspěvek od wanny1 »

Reboot sa nekonal, log je bez neho. Je to chyba?

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-05-2021
Ran by Seka (09-05-2021 22:38:26) Run:2
Running from C:\Users\Seka\Desktop
Loaded Profiles: Seka
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics Incorporated -> Synaptics)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
Task: {62590772-5117-4903-A786-E553A1DB306A} - \Microsoft\Office\Office Automatic Updates 2.0 -> No File <==== ATTENTION
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SynLenovoHelper"
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SynLenovoHelper" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62590772-5117-4903-A786-E553A1DB306A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62590772-5117-4903-A786-E553A1DB306A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\iTunesHelper" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SynLenovoHelper" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SynLenovoHelper" => not found

==== End of Fixlog 22:38:26 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#10 Příspěvek od Diallix »

Ok, ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

wanny1
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 20 dub 2008 13:26

Re: Prosím o kontrolu logu

#11 Příspěvek od wanny1 »

Pozdravujem,

je to lepšie teraz určite, ale stále občasné mrznutie, to bol problém už dlhší čas. Má svoje roky ten notebook.
Riešila som to s Vaším kolegom - Rudy. Čistenie skončilo modrou smrťou, tak reinstal systému. Potom zlepšenie.
Ďakujem ešte raz za pomoc. :)

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#12 Příspěvek od Diallix »

V pohode, niekedy je reinstal nutny. :]]

Nemate zaco, aj na buduce :]]
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno