Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (06-03-2021 11:13:57)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use] C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe
(Globalhop Ltd TOO -> ) C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Kopci\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {16117B7C-4030-4E82-9117-4DECF78DF087} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-09-11] (CyberLink Corp. -> CyberLink Corp.)
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320416 2016-01-25] (LENOVO -> Lenovo)
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664 2015-06-12] (LENOVO -> Lenovo)
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3147DCBB-367A-4072-A60E-2700B28A663B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {323E7185-8140-49E6-BF96-12D2D1C9E6B5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\976f3d26-08d0-41db-8475-f5f80f952630 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {36C990C1-835F-4B1B-A7A5-6DB732E6040A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\499d4cd4-1c19-4950-a49f-868b188de0ad => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {36F6B47C-9573-4A05-9CBA-72A6818284C9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62368 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {420B6F54-9CBB-4760-BD62-FFC983F0F7E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {45513EBA-7E69-447D-802A-771AA4D26FD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {463AE302-4AA6-4022-A74C-5E154ACD9474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270304 2016-01-25] (LENOVO -> Lenovo)
Task: {47F4B97A-A9D7-4AA2-82B3-A27480FA0764} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {719363F1-497C-4B69-A1DD-EE77AE387B55} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-02-04] (Lenovo -> Lenovo Group Ltd.)
Task: {75A6033F-705F-47DE-AC73-B5CBD9F60D66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78BC33DC-61CF-4F7D-9564-7F2D394C0AD6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {8D4A2EFC-0E92-42CE-B805-0FCBE6813E81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B765D5C5-8B13-4A9D-9CE0-88B45DF4581F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {C34B4DE8-7A06-400A-8100-B95FF3F1FB5D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f0bdd6d6-e7c1-4e98-98b5-c5c67a97af6b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9773024 2016-01-25] (LENOVO -> Lenovo)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9773024 2016-01-25] (LENOVO -> Lenovo)
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664 2015-06-12] (LENOVO -> Lenovo)
Task: {F92DFA93-2D61-40F2-A32D-6215E2679044} - System32\Tasks\App Explorer => C:\Users\Kopci\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7949992 2020-09-04] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {FA36CD7B-5060-4CC6-B252-4258042D136E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\92e39d53-2498-428e-8188-9a796d7873a3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-06]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-06]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"FunnyKacele" => service was unlocked. <==== ATTENTION
"SAntivirusIC" => service was unlocked. <==== ATTENTION
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2016-01-25] (LENOVO -> Lenovo)
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6940672 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-27] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-06 11:13 - 2021-03-06 11:16 - 000021970 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-06 11:15 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-02-27 20:47 - 2021-02-28 13:30 - 000000000 ____D C:\Program Files\WebDiscoverBrowser
2021-02-27 20:47 - 2021-02-27 20:47 - 000000000 ____D C:\Users\Kopci\AppData\Local\WebDiscoverBrowser
2021-02-27 20:46 - 2021-02-27 20:47 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\IdleBuddy
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\Program Files (x86)\Digital Communications
2021-02-27 20:44 - 2021-03-03 00:52 - 000000000 ____D C:\Program Files (x86)\IBuddy
2021-02-27 20:44 - 2021-02-28 13:31 - 000000000 ____D C:\Program Files (x86)\FunnyKacele
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:26 - 2021-02-28 13:47 - 000002372 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-27 18:10 - 2021-02-27 18:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-04 23:11 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-13 12:34 - 2021-02-13 12:34 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-06 11:16 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 11:08 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-06 11:08 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-06 11:01 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-06 10:57 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-06 10:57 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-06 10:56 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-06 10:55 - 2020-05-03 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-06 10:55 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-06 10:55 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-06 10:54 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-06 10:45 - 2020-11-09 17:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-06 10:45 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-03-06 10:38 - 2016-12-25 09:30 - 000000000 ____D C:\Users\Kopci\AppData\Local\Host App Service
2021-03-06 10:37 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-05 20:13 - 2020-05-03 12:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-05 11:29 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:57 - 2020-05-03 12:17 - 000000000 ____D C:\Users\Kopci
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-03-01 18:32 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-01 08:52 - 2019-03-30 15:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Seznam.cz
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:47 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-28 13:47 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-28 13:47 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-28 13:47 - 2020-05-03 12:44 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-02-28 13:36 - 2020-05-03 12:09 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 20:48 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-26 15:10 - 2020-09-07 20:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-26 15:10 - 2020-09-07 20:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2020-03-12 20:53 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-02-23 18:24 - 2020-03-12 20:53 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-23 18:23 - 2020-03-12 20:52 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-21 11:19 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-19 10:10 - 2020-05-03 12:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-17 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-16 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-02-14 20:43 - 2020-05-03 21:34 - 000718198 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 20:43 - 2020-05-03 21:34 - 000145242 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 20:43 - 2020-05-03 12:29 - 001693858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 20:37 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-02-14 20:37 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 12:48 - 2019-03-19 07:20 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-13 12:48 - 2019-03-19 07:20 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-11 10:25 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-11 10:06 - 2016-12-25 20:49 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 16:23 - 2020-05-03 12:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-07 11:52 - 2016-12-25 21:09 - 000160860 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-02-07 11:52 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-02-05 20:30 - 2020-09-03 16:07 - 000916288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:30 - 2020-09-03 16:07 - 000437056 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (06-03-2021 11:19:35)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-05-03 11:46:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IBuddy (HKLM-x32\...\IBuddy) (Version: 2.1.0.3 - IdleTime Software)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Host App Service) (Version: 0.273.4.172 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Solution Center (HKLM\...\{E442BFFD-8406-4C6D-BE7E-0CF6E61EE363}) (Version: 3.2.004.00 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
SAntivirus Realtime Protection Lite (HKLM-x32\...\SAntivirus) (Version: 1.0.22.26 - Corp DCom) <==== ATTENTION
Seznam Software (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\SeznamInstall) (Version: 2.1.35 - Seznam.cz)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (LENOVO -> Lenovo)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (LENOVO -> Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-02-27 20:44 - 2021-01-13 09:57 - 014318734 _____ () [File not signed] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\sdk.dll
2021-02-27 20:44 - 2020-05-14 00:17 - 000112640 _____ (Countly) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Countly.dll
2021-02-27 20:44 - 2018-01-10 13:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\AsyncBridge.Net35.dll
2017-11-17 03:11 - 2017-11-17 03:11 - 000310784 _____ (GitHub Community) [File not signed] [File is in use] C:\Program Files (x86)\Digital Communications\SAntivirus\Microsoft.Win32.TaskScheduler.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-27 20:44 - 2018-03-24 17:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2020-12-24 22:13 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2021-02-27 20:44 - 2018-05-11 08:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\SharpRaven.dll
2020-06-19 19:39 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kopci\Downloads\LEGO Harry Potter: Years 5-7 Free...tmp [2111874]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> DefaultScope {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A813C5E-EE10-4A91-83D8-430CEA749392} URL =
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kopci\desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{BAD7F3E3-2403-4A50-977E-FA93F53FB288}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{F9406233-A495-4EDE-94E0-89EAC9EBD48A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19E59825-96D8-4938-A4C5-3CACF90B764E}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
==================== Restore Points =========================
18-02-2021 21:01:55 Naplánovaný kontrolní bod
27-02-2021 20:10:35 Installed LEGO® Harry Potter™: Years 5-7 DEMO
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/06/2021 11:19:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5288,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/06/2021 10:52:39 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (03/06/2021 10:48:25 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15116,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/05/2021 09:52:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14596,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/05/2021 09:42:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13400,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/05/2021 08:42:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15540,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/05/2021 08:35:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13548,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/05/2021 11:50:34 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13512,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (03/06/2021 11:01:08 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/06/2021 10:58:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/06/2021 10:41:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/06/2021 10:36:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/05/2021 08:27:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (03/05/2021 08:54:05 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/05/2021 08:49:35 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/04/2021 10:21:05 PM) (Source: Netwtw04) (EventID: 5005) (User: )
Description: Intel(R) Dual Band Wireless-AC 3165 : Byla zjištěna vnitřní chyba a došlo k selhání.
5005 - Driver internal error
Windows Defender:
================
Date: 2021-03-06 11:00:31.374
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2432.0, AS: 1.331.2432.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0
Date: 2021-03-05 09:42:23.860
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2277.0, AS: 1.331.2277.0, NIS: 1.331.2277.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-05 09:35:48.628
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {BF5B13B9-2A1C-468A-B211-7930C3004C03}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-04 18:38:32.009
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {7D59EA95-0D41-4D55-A70E-8ADBAAE96C19}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-03 00:52:27.377
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ymacco.AA2A
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files (x86)\IBuddy\IBuddyService.exe; process:_pid:4868,ProcessStart:132592020777907195; service:_IBuddyService
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\IBuddy\IBuddyService.exe
Verze bezpečnostních informací: AV: 1.331.2222.0, AS: 1.331.2222.0, NIS: 1.331.2222.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-24 12:23:38.516
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1570.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-02-11 10:06:34.238
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.612.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-31 16:26:57.918
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.3013.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-01-18 17:57:17.921
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-15 15:52:14.054
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2219.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x8024001e
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 87%
Total physical RAM: 3954.76 MB
Available physical RAM: 478.97 MB
Total Virtual: 8562.76 MB
Available Virtual: 3512.18 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:758.32 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu - viz log z FRST
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu - viz log z FRST
Dobry den.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! 
Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-07-2021
# Duration: 00:00:13
# OS: Windows 10 Home
# Cleaned: 14
# Awaiting reboot:1
# Failed: 4
***** [ Services ] *****
Deleted SAntivirusIC
Deleted SAntivirusSvc
***** [ Folders ] *****
Deleted C:\Users\Kopci\AppData\Roaming\santivirusclient
Needs Reboot C:\Program Files (x86)\Digital Communications
Not Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
Not Deleted C:\ProgramData\SAntivirus
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows\SAntivirus
Deleted HKLM\Software\SegOption
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\SAntivirus
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
Not Deleted HKLM\Software\SAntivirus
Not Deleted HKLM\Software\Wow6432Node\SAntivirus
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Program Files (x86)\Digital Communications
*************************
AdwCleaner[S00].txt - [10044 octets] - [07/03/2021 19:33:21]
AdwCleaner[C00].txt - [9958 octets] - [07/03/2021 19:40:57]
AdwCleaner[S01].txt - [3197 octets] - [07/03/2021 19:47:28]
AdwCleaner[S02].txt - [3258 octets] - [07/03/2021 19:48:20]
AdwCleaner[C02].txt - [3308 octets] - [07/03/2021 19:48:55]
AdwCleaner[S03].txt - [3380 octets] - [07/03/2021 19:53:29]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-07-2021
# Duration: 00:00:13
# OS: Windows 10 Home
# Cleaned: 14
# Awaiting reboot:1
# Failed: 4
***** [ Services ] *****
Deleted SAntivirusIC
Deleted SAntivirusSvc
***** [ Folders ] *****
Deleted C:\Users\Kopci\AppData\Roaming\santivirusclient
Needs Reboot C:\Program Files (x86)\Digital Communications
Not Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
Not Deleted C:\ProgramData\SAntivirus
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows\SAntivirus
Deleted HKLM\Software\SegOption
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\SAntivirus
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
Not Deleted HKLM\Software\SAntivirus
Not Deleted HKLM\Software\Wow6432Node\SAntivirus
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Program Files (x86)\Digital Communications
*************************
AdwCleaner[S00].txt - [10044 octets] - [07/03/2021 19:33:21]
AdwCleaner[C00].txt - [9958 octets] - [07/03/2021 19:40:57]
AdwCleaner[S01].txt - [3197 octets] - [07/03/2021 19:47:28]
AdwCleaner[S02].txt - [3258 octets] - [07/03/2021 19:48:20]
AdwCleaner[C02].txt - [3308 octets] - [07/03/2021 19:48:55]
AdwCleaner[S03].txt - [3380 octets] - [07/03/2021 19:53:29]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
Re: Prosím o kontrolu - viz log z FRST
Poprosim o nove logy FRST + ADDITION.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (08-03-2021 17:42:58)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use] C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe
(Globalhop Ltd TOO -> ) C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Microsoft Windows Third Party Application Component -> Adobe) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Failed to access process -> ZeroConfigService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Kopci\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {354BFF90-C248-468A-9891-96E843DE83C4} - \Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23 -> No File <==== ATTENTION
Task: {36F6B47C-9573-4A05-9CBA-72A6818284C9} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {420B6F54-9CBB-4760-BD62-FFC983F0F7E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {45513EBA-7E69-447D-802A-771AA4D26FD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {463AE302-4AA6-4022-A74C-5E154ACD9474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5DE002F3-B0EB-4E30-AC50-588271623551} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {719363F1-497C-4B69-A1DD-EE77AE387B55} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {940BEF6D-D1FB-413A-8830-86307ECA578D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3} - \Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69 -> No File <==== ATTENTION
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B24300D5-CBDD-4300-A95B-31ADA344D448} - \Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55 -> No File <==== ATTENTION
Task: {B765D5C5-8B13-4A9D-9CE0-88B45DF4581F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {BEC94A6B-C41E-40A5-80BF-E84B77B064EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9} - \Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f -> No File <==== ATTENTION
Task: {CEC493DC-1B6B-4FBF-8823-63237A273B37} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {F84D559D-6497-47FE-888E-79B9E0E6F52F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-08]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-08]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"FunnyKacele" => service was unlocked. <==== ATTENTION
"SAntivirusIC" => service was unlocked. <==== ATTENTION
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6940672 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CCSDK; "C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe" [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-27] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-08 02:30 - 2021-03-08 02:31 - 001415172 _____ C:\WINDOWS\Minidump\030821-40718-01.dmp
2021-03-07 19:56 - 2021-03-07 19:56 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-03-07 19:32 - 2021-03-07 19:39 - 000000000 ____D C:\AdwCleaner
2021-03-07 19:28 - 2021-03-07 19:28 - 008463216 _____ (Malwarebytes) C:\Users\Kopci\Desktop\adwcleaner_8.1.exe
2021-03-06 21:52 - 2021-03-06 21:57 - 001452572 _____ C:\WINDOWS\Minidump\030621-42156-01.dmp
2021-03-06 18:22 - 2021-03-08 02:30 - 824212867 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 18:22 - 2021-03-06 20:09 - 001436956 _____ C:\WINDOWS\Minidump\030621-35343-01.dmp
2021-03-06 11:19 - 2021-03-06 16:16 - 000041331 _____ C:\Users\Kopci\Desktop\Addition.txt
2021-03-06 11:13 - 2021-03-08 17:45 - 000021250 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-08 17:44 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\Program Files (x86)\Digital Communications
2021-02-27 20:44 - 2021-02-28 13:31 - 000000000 ____D C:\Program Files (x86)\FunnyKacele
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:26 - 2021-02-28 13:47 - 000002372 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-27 18:10 - 2021-02-27 18:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-04 23:11 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-13 12:34 - 2021-02-13 12:34 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-08 17:42 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-08 17:42 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-08 17:40 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-08 17:40 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-08 17:17 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-08 16:24 - 2020-05-03 12:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-08 14:33 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-08 08:46 - 2020-05-03 12:17 - 000000000 ____D C:\Users\Kopci
2021-03-08 08:46 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-08 02:32 - 2020-11-09 17:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-08 02:30 - 2020-05-03 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-08 02:30 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-07 21:35 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-07 19:54 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-07 19:40 - 2020-05-03 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-07 19:40 - 2020-03-12 20:53 - 000000000 ____D C:\WINDOWS\Lenovo
2021-03-07 19:40 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-07 19:40 - 2016-12-25 09:34 - 000000000 ____D C:\Users\Kopci\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-12-25 09:29 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-05-28 15:07 - 000000000 ____D C:\Program Files\Lenovo
2021-03-07 19:40 - 2016-05-28 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-03-07 19:39 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-07 11:13 - 2020-05-03 12:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-06 16:01 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 10:57 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-06 10:55 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-06 10:45 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-03-06 10:37 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:47 - 2020-05-03 12:44 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-02-28 13:36 - 2020-05-03 12:09 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 20:48 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-26 15:10 - 2020-09-07 20:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-26 15:10 - 2020-09-07 20:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2020-03-12 20:53 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-02-23 18:24 - 2020-03-12 20:53 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-23 18:23 - 2020-03-12 20:52 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-21 11:19 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-17 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-16 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-02-14 20:43 - 2020-05-03 21:34 - 000718198 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 20:43 - 2020-05-03 21:34 - 000145242 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 20:43 - 2020-05-03 12:29 - 001693858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 20:37 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-02-14 20:37 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 12:48 - 2019-03-19 07:20 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-13 12:48 - 2019-03-19 07:20 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-11 10:25 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-11 10:06 - 2016-12-25 20:49 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 16:23 - 2020-05-03 12:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-07 11:52 - 2016-12-25 21:09 - 000160860 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (08-03-2021 17:47:47)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-05-03 11:46:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-02-27 20:44 - 2021-01-13 09:57 - 014318734 _____ () [File not signed] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\sdk.dll
2021-02-27 20:44 - 2020-05-14 00:17 - 000112640 _____ (Countly) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Countly.dll
2021-02-27 20:44 - 2018-01-10 13:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\AsyncBridge.Net35.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-27 20:44 - 2018-03-24 17:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2021-02-27 20:44 - 2018-05-11 08:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\SharpRaven.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kopci\Downloads\LEGO Harry Potter: Years 5-7 Free...tmp [2111874]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> DefaultScope {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A813C5E-EE10-4A91-83D8-430CEA749392} URL =
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kopci\desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{BAD7F3E3-2403-4A50-977E-FA93F53FB288}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{F9406233-A495-4EDE-94E0-89EAC9EBD48A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19E59825-96D8-4938-A4C5-3CACF90B764E}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
==================== Restore Points =========================
18-02-2021 21:01:55 Naplánovaný kontrolní bod
27-02-2021 20:10:35 Installed LEGO® Harry Potter™: Years 5-7 DEMO
07-03-2021 19:35:00 AdwCleaner_BeforeCleaning_07/03/2021_19:34:50
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/08/2021 05:45:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3168,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 05:21:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11408,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 04:51:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8132,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 04:21:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12908,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 03:21:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12304,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 03:12:56 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12944,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 02:21:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2676,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 01:21:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9460,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (03/08/2021 09:16:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/08/2021 09:01:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 08:51:41 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/08/2021 08:47:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 08:47:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 08:47:02 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/08/2021 08:46:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 02:32:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Windows Defender:
================
Date: 2021-02-28 13:11:20.578
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:10.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:10.353
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:09.066
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WebDiscoverBrowser\4.28.2\browser.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:09.066
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-03-07 19:46:22.433
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 18:26:28.206
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 11:00:31.374
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2432.0, AS: 1.331.2432.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0
Date: 2021-03-05 09:42:23.860
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2277.0, AS: 1.331.2277.0, NIS: 1.331.2277.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-05 09:35:48.628
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {BF5B13B9-2A1C-468A-B211-7930C3004C03}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-07 19:40:35.469
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.2500.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240017
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-02-24 12:23:38.516
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1570.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-02-11 10:06:34.238
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.612.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-31 16:26:57.918
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.3013.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 77%
Total physical RAM: 3954.76 MB
Available physical RAM: 889.98 MB
Total Virtual: 8562.76 MB
Available Virtual: 3723.08 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:750.2 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (08-03-2021 17:42:58)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use] C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe
(Globalhop Ltd TOO -> ) C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Microsoft Windows Third Party Application Component -> Adobe) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Failed to access process -> ZeroConfigService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Kopci\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {354BFF90-C248-468A-9891-96E843DE83C4} - \Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23 -> No File <==== ATTENTION
Task: {36F6B47C-9573-4A05-9CBA-72A6818284C9} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {420B6F54-9CBB-4760-BD62-FFC983F0F7E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {45513EBA-7E69-447D-802A-771AA4D26FD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {463AE302-4AA6-4022-A74C-5E154ACD9474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5DE002F3-B0EB-4E30-AC50-588271623551} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {719363F1-497C-4B69-A1DD-EE77AE387B55} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {940BEF6D-D1FB-413A-8830-86307ECA578D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3} - \Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69 -> No File <==== ATTENTION
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B24300D5-CBDD-4300-A95B-31ADA344D448} - \Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55 -> No File <==== ATTENTION
Task: {B765D5C5-8B13-4A9D-9CE0-88B45DF4581F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {BEC94A6B-C41E-40A5-80BF-E84B77B064EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9} - \Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f -> No File <==== ATTENTION
Task: {CEC493DC-1B6B-4FBF-8823-63237A273B37} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {F84D559D-6497-47FE-888E-79B9E0E6F52F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-08]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-08]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"FunnyKacele" => service was unlocked. <==== ATTENTION
"SAntivirusIC" => service was unlocked. <==== ATTENTION
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6940672 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CCSDK; "C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe" [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-27] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-08 02:30 - 2021-03-08 02:31 - 001415172 _____ C:\WINDOWS\Minidump\030821-40718-01.dmp
2021-03-07 19:56 - 2021-03-07 19:56 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-03-07 19:32 - 2021-03-07 19:39 - 000000000 ____D C:\AdwCleaner
2021-03-07 19:28 - 2021-03-07 19:28 - 008463216 _____ (Malwarebytes) C:\Users\Kopci\Desktop\adwcleaner_8.1.exe
2021-03-06 21:52 - 2021-03-06 21:57 - 001452572 _____ C:\WINDOWS\Minidump\030621-42156-01.dmp
2021-03-06 18:22 - 2021-03-08 02:30 - 824212867 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 18:22 - 2021-03-06 20:09 - 001436956 _____ C:\WINDOWS\Minidump\030621-35343-01.dmp
2021-03-06 11:19 - 2021-03-06 16:16 - 000041331 _____ C:\Users\Kopci\Desktop\Addition.txt
2021-03-06 11:13 - 2021-03-08 17:45 - 000021250 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-08 17:44 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\Program Files (x86)\Digital Communications
2021-02-27 20:44 - 2021-02-28 13:31 - 000000000 ____D C:\Program Files (x86)\FunnyKacele
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:26 - 2021-02-28 13:47 - 000002372 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-27 18:10 - 2021-02-27 18:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-04 23:11 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-13 12:34 - 2021-02-13 12:34 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-08 17:42 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-08 17:42 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-08 17:40 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-08 17:40 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-08 17:17 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-08 16:24 - 2020-05-03 12:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-08 14:33 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-08 08:46 - 2020-05-03 12:17 - 000000000 ____D C:\Users\Kopci
2021-03-08 08:46 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-08 02:32 - 2020-11-09 17:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-08 02:30 - 2020-05-03 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-08 02:30 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-07 21:35 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-07 19:54 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-07 19:40 - 2020-05-03 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-07 19:40 - 2020-03-12 20:53 - 000000000 ____D C:\WINDOWS\Lenovo
2021-03-07 19:40 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-07 19:40 - 2016-12-25 09:34 - 000000000 ____D C:\Users\Kopci\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-12-25 09:29 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-05-28 15:07 - 000000000 ____D C:\Program Files\Lenovo
2021-03-07 19:40 - 2016-05-28 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-03-07 19:39 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-07 11:13 - 2020-05-03 12:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-06 16:01 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 10:57 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-06 10:55 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-06 10:45 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-03-06 10:37 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:47 - 2020-05-03 12:44 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-02-28 13:36 - 2020-05-03 12:09 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 20:48 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-26 15:10 - 2020-09-07 20:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-26 15:10 - 2020-09-07 20:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2020-03-12 20:53 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-02-23 18:24 - 2020-03-12 20:53 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-23 18:23 - 2020-03-12 20:52 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-21 11:19 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-17 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-16 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-02-14 20:43 - 2020-05-03 21:34 - 000718198 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 20:43 - 2020-05-03 21:34 - 000145242 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 20:43 - 2020-05-03 12:29 - 001693858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 20:37 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-02-14 20:37 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 12:48 - 2019-03-19 07:20 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-13 12:48 - 2019-03-19 07:20 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-11 10:25 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-11 10:06 - 2016-12-25 20:49 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 16:23 - 2020-05-03 12:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-07 11:52 - 2016-12-25 21:09 - 000160860 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (08-03-2021 17:47:47)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-05-03 11:46:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-02-27 20:44 - 2021-01-13 09:57 - 014318734 _____ () [File not signed] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\sdk.dll
2021-02-27 20:44 - 2020-05-14 00:17 - 000112640 _____ (Countly) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Countly.dll
2021-02-27 20:44 - 2018-01-10 13:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\AsyncBridge.Net35.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-27 20:44 - 2018-03-24 17:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2021-02-27 20:44 - 2018-05-11 08:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\SharpRaven.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kopci\Downloads\LEGO Harry Potter: Years 5-7 Free...tmp [2111874]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> DefaultScope {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A813C5E-EE10-4A91-83D8-430CEA749392} URL =
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kopci\desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{BAD7F3E3-2403-4A50-977E-FA93F53FB288}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{F9406233-A495-4EDE-94E0-89EAC9EBD48A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19E59825-96D8-4938-A4C5-3CACF90B764E}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
==================== Restore Points =========================
18-02-2021 21:01:55 Naplánovaný kontrolní bod
27-02-2021 20:10:35 Installed LEGO® Harry Potter™: Years 5-7 DEMO
07-03-2021 19:35:00 AdwCleaner_BeforeCleaning_07/03/2021_19:34:50
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/08/2021 05:45:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3168,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 05:21:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11408,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 04:51:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8132,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 04:21:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12908,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 03:21:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12304,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 03:12:56 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12944,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 02:21:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2676,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/08/2021 01:21:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9460,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (03/08/2021 09:16:40 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/08/2021 09:01:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 08:51:41 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/08/2021 08:47:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 08:47:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 08:47:02 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/08/2021 08:46:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/08/2021 02:32:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Windows Defender:
================
Date: 2021-02-28 13:11:20.578
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:10.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:10.353
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:09.066
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WebDiscoverBrowser\4.28.2\browser.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-02-28 13:11:09.066
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.
Date: 2021-03-07 19:46:22.433
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 18:26:28.206
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 11:00:31.374
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2432.0, AS: 1.331.2432.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0
Date: 2021-03-05 09:42:23.860
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2277.0, AS: 1.331.2277.0, NIS: 1.331.2277.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-05 09:35:48.628
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {BF5B13B9-2A1C-468A-B211-7930C3004C03}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-07 19:40:35.469
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.2500.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240017
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-02-24 12:23:38.516
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1570.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-02-11 10:06:34.238
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.612.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-31 16:26:57.918
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.3013.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 77%
Total physical RAM: 3954.76 MB
Available physical RAM: 889.98 MB
Total Virtual: 8562.76 MB
Available Virtual: 3723.08 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:750.2 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Re: Prosím o kontrolu - viz log z FRST
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Kód: Vybrat vše
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Digital Communications
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {420B6F54-9CBB-4760-BD62-FFC983F0F7E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {354BFF90-C248-468A-9891-96E843DE83C4} - \Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23 -> No File <==== ATTENTION
Task: {36F6B47C-9573-4A05-9CBA-72A6818284C9} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {45513EBA-7E69-447D-802A-771AA4D26FD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {463AE302-4AA6-4022-A74C-5E154ACD9474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3} - \Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69 -> No File <==== ATTENTION
Task: {B24300D5-CBDD-4300-A95B-31ADA344D448} - \Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55 -> No File <==== ATTENTION
Task: {B765D5C5-8B13-4A9D-9CE0-88B45DF4581F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9} - \Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz [not found]
FirewallRules: [{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19E59825-96D8-4938-A4C5-3CACF90B764E}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BAD7F3E3-2403-4A50-977E-FA93F53FB288}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{F9406233-A495-4EDE-94E0-89EAC9EBD48A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> DefaultScope {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A813C5E-EE10-4A91-83D8-430CEA749392} URL =
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
AlternateDataStreams: C:\Users\Kopci\Downloads\LEGO Harry Potter: Years 5-7 Free...tmp [2111874]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-27] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S2 CCSDK; "C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe" [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [X]
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6940672 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
EmptyTemp:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (10-03-2021 20:45:08) Run:1
Running from C:\Users\Kopci\Desktop
Loaded Profiles: defaultuser0 & Kopci
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Digital Communications
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {420B6F54-9CBB-4760-BD62-FFC983F0F7E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {354BFF90-C248-468A-9891-96E843DE83C4} - \Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23 -> No File <==== ATTENTION
Task: {36F6B47C-9573-4A05-9CBA-72A6818284C9} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {45513EBA-7E69-447D-802A-771AA4D26FD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {463AE302-4AA6-4022-A74C-5E154ACD9474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3} - \Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69 -> No File <==== ATTENTION
Task: {B24300D5-CBDD-4300-A95B-31ADA344D448} - \Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55 -> No File <==== ATTENTION
Task: {B765D5C5-8B13-4A9D-9CE0-88B45DF4581F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9} - \Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz [not found]
FirewallRules: [{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19E59825-96D8-4938-A4C5-3CACF90B764E}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BAD7F3E3-2403-4A50-977E-FA93F53FB288}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{F9406233-A495-4EDE-94E0-89EAC9EBD48A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> DefaultScope {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A813C5E-EE10-4A91-83D8-430CEA749392} URL =
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
AlternateDataStreams: C:\Users\Kopci\Downloads\LEGO Harry Potter: Years 5-7 Free...tmp [2111874]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-27] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S2 CCSDK; "C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe" [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [X]
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6940672 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
EmptyTemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"C:\Program Files (x86)\Digital Communications" folder move:
Could not move "C:\Program Files (x86)\Digital Communications" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420B6F54-9CBB-4760-BD62-FFC983F0F7E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B6F54-9CBB-4760-BD62-FFC983F0F7E0}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{354BFF90-C248-468A-9891-96E843DE83C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{354BFF90-C248-468A-9891-96E843DE83C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36F6B47C-9573-4A05-9CBA-72A6818284C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36F6B47C-9573-4A05-9CBA-72A6818284C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45513EBA-7E69-447D-802A-771AA4D26FD6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45513EBA-7E69-447D-802A-771AA4D26FD6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{463AE302-4AA6-4022-A74C-5E154ACD9474}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{463AE302-4AA6-4022-A74C-5E154ACD9474}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Solution Center Launcher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Solution Center Launcher" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B24300D5-CBDD-4300-A95B-31ADA344D448}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B24300D5-CBDD-4300-A95B-31ADA344D448}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B765D5C5-8B13-4A9D-9CE0-88B45DF4581F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B765D5C5-8B13-4A9D-9CE0-88B45DF4581F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f" => removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz => path removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19E59825-96D8-4938-A4C5-3CACF90B764E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAD7F3E3-2403-4A50-977E-FA93F53FB288}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9406233-A495-4EDE-94E0-89EAC9EBD48A}" => removed successfully
"HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A813C5E-EE10-4A91-83D8-430CEA749392} => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
C:\Users\Kopci\Downloads\LEGO Harry Potter => ": Years 5-7 Free...tmp" ADS removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CLVDShellExt => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CLVDShellExt => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt => removed successfully
C:\WINDOWS\system32\DrtmAuth9.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth18.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth17.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth16.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth15.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth12.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth11.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth10.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
TASANTIVIRUSKD => Unable to stop service.
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\CCSDK => removed successfully
CCSDK => service removed successfully
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
HKLM\System\CurrentControlSet\Services\LSCWinService => removed successfully
LSCWinService => service removed successfully
SAntivirusIC => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SAntivirusIC => could not remove, key could be protected
SAntivirusSvc => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
=========== EmptyTemp: ==========
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21521016 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7765781 B
Edge => 447085 B
Firefox => 1099167497 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 279363638 B
defaultuser0 => 279370806 B
Kopci => 798743389 B
RecycleBin => 597677 B
EmptyTemp: => 2.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-03-2021 21:13:00)
C:\Program Files (x86)\Digital Communications => Is moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\SAntivirusIC => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
==== End of Fixlog 21:13:01 ====
Ran by Kopci (10-03-2021 20:45:08) Run:1
Running from C:\Users\Kopci\Desktop
Loaded Profiles: defaultuser0 & Kopci
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Digital Communications
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {420B6F54-9CBB-4760-BD62-FFC983F0F7E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {354BFF90-C248-468A-9891-96E843DE83C4} - \Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23 -> No File <==== ATTENTION
Task: {36F6B47C-9573-4A05-9CBA-72A6818284C9} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {45513EBA-7E69-447D-802A-771AA4D26FD6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {463AE302-4AA6-4022-A74C-5E154ACD9474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3} - \Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69 -> No File <==== ATTENTION
Task: {B24300D5-CBDD-4300-A95B-31ADA344D448} - \Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55 -> No File <==== ATTENTION
Task: {B765D5C5-8B13-4A9D-9CE0-88B45DF4581F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9} - \Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz [not found]
FirewallRules: [{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{19E59825-96D8-4938-A4C5-3CACF90B764E}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BAD7F3E3-2403-4A50-977E-FA93F53FB288}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
FirewallRules: [{F9406233-A495-4EDE-94E0-89EAC9EBD48A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> DefaultScope {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A813C5E-EE10-4A91-83D8-430CEA749392} URL =
SearchScopes: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001 -> {3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
AlternateDataStreams: C:\Users\Kopci\Downloads\LEGO Harry Potter: Years 5-7 Free...tmp [2111874]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-13 12:35 - 2021-02-13 12:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-27] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S2 CCSDK; "C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe" [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [X]
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6940672 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [626688 2021-02-27] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
EmptyTemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"C:\Program Files (x86)\Digital Communications" folder move:
Could not move "C:\Program Files (x86)\Digital Communications" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420B6F54-9CBB-4760-BD62-FFC983F0F7E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B6F54-9CBB-4760-BD62-FFC983F0F7E0}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{354BFF90-C248-468A-9891-96E843DE83C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{354BFF90-C248-468A-9891-96E843DE83C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\1a5fe197-aac3-49ae-a7f2-5d0e3f8fcc23" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36F6B47C-9573-4A05-9CBA-72A6818284C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36F6B47C-9573-4A05-9CBA-72A6818284C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45513EBA-7E69-447D-802A-771AA4D26FD6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45513EBA-7E69-447D-802A-771AA4D26FD6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{463AE302-4AA6-4022-A74C-5E154ACD9474}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{463AE302-4AA6-4022-A74C-5E154ACD9474}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Solution Center Launcher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Solution Center Launcher" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F2B11E-D4EF-4DC1-A27C-DBF1EAB9A544}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAE5F6DC-B3D2-4D6F-AC8C-13BA5134ABD3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\e7da87f6-7615-427b-ba3c-72621f185e69" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B24300D5-CBDD-4300-A95B-31ADA344D448}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B24300D5-CBDD-4300-A95B-31ADA344D448}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\94ccf936-9235-436f-93a1-c66cc36e0b55" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B765D5C5-8B13-4A9D-9CE0-88B45DF4581F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B765D5C5-8B13-4A9D-9CE0-88B45DF4581F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCD9CD19-A5D1-4A3E-B8C2-C7A3F5CDDCE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\ad0aed99-ae3a-420a-befd-6aa2272f541f" => removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default\extensions\sko-extension@firma.seznam.cz => path removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9FDE0DE-1F7A-4DAC-AD3C-DCC31C571AE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19E59825-96D8-4938-A4C5-3CACF90B764E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAD7F3E3-2403-4A50-977E-FA93F53FB288}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9406233-A495-4EDE-94E0-89EAC9EBD48A}" => removed successfully
"HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A813C5E-EE10-4A91-83D8-430CEA749392} => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A8CC7AC-C9FE-463C-BBB7-96AC4CADA423} => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
C:\Users\Kopci\Downloads\LEGO Harry Potter => ": Years 5-7 Free...tmp" ADS removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CLVDShellExt => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CLVDShellExt => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt => removed successfully
C:\WINDOWS\system32\DrtmAuth9.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth18.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth17.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth16.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth15.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth12.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth11.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth10.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
TASANTIVIRUSKD => Unable to stop service.
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\CCSDK => removed successfully
CCSDK => service removed successfully
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
HKLM\System\CurrentControlSet\Services\LSCWinService => removed successfully
LSCWinService => service removed successfully
SAntivirusIC => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SAntivirusIC => could not remove, key could be protected
SAntivirusSvc => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
=========== EmptyTemp: ==========
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21521016 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7765781 B
Edge => 447085 B
Firefox => 1099167497 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 279363638 B
defaultuser0 => 279370806 B
Kopci => 798743389 B
RecycleBin => 597677 B
EmptyTemp: => 2.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-03-2021 21:13:00)
C:\Program Files (x86)\Digital Communications => Is moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\TASANTIVIRUSKD => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\SAntivirusIC => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => could not remove, key could be protected
==== End of Fixlog 21:13:01 ====
Re: Prosím o kontrolu - viz log z FRST
Poprosim o nove logy frst + addition
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (11-03-2021 22:21:23)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use] C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe
(Globalhop Ltd TOO -> ) C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Kopci\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5DE002F3-B0EB-4E30-AC50-588271623551} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {719363F1-497C-4B69-A1DD-EE77AE387B55} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {940BEF6D-D1FB-413A-8830-86307ECA578D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {BEC94A6B-C41E-40A5-80BF-E84B77B064EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {CEC493DC-1B6B-4FBF-8823-63237A273B37} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {F84D559D-6497-47FE-888E-79B9E0E6F52F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-09]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-11]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"FunnyKacele" => service was unlocked. <==== ATTENTION
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe -service [X] <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MpKslfd8fc939; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2970E97F-BFEF-4ABE-97C8-3F666656EA43}\MpKslDrv.sys [90360 2021-03-11] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S3 MpKsleafcf821; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B47301A-6241-4B40-907B-AF4787FF3762}\MpKslDrv.sys [X]
S1 TASANTIVIRUSKD; \??\C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-11 21:58 - 2021-03-11 21:58 - 001429452 _____ C:\WINDOWS\Minidump\031121-37640-01.dmp
2021-03-10 20:45 - 2021-03-10 21:13 - 000016618 _____ C:\Users\Kopci\Desktop\Fixlog.txt
2021-03-10 20:44 - 2021-03-10 20:44 - 000006128 _____ C:\Users\Kopci\Documents\fixlist.txt
2021-03-10 11:32 - 2021-03-10 11:32 - 000000000 ___HD C:\$WINDOWS.~BT
2021-03-10 10:47 - 2021-03-10 10:47 - 000000000 ___HD C:\$WinREAgent
2021-03-08 02:30 - 2021-03-08 02:31 - 001415172 _____ C:\WINDOWS\Minidump\030821-40718-01.dmp
2021-03-07 19:56 - 2021-03-07 19:56 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-03-07 19:32 - 2021-03-07 19:39 - 000000000 ____D C:\AdwCleaner
2021-03-07 19:28 - 2021-03-07 19:28 - 008463216 _____ (Malwarebytes) C:\Users\Kopci\Desktop\adwcleaner_8.1.exe
2021-03-06 21:52 - 2021-03-06 21:57 - 001452572 _____ C:\WINDOWS\Minidump\030621-42156-01.dmp
2021-03-06 18:22 - 2021-03-11 21:57 - 781368987 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 18:22 - 2021-03-06 20:09 - 001436956 _____ C:\WINDOWS\Minidump\030621-35343-01.dmp
2021-03-06 11:19 - 2021-03-08 17:51 - 000038520 _____ C:\Users\Kopci\Desktop\Addition.txt
2021-03-06 11:13 - 2021-03-11 22:22 - 000018515 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-11 22:22 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:44 - 2021-02-28 13:31 - 000000000 ____D C:\Program Files (x86)\FunnyKacele
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:26 - 2021-02-28 13:47 - 000002372 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-27 18:10 - 2021-02-27 18:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-11 21:07 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-13 12:34 - 2021-02-13 12:34 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-11 22:20 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-11 22:20 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-11 22:17 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-03-11 22:11 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-11 22:00 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-11 21:59 - 2020-11-09 17:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-11 21:58 - 2020-05-03 12:17 - 000000000 ____D C:\Users\Kopci
2021-03-11 21:58 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-11 21:57 - 2020-05-03 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-11 21:57 - 2020-05-03 12:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-11 21:57 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-11 21:54 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-11 21:22 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-11 21:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-10 21:05 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-10 20:54 - 2020-04-29 16:29 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Temp
2021-03-10 20:49 - 2020-05-03 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-10 11:56 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 11:52 - 2016-12-25 20:49 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 11:36 - 2020-05-03 10:06 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-08 17:40 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-07 21:35 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-07 19:40 - 2020-03-12 20:53 - 000000000 ____D C:\WINDOWS\Lenovo
2021-03-07 19:40 - 2016-12-25 09:34 - 000000000 ____D C:\Users\Kopci\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-12-25 09:29 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-05-28 15:07 - 000000000 ____D C:\Program Files\Lenovo
2021-03-07 19:40 - 2016-05-28 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-03-07 19:39 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-07 11:13 - 2020-05-03 12:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-06 16:01 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-06 10:55 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-06 10:37 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:47 - 2020-05-03 12:44 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-02-28 13:36 - 2020-05-03 12:09 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 20:48 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-26 15:10 - 2020-09-07 20:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-26 15:10 - 2020-09-07 20:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2020-03-12 20:53 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-02-23 18:24 - 2020-03-12 20:53 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-23 18:23 - 2020-03-12 20:52 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-21 11:19 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-17 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-16 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-02-14 20:43 - 2020-05-03 21:34 - 000718198 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 20:43 - 2020-05-03 21:34 - 000145242 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 20:43 - 2020-05-03 12:29 - 001693858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 20:37 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-02-14 20:37 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 12:48 - 2019-03-19 07:20 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-13 12:48 - 2019-03-19 07:20 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (11-03-2021 22:24:31)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-05-03 11:46:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-02-27 20:44 - 2021-01-13 09:57 - 014318734 _____ () [File not signed] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\sdk.dll
2021-02-27 20:44 - 2020-05-14 00:17 - 000112640 _____ (Countly) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Countly.dll
2021-02-27 20:44 - 2018-01-10 13:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\AsyncBridge.Net35.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-27 20:44 - 2018-03-24 17:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2021-02-27 20:44 - 2018-05-11 08:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\SharpRaven.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kopci\desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
==================== Restore Points =========================
27-02-2021 20:10:35 Installed LEGO® Harry Potter™: Years 5-7 DEMO
07-03-2021 19:35:00 AdwCleaner_BeforeCleaning_07/03/2021_19:34:50
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/11/2021 10:22:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12040,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 10:14:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2560,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 10:08:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4016,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 09:42:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8784,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 09:28:08 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9388,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 09:00:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1808,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 08:19:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13500,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 02:48:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9104,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (03/11/2021 10:03:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/11/2021 09:59:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/11/2021 09:58:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff800322fd8aa). Výpis byl uložen do: C:\WINDOWS\MEMORY.DMP. ID hlášení: 51141070-08b4-4571-95a5-19c9a7cb1706
Error: (03/11/2021 09:58:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAntivirusIC neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/11/2021 09:58:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAntivirusSvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/11/2021 09:57:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (9:51:52 PM, 3/11/2021) bylo neočekávané.
Error: (03/11/2021 09:21:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (03/11/2021 10:11:13 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2021-03-10 10:30:45.330
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {F59D7226-FD7D-4DD0-B0F4-962FF6944A5B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-08 20:33:52.285
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2610.0, AS: 1.331.2610.0, NIS: 1.331.2610.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-07 19:46:22.433
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 18:26:28.206
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 11:00:31.374
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2432.0, AS: 1.331.2432.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0
Date: 2021-03-10 09:16:42.244
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.2610.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-03-07 19:40:35.469
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.2500.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240017
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-02-24 12:23:38.516
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1570.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-02-11 10:06:34.238
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.612.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-31 16:26:57.918
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.3013.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 73%
Total physical RAM: 3954.76 MB
Available physical RAM: 1060.23 MB
Total Virtual: 9074.76 MB
Available Virtual: 5188.57 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:750.42 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (11-03-2021 22:21:23)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use] C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe
(Globalhop Ltd TOO -> ) C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Kopci\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5DE002F3-B0EB-4E30-AC50-588271623551} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {719363F1-497C-4B69-A1DD-EE77AE387B55} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {940BEF6D-D1FB-413A-8830-86307ECA578D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {BEC94A6B-C41E-40A5-80BF-E84B77B064EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {CEC493DC-1B6B-4FBF-8823-63237A273B37} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {F84D559D-6497-47FE-888E-79B9E0E6F52F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-09]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-11]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"FunnyKacele" => service was unlocked. <==== ATTENTION
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe -service [X] <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MpKslfd8fc939; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2970E97F-BFEF-4ABE-97C8-3F666656EA43}\MpKslDrv.sys [90360 2021-03-11] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S3 MpKsleafcf821; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B47301A-6241-4B40-907B-AF4787FF3762}\MpKslDrv.sys [X]
S1 TASANTIVIRUSKD; \??\C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-11 21:58 - 2021-03-11 21:58 - 001429452 _____ C:\WINDOWS\Minidump\031121-37640-01.dmp
2021-03-10 20:45 - 2021-03-10 21:13 - 000016618 _____ C:\Users\Kopci\Desktop\Fixlog.txt
2021-03-10 20:44 - 2021-03-10 20:44 - 000006128 _____ C:\Users\Kopci\Documents\fixlist.txt
2021-03-10 11:32 - 2021-03-10 11:32 - 000000000 ___HD C:\$WINDOWS.~BT
2021-03-10 10:47 - 2021-03-10 10:47 - 000000000 ___HD C:\$WinREAgent
2021-03-08 02:30 - 2021-03-08 02:31 - 001415172 _____ C:\WINDOWS\Minidump\030821-40718-01.dmp
2021-03-07 19:56 - 2021-03-07 19:56 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-03-07 19:32 - 2021-03-07 19:39 - 000000000 ____D C:\AdwCleaner
2021-03-07 19:28 - 2021-03-07 19:28 - 008463216 _____ (Malwarebytes) C:\Users\Kopci\Desktop\adwcleaner_8.1.exe
2021-03-06 21:52 - 2021-03-06 21:57 - 001452572 _____ C:\WINDOWS\Minidump\030621-42156-01.dmp
2021-03-06 18:22 - 2021-03-11 21:57 - 781368987 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 18:22 - 2021-03-06 20:09 - 001436956 _____ C:\WINDOWS\Minidump\030621-35343-01.dmp
2021-03-06 11:19 - 2021-03-08 17:51 - 000038520 _____ C:\Users\Kopci\Desktop\Addition.txt
2021-03-06 11:13 - 2021-03-11 22:22 - 000018515 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-11 22:22 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:44 - 2021-02-28 13:31 - 000000000 ____D C:\Program Files (x86)\FunnyKacele
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:26 - 2021-02-28 13:47 - 000002372 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-27 18:10 - 2021-02-27 18:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-11 21:07 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-13 12:36 - 2021-02-13 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-13 12:34 - 2021-02-13 12:34 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-11 22:20 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-11 22:20 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-11 22:17 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-03-11 22:11 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-11 22:00 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-11 21:59 - 2020-11-09 17:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-11 21:58 - 2020-05-03 12:17 - 000000000 ____D C:\Users\Kopci
2021-03-11 21:58 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-11 21:57 - 2020-05-03 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-11 21:57 - 2020-05-03 12:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-11 21:57 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-11 21:54 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-11 21:22 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-11 21:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-10 21:05 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-10 20:54 - 2020-04-29 16:29 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Temp
2021-03-10 20:49 - 2020-05-03 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-10 11:56 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 11:52 - 2016-12-25 20:49 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 11:36 - 2020-05-03 10:06 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-08 17:40 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-07 21:35 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-07 21:35 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-07 19:40 - 2020-03-12 20:53 - 000000000 ____D C:\WINDOWS\Lenovo
2021-03-07 19:40 - 2016-12-25 09:34 - 000000000 ____D C:\Users\Kopci\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-12-25 09:29 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-05-28 15:07 - 000000000 ____D C:\Program Files\Lenovo
2021-03-07 19:40 - 2016-05-28 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-03-07 19:39 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-07 11:13 - 2020-05-03 12:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-06 16:01 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-06 10:55 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-06 10:37 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:47 - 2020-05-03 12:44 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-02-28 13:36 - 2020-05-03 12:09 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 20:48 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-26 15:10 - 2020-09-07 20:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-26 15:10 - 2020-09-07 20:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2020-03-12 20:53 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-02-23 18:24 - 2020-03-12 20:53 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-23 18:23 - 2020-03-12 20:52 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-21 11:19 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-17 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-16 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-02-14 20:43 - 2020-05-03 21:34 - 000718198 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 20:43 - 2020-05-03 21:34 - 000145242 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 20:43 - 2020-05-03 12:29 - 001693858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 20:37 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-02-14 20:37 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 23:03 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 12:48 - 2019-03-19 07:20 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-13 12:48 - 2019-03-19 07:20 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (11-03-2021 22:24:31)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-05-03 11:46:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-02-27 20:44 - 2021-01-13 09:57 - 014318734 _____ () [File not signed] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\sdk.dll
2021-02-27 20:44 - 2020-05-14 00:17 - 000112640 _____ (Countly) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Countly.dll
2021-02-27 20:44 - 2018-01-10 13:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\AsyncBridge.Net35.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-27 20:44 - 2018-03-24 17:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\Newtonsoft.Json.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2021-02-27 20:44 - 2018-05-11 08:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\Kopci\AppData\Local\Programs\Taskbar system\SharpRaven.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kopci\desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
==================== Restore Points =========================
27-02-2021 20:10:35 Installed LEGO® Harry Potter™: Years 5-7 DEMO
07-03-2021 19:35:00 AdwCleaner_BeforeCleaning_07/03/2021_19:34:50
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/11/2021 10:22:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12040,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 10:14:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2560,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 10:08:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4016,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 09:42:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8784,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 09:28:08 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9388,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 09:00:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1808,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 08:19:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13500,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (03/11/2021 02:48:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9104,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (03/11/2021 10:03:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/11/2021 09:59:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/11/2021 09:58:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x0000000a (0x0000000000000040, 0x0000000000000002, 0x0000000000000001, 0xfffff800322fd8aa). Výpis byl uložen do: C:\WINDOWS\MEMORY.DMP. ID hlášení: 51141070-08b4-4571-95a5-19c9a7cb1706
Error: (03/11/2021 09:58:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAntivirusIC neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/11/2021 09:58:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAntivirusSvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (03/11/2021 09:57:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (9:51:52 PM, 3/11/2021) bylo neočekávané.
Error: (03/11/2021 09:21:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (03/11/2021 10:11:13 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2021-03-10 10:30:45.330
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {F59D7226-FD7D-4DD0-B0F4-962FF6944A5B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-08 20:33:52.285
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2610.0, AS: 1.331.2610.0, NIS: 1.331.2610.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-07 19:46:22.433
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 18:26:28.206
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2500.0, AS: 1.331.2500.0, NIS: 1.331.2500.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-03-06 11:00:31.374
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2432.0, AS: 1.331.2432.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0
Date: 2021-03-10 09:16:42.244
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.2610.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-03-07 19:40:35.469
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.2500.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240017
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-02-24 12:23:38.516
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1570.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2021-02-11 10:06:34.238
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.612.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-31 16:26:57.918
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.3013.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 73%
Total physical RAM: 3954.76 MB
Available physical RAM: 1060.23 MB
Total Virtual: 9074.76 MB
Available Virtual: 5188.57 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:750.42 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Re: Prosím o kontrolu - viz log z FRST
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Kód: Vybrat vše
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\FunnyKacele
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
S2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe -service [X] <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [X] <==== ATTENTION
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
S3 MpKsleafcf821; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B47301A-6241-4B40-907B-AF4787FF3762}\MpKslDrv.sys [X]
S1 TASANTIVIRUSKD; \??\C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [X] <==== ATTENTION
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (12-03-2021 23:12:31) Run:2
Running from C:\Users\Kopci\Desktop
Loaded Profiles: defaultuser0 & Kopci
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\FunnyKacele
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
S2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe -service [X] <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [X] <==== ATTENTION
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
S3 MpKsleafcf821; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B47301A-6241-4B40-907B-AF4787FF3762}\MpKslDrv.sys [X]
S1 TASANTIVIRUSKD; \??\C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [X] <==== ATTENTION
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Program Files (x86)\FunnyKacele => moved successfully
"HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Taskbar system" => removed successfully
SAntivirusIC => service not found.
SAntivirusSvc => service not found.
FunnyKacele => service not found.
MpKsleafcf821 => service not found.
TASANTIVIRUSKD => service not found.
The system needed a reboot.
==== End of Fixlog 23:13:54 ====
Ran by Kopci (12-03-2021 23:12:31) Run:2
Running from C:\Users\Kopci\Desktop
Loaded Profiles: defaultuser0 & Kopci
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\FunnyKacele
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [Taskbar system] => C:\Users\Kopci\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
S2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe -service [X] <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [X] <==== ATTENTION
R2 FunnyKacele; C:\Program Files (x86)\FunnyKacele\FunnyKacele.exe [30701040 2018-05-04] (Apps Delivered Ltd -> Funny Kacele) [File not signed] [File is in use]
S3 MpKsleafcf821; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B47301A-6241-4B40-907B-AF4787FF3762}\MpKslDrv.sys [X]
S1 TASANTIVIRUSKD; \??\C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [X] <==== ATTENTION
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Program Files (x86)\FunnyKacele => moved successfully
"HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Taskbar system" => removed successfully
SAntivirusIC => service not found.
SAntivirusSvc => service not found.
FunnyKacele => service not found.
MpKsleafcf821 => service not found.
TASANTIVIRUSKD => service not found.
The system needed a reboot.
==== End of Fixlog 23:13:54 ====
Re: Prosím o kontrolu - viz log z FRST
Dobre. poprosim o nove logy frst a addition, ci je vsetko ok.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (13-03-2021 01:16:30)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Kopci\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {0C31DF8D-81A4-489E-AC63-19ECAD90E93C} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.)
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {3FCC52CC-B17F-4F29-AF9E-1952668D655F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {463CBE02-7D95-487B-BC2F-15E6B4BE440C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {675392BF-29EB-4512-A46A-9E4F5E0137DC} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9A28B4DF-0225-44B5-8A59-5BE5574DF396} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ab7fe532-b805-46bb-bfb4-026d5274fc52 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {9AC3B290-EF6E-4C5A-9BC2-FA30BB8C6CCB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3127be0c-553a-4ac5-b998-04f53a60d143 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {9F57B96C-2726-46F7-923D-EE82324289C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B585A55B-EC11-40B8-822E-41AC68AA9B74} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {CEC493DC-1B6B-4FBF-8823-63237A273B37} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D4E2A5D7-AE19-4F20-A5CF-9F30C90F44FB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0d7e01b2-6dc7-4252-b64d-17eaefcf1406 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB5AB52B-5656-477B-BDFA-9DC57E9465FB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1d3a9928-58d0-454d-b77e-fe8da2ff2019 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-13]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MpKsld92b1f0d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24FB2F44-CCB8-40C0-B7C6-1768D5DEA776}\MpKslDrv.sys [90360 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-12 07:47 - 2021-03-12 07:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-12 07:40 - 2021-03-12 07:40 - 000000020 ___SH C:\Users\Kopci\ntuser.ini
2021-03-12 07:38 - 2021-03-12 23:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-12 07:38 - 2021-03-12 07:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-12 07:38 - 2021-03-12 07:39 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-12 07:38 - 2021-03-12 07:39 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-12 07:38 - 2021-03-12 07:39 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-12 07:38 - 2021-03-12 07:39 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-03-12 07:38 - 2021-03-12 07:39 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-12 07:38 - 2021-03-12 07:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-12 07:36 - 2021-03-12 07:38 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-03-12 07:36 - 2021-03-12 07:38 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-03-12 07:30 - 2021-03-12 23:25 - 002324300 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-12 07:13 - 2017-04-21 01:17 - 000113680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-03-12 07:13 - 2017-04-21 01:17 - 000104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-03-12 07:08 - 2021-03-13 01:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-12 07:08 - 2021-03-12 23:20 - 000528208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-12 07:08 - 2021-03-12 23:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-12 07:07 - 2021-03-12 07:40 - 000000000 ____D C:\Windows.old
2021-03-12 02:44 - 2021-03-12 07:07 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-12 02:42 - 2021-03-12 07:40 - 000000000 ____D C:\Users\Kopci
2021-03-12 02:42 - 2021-03-12 07:27 - 000000000 ____D C:\Users\defaultuser0
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Šablony
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Soubory cookie
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Poslední
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Okolní tiskárny
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Okolní síť
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Nabídka Start
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Dokumenty
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Documents\Obrázky
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Documents\Hudba
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Documents\Filmy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Data aplikací
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\AppData\Local\Data aplikací
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Šablony
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Soubory cookie
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Poslední
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Okolní tiskárny
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Okolní síť
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Nabídka Start
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Dokumenty
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Obrázky
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Hudba
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Filmy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Data aplikací
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Data aplikací
2021-03-12 02:42 - 2019-12-07 10:10 - 000001105 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 02:42 - 2019-12-07 10:10 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 02:34 - 2021-03-12 02:44 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-12 02:24 - 2021-03-12 02:24 - 000000000 ____D C:\ProgramData\ssh
2021-03-12 02:08 - 2021-03-12 02:08 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-12 02:08 - 2021-03-12 02:08 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-12 02:08 - 2021-03-12 02:08 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-12 02:08 - 2021-03-12 02:08 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-12 02:08 - 2021-03-12 02:08 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-12 02:08 - 2021-03-12 02:08 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-12 02:08 - 2021-03-12 02:08 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-12 02:08 - 2021-03-12 02:08 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-12 02:08 - 2021-03-12 02:08 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-12 02:08 - 2021-03-12 02:08 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-12 02:08 - 2021-03-12 02:08 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-12 02:07 - 2021-03-12 02:07 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-12 02:07 - 2021-03-12 02:07 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-12 02:07 - 2021-03-12 02:07 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-12 02:07 - 2021-03-12 02:07 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-12 02:07 - 2021-03-12 02:07 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-12 02:07 - 2021-03-12 02:07 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-12 02:06 - 2021-03-12 02:06 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-12 02:06 - 2021-03-12 02:06 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-12 02:06 - 2021-03-12 02:06 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-12 02:06 - 2021-03-12 02:06 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-12 02:06 - 2021-03-12 02:06 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 02:05 - 2021-03-12 02:05 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-12 02:05 - 2021-03-12 02:05 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-12 02:03 - 2021-03-12 02:03 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-12 02:03 - 2021-03-12 02:03 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-12 02:03 - 2021-03-12 02:03 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-12 02:03 - 2021-03-12 02:03 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-12 02:02 - 2021-03-12 02:02 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-12 02:02 - 2021-03-12 02:02 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-12 02:01 - 2021-03-12 02:01 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-12 02:01 - 2021-03-12 02:01 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-12 02:01 - 2021-03-12 02:01 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-12 02:01 - 2021-03-12 02:01 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-12 02:01 - 2021-03-12 02:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-12 02:01 - 2021-03-12 02:01 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-12 02:01 - 2021-03-12 02:01 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-12 02:01 - 2021-03-12 02:01 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-12 02:01 - 2021-03-12 02:01 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-12 02:01 - 2021-03-12 02:01 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-12 02:00 - 2021-03-12 02:00 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-12 02:00 - 2021-03-12 02:00 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-12 02:00 - 2021-03-12 02:00 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-12 01:59 - 2021-03-12 01:59 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-12 01:58 - 2021-03-12 01:58 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-12 01:58 - 2021-03-12 01:58 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-12 01:58 - 2021-03-12 01:58 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-12 01:57 - 2021-03-12 01:57 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-12 01:57 - 2021-03-12 01:57 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-12 01:57 - 2021-03-12 01:57 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-12 01:57 - 2021-03-12 01:57 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-12 01:30 - 2021-03-12 01:30 - 012023100 _____ C:\WINDOWS\system32\korwbrkr.lex
2021-03-12 01:26 - 2021-03-12 01:26 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-03-12 01:26 - 2021-03-12 01:26 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-03-12 01:25 - 2021-03-12 23:25 - 000490424 _____ C:\WINDOWS\system32\perfh012.dat
2021-03-12 01:25 - 2021-03-12 23:25 - 000134396 _____ C:\WINDOWS\system32\perfc012.dat
2021-03-12 01:25 - 2021-03-12 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ko
2021-03-12 01:25 - 2021-03-12 01:24 - 000159618 _____ C:\WINDOWS\system32\perfi012.dat
2021-03-12 01:25 - 2021-03-12 01:24 - 000033406 _____ C:\WINDOWS\system32\perfd012.dat
2021-03-12 01:24 - 2021-03-12 01:24 - 000000000 ____D C:\WINDOWS\system32\ko
2021-03-12 01:15 - 2021-03-12 23:25 - 000721822 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-12 01:15 - 2021-03-12 23:25 - 000146848 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-12 01:15 - 2021-03-12 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-03-12 01:15 - 2021-03-12 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2021-03-12 01:15 - 2021-03-12 01:15 - 000000000 ____D C:\WINDOWS\system32\cs
2021-03-12 01:15 - 2021-03-12 01:14 - 000296964 _____ C:\WINDOWS\system32\perfi005.dat
2021-03-12 01:15 - 2021-03-12 01:14 - 000038778 _____ C:\WINDOWS\system32\perfd005.dat
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files\MSBuild
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-12 00:51 - 2021-03-12 00:51 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-11 22:41 - 2021-03-12 07:40 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-10 20:45 - 2021-03-12 23:13 - 000001772 _____ C:\Users\Kopci\Desktop\Fixlog.txt
2021-03-10 20:44 - 2021-03-12 23:10 - 000000937 _____ C:\Users\Kopci\Documents\fixlist.txt
2021-03-10 10:47 - 2021-03-10 10:47 - 000000000 ___HD C:\$WinREAgent
2021-03-07 19:56 - 2021-03-07 19:56 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-03-07 19:32 - 2021-03-07 19:39 - 000000000 ____D C:\AdwCleaner
2021-03-07 19:28 - 2021-03-07 19:28 - 008463216 _____ (Malwarebytes) C:\Users\Kopci\Desktop\adwcleaner_8.1.exe
2021-03-06 18:22 - 2021-03-11 21:57 - 781368987 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 11:19 - 2021-03-11 22:26 - 000035648 _____ C:\Users\Kopci\Desktop\Addition.txt
2021-03-06 11:13 - 2021-03-13 01:19 - 000019071 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-13 01:17 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-03-03 09:25 - 2021-02-23 18:24 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-03-03 09:25 - 2021-02-23 18:24 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-03-03 09:25 - 2021-02-23 18:23 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:44 - 2021-03-12 07:07 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-11 21:07 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-03-12 07:07 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-13 01:16 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-13 01:16 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-13 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-12 23:28 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-12 23:28 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-12 23:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-12 23:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-12 23:20 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-12 23:20 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-12 14:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-12 13:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-12 13:16 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-12 13:16 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-12 08:01 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-12 07:59 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-12 07:50 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-12 07:46 - 2016-12-25 09:34 - 000000000 ____D C:\Users\Kopci\AppData\Local\Lenovo
2021-03-12 07:43 - 2018-07-04 19:30 - 000000000 ____D C:\ProgramData\Packages
2021-03-12 07:42 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-12 07:42 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-03-12 07:42 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-03-12 07:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-12 07:39 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-12 07:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-12 07:35 - 2016-05-28 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2021-03-12 07:30 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-12 07:30 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-12 07:30 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-12 07:14 - 2020-03-14 18:25 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-03-12 07:14 - 2020-03-14 18:24 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-03-12 07:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-12 07:14 - 2017-08-16 00:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-03-12 07:14 - 2017-08-16 00:14 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-03-12 07:14 - 2017-08-16 00:13 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-12 07:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-12 07:11 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-03-12 07:10 - 2020-03-12 20:53 - 000000000 ____D C:\WINDOWS\Lenovo
2021-03-12 07:09 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-12 07:08 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-03-12 07:08 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-03-12 07:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-12 07:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-12 07:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2021-03-12 07:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-12 07:08 - 2016-05-28 15:38 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2021-03-12 07:07 - 2020-11-30 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-03-12 07:07 - 2020-09-16 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 07:07 - 2018-06-14 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Callisto 5 FREE
2021-03-12 07:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-12 07:07 - 2017-08-16 00:13 - 000000000 ____D C:\Program Files\Intel
2021-03-12 07:07 - 2017-05-23 08:26 - 000000000 ____D C:\Program Files\UNP
2021-03-12 07:07 - 2016-12-25 23:48 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-12 07:07 - 2016-12-25 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-12 07:07 - 2016-12-25 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-03-12 07:07 - 2016-12-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2021-03-12 07:07 - 2016-05-28 15:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-03-12 07:07 - 2016-05-28 15:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2021-03-12 07:07 - 2016-05-28 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-03-12 07:07 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-12 07:02 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-12 03:06 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-03-12 02:46 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-12 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-12 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-12 02:45 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-12 02:44 - 2020-03-07 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-03-12 02:44 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-12 02:44 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-12 02:44 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Help
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-12 02:44 - 2017-08-16 00:13 - 000000000 ____D C:\Program Files\Realtek
2021-03-12 02:44 - 2017-08-16 00:12 - 000000000 ____D C:\Program Files\Synaptics
2021-03-12 02:43 - 2017-10-18 22:34 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-12 02:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-12 02:21 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-12 02:21 - 2019-12-07 10:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-03-12 01:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-03-12 01:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-03-12 01:24 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-03-11 21:54 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-10 20:54 - 2020-04-29 16:29 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Temp
2021-03-10 11:56 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 11:52 - 2016-12-25 20:49 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-08 17:40 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-07 19:40 - 2016-12-25 09:29 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-05-28 15:07 - 000000000 ____D C:\Program Files\Lenovo
2021-03-07 19:40 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (13-03-2021 01:32:06)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2021-03-12 06:40:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-5) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2021-03-12 07:53 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2021-03-12 07:50 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kopci\Desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
12-03-2021 13:12:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/12/2021 11:14:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (03/12/2021 07:53:26 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/12/2021 07:50:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (03/12/2021 07:49:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 10.0.19041.844 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1b30
Čas spuštění: 01d7170b8d003ebf
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
ID hlášení: 9db44b29-d628-4099-ba24-75b4533700d8
Úplný název balíčku s chybou: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: WindowsDefaultLockScreen
Typ zablokování: Cross-thread
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí IntelWLANEventProvider se pokusil zaregistrovat dotaz select * from CIntelQosEvent, jehož cílová třída CIntelQosEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí IntelWLANEventProvider se pokusil zaregistrovat dotaz select * from CIntelDot1xEvent, jehož cílová třída CIntelDot1xEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí IntelWLANEventProvider se pokusil zaregistrovat dotaz select * from CIntelWLANEvent, jehož cílová třída CIntelWLANEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz select * from CIntelQosEvent, jehož cílová třída CIntelQosEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
System errors:
=============
Error: (03/12/2021 11:33:14 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/12/2021 11:28:27 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/12/2021 11:19:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll
Error: (03/12/2021 11:19:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll
Error: (03/12/2021 11:18:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll
Error: (03/12/2021 11:18:55 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/12/2021 11:12:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (03/12/2021 11:12:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology byla neočekávaně ukončena. Tento stav nastal již 1krát.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 70%
Total physical RAM: 3954.76 MB
Available physical RAM: 1160.37 MB
Total Virtual: 9074.76 MB
Available Virtual: 4410.55 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:740.47 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by Kopci (administrator) on LAPTOP-HH1EQN5N (LENOVO 80QB) (13-03-2021 01:16:30)
Running from C:\Users\Kopci\Desktop
Loaded Profiles: Kopci
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Angličtina (Spojené státy) -> Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxEM.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kopci\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo Smart Fingerprint] => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Kopci\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7A64AF-41E2-4A98-8D6D-1A0AF0E7ED3D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {0C31DF8D-81A4-489E-AC63-19ECAD90E93C} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-03-02] (Lenovo -> Lenovo Group Ltd.)
Task: {20CC5D35-6588-4513-8287-B6EA51CD49F3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Task: {227B0B35-DA77-46F3-9DCF-CF593A24B789} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
Task: {29CCEDAC-180F-4086-A873-5CF401966497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A46C4CE-A277-497A-B599-0F9C86F19B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AD8077C-808E-4BEF-8C18-73D591F29EE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {3FCC52CC-B17F-4F29-AF9E-1952668D655F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {463CBE02-7D95-487B-BC2F-15E6B4BE440C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5D7FE370-0268-4F37-8C09-F692339CC68C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {5F2BE04C-DF43-4441-BA87-AF2FAB189A74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F40EA3F-BAAC-4285-8286-9B257B8649B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {675392BF-29EB-4512-A46A-9E4F5E0137DC} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6EA656A2-D79A-4CA9-9823-F1271FA290D2} - System32\Tasks\Lenovo\fplmonitorConnect => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {7B0DFC7C-EED3-4F3D-A4E2-2113C188ABA2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7F2A58CC-CE18-44EF-B47A-4BF3AE16DD76} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [15768 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9A28B4DF-0225-44B5-8A59-5BE5574DF396} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ab7fe532-b805-46bb-bfb4-026d5274fc52 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {9AC3B290-EF6E-4C5A-9BC2-FA30BB8C6CCB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3127be0c-553a-4ac5-b998-04f53a60d143 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {9F57B96C-2726-46F7-923D-EE82324289C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFA1F844-B873-4B2C-ABAE-0FD04AADA7F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B585A55B-EC11-40B8-822E-41AC68AA9B74} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA5589F5-363D-402E-886C-56770A4CBCD8} - System32\Tasks\Lenovo\fplmonitor => C:\Program Files (x86)\Lenovo\Lenovo Smart Fingerprint\fplmonitor.exe [1761208 2015-09-25] (LENOVO -> Lenovo)
Task: {C686002C-2ED0-4349-A479-ABD734A978DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C91368E0-6C17-428C-A951-070E3CC250CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {CEC493DC-1B6B-4FBF-8823-63237A273B37} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D4E2A5D7-AE19-4F20-A5CF-9F30C90F44FB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0d7e01b2-6dc7-4252-b64d-17eaefcf1406 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {D71E4AA2-EFF8-41D2-9B53-3B1F68AE872E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {E8975FB6-D236-44C8-9179-AF9BD682BF88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB5AB52B-5656-477B-BDFA-9DC57E9465FB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1d3a9928-58d0-454d-b77e-fe8da2ff2019 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
Task: {F22F6641-7594-4471-886C-B4AB12488B68} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F59A1B2B-4E32-4FAE-AFB1-97BB163A1A62} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D47B8-38E2-4E22-A98D-78DB7FC1A7C3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5bdce1b0-6c55-4811-8821-86e83bfe7d28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7370f33a-094d-4166-896c-c94ded8f462e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba844273-ed17-44ac-bbbf-eefe42da4ab5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kopci\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12]
FireFox:
========
FF DefaultProfile: k5b7neg4.default
FF ProfilePath: C:\Users\Kopci\AppData\Roaming\Mozilla\Firefox\Profiles\k5b7neg4.default [2021-03-13]
FF Session Restore: Mozilla\Firefox\Profiles\k5b7neg4.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\k5b7neg4.default -> hxxps://www.slevomat.cz; hxxps://online.rb.cz
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [20880 2020-12-28] (Lenovo -> Lenovo Group Ltd.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MpKsld92b1f0d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24FB2F44-CCB8-40C0-B7C6-1768D5DEA776}\MpKslDrv.sys [90360 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-12 07:47 - 2021-03-12 07:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-12 07:40 - 2021-03-12 07:40 - 000000020 ___SH C:\Users\Kopci\ntuser.ini
2021-03-12 07:38 - 2021-03-12 23:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-12 07:38 - 2021-03-12 07:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-03-12 07:38 - 2021-03-12 07:39 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-12 07:38 - 2021-03-12 07:39 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-12 07:38 - 2021-03-12 07:39 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-12 07:38 - 2021-03-12 07:39 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3044413106-2186633788-3405021347-1001
2021-03-12 07:38 - 2021-03-12 07:39 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-12 07:38 - 2021-03-12 07:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-12 07:36 - 2021-03-12 07:38 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-03-12 07:36 - 2021-03-12 07:38 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-03-12 07:30 - 2021-03-12 23:25 - 002324300 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-12 07:13 - 2017-04-21 01:17 - 000113680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-03-12 07:13 - 2017-04-21 01:17 - 000104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-03-12 07:08 - 2021-03-13 01:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-12 07:08 - 2021-03-12 23:20 - 000528208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-12 07:08 - 2021-03-12 23:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-12 07:07 - 2021-03-12 07:40 - 000000000 ____D C:\Windows.old
2021-03-12 02:44 - 2021-03-12 07:07 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-12 02:42 - 2021-03-12 07:40 - 000000000 ____D C:\Users\Kopci
2021-03-12 02:42 - 2021-03-12 07:27 - 000000000 ____D C:\Users\defaultuser0
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Šablony
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Soubory cookie
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Poslední
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Okolní tiskárny
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Okolní síť
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Nabídka Start
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Dokumenty
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Documents\Obrázky
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Documents\Hudba
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Documents\Filmy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\Data aplikací
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\Kopci\AppData\Local\Data aplikací
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Šablony
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Soubory cookie
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Poslední
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Okolní tiskárny
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Okolní síť
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Nabídka Start
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Dokumenty
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Obrázky
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Hudba
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Filmy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\Data aplikací
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-03-12 02:42 - 2021-03-12 02:42 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Data aplikací
2021-03-12 02:42 - 2019-12-07 10:10 - 000001105 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 02:42 - 2019-12-07 10:10 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 02:34 - 2021-03-12 02:44 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-12 02:24 - 2021-03-12 02:24 - 000000000 ____D C:\ProgramData\ssh
2021-03-12 02:08 - 2021-03-12 02:08 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-12 02:08 - 2021-03-12 02:08 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-12 02:08 - 2021-03-12 02:08 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-12 02:08 - 2021-03-12 02:08 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-12 02:08 - 2021-03-12 02:08 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-12 02:08 - 2021-03-12 02:08 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-12 02:08 - 2021-03-12 02:08 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-12 02:08 - 2021-03-12 02:08 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-12 02:08 - 2021-03-12 02:08 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-12 02:08 - 2021-03-12 02:08 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-12 02:08 - 2021-03-12 02:08 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-12 02:07 - 2021-03-12 02:07 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-12 02:07 - 2021-03-12 02:07 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-12 02:07 - 2021-03-12 02:07 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-12 02:07 - 2021-03-12 02:07 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-12 02:07 - 2021-03-12 02:07 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-12 02:07 - 2021-03-12 02:07 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-12 02:06 - 2021-03-12 02:06 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-12 02:06 - 2021-03-12 02:06 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-12 02:06 - 2021-03-12 02:06 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-12 02:06 - 2021-03-12 02:06 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-12 02:06 - 2021-03-12 02:06 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-12 02:06 - 2021-03-12 02:06 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 02:05 - 2021-03-12 02:05 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-03-12 02:05 - 2021-03-12 02:05 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-12 02:05 - 2021-03-12 02:05 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-12 02:04 - 2021-03-12 02:04 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-12 02:03 - 2021-03-12 02:03 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-12 02:03 - 2021-03-12 02:03 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-12 02:03 - 2021-03-12 02:03 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-12 02:03 - 2021-03-12 02:03 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-03-12 02:03 - 2021-03-12 02:03 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-03-12 02:02 - 2021-03-12 02:02 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-12 02:02 - 2021-03-12 02:02 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-12 02:01 - 2021-03-12 02:01 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-12 02:01 - 2021-03-12 02:01 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-12 02:01 - 2021-03-12 02:01 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-12 02:01 - 2021-03-12 02:01 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-12 02:01 - 2021-03-12 02:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-12 02:01 - 2021-03-12 02:01 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-12 02:01 - 2021-03-12 02:01 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-03-12 02:01 - 2021-03-12 02:01 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-12 02:01 - 2021-03-12 02:01 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-12 02:01 - 2021-03-12 02:01 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-12 02:00 - 2021-03-12 02:00 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-12 02:00 - 2021-03-12 02:00 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-12 02:00 - 2021-03-12 02:00 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-12 01:59 - 2021-03-12 01:59 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-03-12 01:59 - 2021-03-12 01:59 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-03-12 01:58 - 2021-03-12 01:58 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-03-12 01:58 - 2021-03-12 01:58 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-12 01:58 - 2021-03-12 01:58 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-12 01:57 - 2021-03-12 01:57 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-12 01:57 - 2021-03-12 01:57 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-12 01:57 - 2021-03-12 01:57 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-03-12 01:57 - 2021-03-12 01:57 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-03-12 01:57 - 2021-03-12 01:57 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-12 01:30 - 2021-03-12 01:30 - 012023100 _____ C:\WINDOWS\system32\korwbrkr.lex
2021-03-12 01:26 - 2021-03-12 01:26 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-03-12 01:26 - 2021-03-12 01:26 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-03-12 01:25 - 2021-03-12 23:25 - 000490424 _____ C:\WINDOWS\system32\perfh012.dat
2021-03-12 01:25 - 2021-03-12 23:25 - 000134396 _____ C:\WINDOWS\system32\perfc012.dat
2021-03-12 01:25 - 2021-03-12 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ko
2021-03-12 01:25 - 2021-03-12 01:24 - 000159618 _____ C:\WINDOWS\system32\perfi012.dat
2021-03-12 01:25 - 2021-03-12 01:24 - 000033406 _____ C:\WINDOWS\system32\perfd012.dat
2021-03-12 01:24 - 2021-03-12 01:24 - 000000000 ____D C:\WINDOWS\system32\ko
2021-03-12 01:15 - 2021-03-12 23:25 - 000721822 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-12 01:15 - 2021-03-12 23:25 - 000146848 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-12 01:15 - 2021-03-12 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-03-12 01:15 - 2021-03-12 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2021-03-12 01:15 - 2021-03-12 01:15 - 000000000 ____D C:\WINDOWS\system32\cs
2021-03-12 01:15 - 2021-03-12 01:14 - 000296964 _____ C:\WINDOWS\system32\perfi005.dat
2021-03-12 01:15 - 2021-03-12 01:14 - 000038778 _____ C:\WINDOWS\system32\perfd005.dat
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files\MSBuild
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-12 01:04 - 2021-03-12 01:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-12 00:51 - 2021-03-12 00:51 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-11 22:41 - 2021-03-12 07:40 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-10 20:45 - 2021-03-12 23:13 - 000001772 _____ C:\Users\Kopci\Desktop\Fixlog.txt
2021-03-10 20:44 - 2021-03-12 23:10 - 000000937 _____ C:\Users\Kopci\Documents\fixlist.txt
2021-03-10 10:47 - 2021-03-10 10:47 - 000000000 ___HD C:\$WinREAgent
2021-03-07 19:56 - 2021-03-07 19:56 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\santivirusclient
2021-03-07 19:32 - 2021-03-07 19:39 - 000000000 ____D C:\AdwCleaner
2021-03-07 19:28 - 2021-03-07 19:28 - 008463216 _____ (Malwarebytes) C:\Users\Kopci\Desktop\adwcleaner_8.1.exe
2021-03-06 18:22 - 2021-03-11 21:57 - 781368987 _____ C:\WINDOWS\MEMORY.DMP
2021-03-06 11:19 - 2021-03-11 22:26 - 000035648 _____ C:\Users\Kopci\Desktop\Addition.txt
2021-03-06 11:13 - 2021-03-13 01:19 - 000019071 _____ C:\Users\Kopci\Desktop\FRST.txt
2021-03-06 11:13 - 2021-03-13 01:17 - 000000000 ____D C:\FRST
2021-03-06 11:10 - 2021-03-06 11:10 - 002301440 _____ (Farbar) C:\Users\Kopci\Desktop\FRST64.exe
2021-03-03 09:25 - 2021-02-23 18:24 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-03-03 09:25 - 2021-02-23 18:24 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-03-03 09:25 - 2021-02-23 18:23 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-27 20:45 - 2021-02-27 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-27 20:44 - 2021-03-12 07:07 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-27 20:44 - 2021-02-27 20:44 - 000000000 ____D C:\Users\Kopci\AppData\Local\TaskbarSystem
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ C:\Users\Kopci\AppData\Local\partner.bmp
2021-02-27 20:43 - 2021-02-27 20:43 - 000000000 _____ C:\Users\Kopci\Downloads\LEGO Harry Potter
2021-02-27 20:42 - 2021-02-27 20:43 - 000000000 ____D C:\Program Files (x86)\ExhaustingGovernmentphoInstall
2021-02-27 20:25 - 2021-02-27 20:25 - 000000000 ____D C:\Program Files (x86)\WB Games
2021-02-27 18:13 - 2021-02-27 19:23 - 764398929 _____ C:\Users\Kopci\Downloads\LEGO.Harry.Potter.5-7.zip.part
2021-02-26 15:13 - 2021-02-28 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-21 20:25 - 2021-03-11 21:07 - 000000000 ____D C:\Users\Kopci\Desktop\random fotky xd
2021-02-15 09:00 - 2021-02-15 09:00 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_muA1SOBB4sC925lOx0QoYuFfREgy+6cQB5gAX@-SoVtX4uj4nOWPPM_k5d14e1340bf434a7_.exe
2021-02-15 08:23 - 2021-03-12 07:07 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-15 08:22 - 2021-02-15 08:23 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Zoom
2021-02-15 08:22 - 2021-02-15 08:22 - 015135752 _____ (Zoom Video Communications, Inc.) C:\Users\Kopci\Downloads\ZoomInstaller.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-13 01:16 - 2019-02-21 21:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-13 01:16 - 2016-12-25 21:35 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Mozilla
2021-03-13 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-12 23:28 - 2016-12-25 22:55 - 000000000 ____D C:\Program Files\CCleaner
2021-03-12 23:28 - 2016-12-25 09:33 - 000000000 __SHD C:\Users\Kopci\IntelGraphicsProfiles
2021-03-12 23:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-12 23:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-12 23:20 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-12 23:20 - 2017-09-03 13:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-03-12 14:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-12 13:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-12 13:16 - 2020-09-03 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-12 13:16 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-12 08:01 - 2017-10-18 22:33 - 000000000 ____D C:\Users\Kopci\AppData\Local\Packages
2021-03-12 07:59 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-12 07:50 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-12 07:46 - 2016-12-25 09:34 - 000000000 ____D C:\Users\Kopci\AppData\Local\Lenovo
2021-03-12 07:43 - 2018-07-04 19:30 - 000000000 ____D C:\ProgramData\Packages
2021-03-12 07:42 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-12 07:42 - 2017-10-19 19:48 - 000000000 ___RD C:\Users\Kopci\3D Objects
2021-03-12 07:42 - 2015-11-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-03-12 07:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-12 07:39 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-12 07:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-12 07:35 - 2016-05-28 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2021-03-12 07:30 - 2020-09-07 20:14 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-12 07:30 - 2020-09-07 20:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-03-12 07:30 - 2020-09-07 20:14 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-12 07:14 - 2020-03-14 18:25 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-03-12 07:14 - 2020-03-14 18:24 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-03-12 07:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-12 07:14 - 2017-08-16 00:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-03-12 07:14 - 2017-08-16 00:14 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-03-12 07:14 - 2017-08-16 00:13 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-03-12 07:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-12 07:11 - 2016-05-28 15:13 - 000000000 ____D C:\ProgramData\Lenovo
2021-03-12 07:10 - 2020-03-12 20:53 - 000000000 ____D C:\WINDOWS\Lenovo
2021-03-12 07:09 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-12 07:08 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-03-12 07:08 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-03-12 07:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-12 07:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-12 07:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2021-03-12 07:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-12 07:08 - 2016-05-28 15:38 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2021-03-12 07:07 - 2020-11-30 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-03-12 07:07 - 2020-09-16 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-12 07:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 07:07 - 2018-06-14 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Callisto 5 FREE
2021-03-12 07:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-12 07:07 - 2017-08-16 00:13 - 000000000 ____D C:\Program Files\Intel
2021-03-12 07:07 - 2017-05-23 08:26 - 000000000 ____D C:\Program Files\UNP
2021-03-12 07:07 - 2016-12-25 23:48 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-12 07:07 - 2016-12-25 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-12 07:07 - 2016-12-25 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-03-12 07:07 - 2016-12-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2021-03-12 07:07 - 2016-05-28 15:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-03-12 07:07 - 2016-05-28 15:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2021-03-12 07:07 - 2016-05-28 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-03-12 07:07 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-12 07:02 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2021-03-12 03:06 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-03-12 02:46 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-12 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-12 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-12 02:45 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-12 02:44 - 2020-03-07 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-03-12 02:44 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-12 02:44 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-12 02:44 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Resources
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Help
2021-03-12 02:44 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-12 02:44 - 2017-08-16 00:13 - 000000000 ____D C:\Program Files\Realtek
2021-03-12 02:44 - 2017-08-16 00:12 - 000000000 ____D C:\Program Files\Synaptics
2021-03-12 02:43 - 2017-10-18 22:34 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-12 02:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-12 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-12 02:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-12 02:21 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-12 02:21 - 2019-12-07 10:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-03-12 01:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-03-12 01:25 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-03-12 01:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-03-12 01:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-03-12 01:24 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-03-11 21:54 - 2020-04-24 10:40 - 000000000 ____D C:\Users\Kopci\Desktop\word gyby
2021-03-10 20:54 - 2020-04-29 16:29 - 000000000 ____D C:\Users\Kopci\AppData\LocalLow\Temp
2021-03-10 11:56 - 2016-12-25 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 11:52 - 2016-12-25 20:49 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-08 17:40 - 2020-04-24 10:42 - 000000000 ____D C:\Users\Kopci\Desktop\power point gyby
2021-03-07 19:40 - 2016-12-25 09:29 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Lenovo
2021-03-07 19:40 - 2016-05-28 15:07 - 000000000 ____D C:\Program Files\Lenovo
2021-03-07 19:40 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-03-06 11:09 - 2018-02-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-06 10:55 - 2017-12-31 13:21 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-05 09:13 - 2016-05-28 14:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-05 00:55 - 2020-09-23 22:08 - 000000000 ____D C:\Users\Kopci\Documents\Soubory aplikace Outlook
2021-03-04 15:26 - 2020-11-30 20:42 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\vlc
2021-02-28 13:50 - 2016-12-25 22:45 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-28 13:48 - 2016-12-25 09:43 - 000000000 ___RD C:\Users\Kopci\OneDrive
2021-02-28 13:27 - 2016-12-25 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 18:10 - 2016-12-25 21:34 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-25 13:19 - 2020-04-09 14:54 - 000002375 _____ C:\Users\Kopci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-25 13:19 - 2019-09-22 08:24 - 000002367 _____ C:\Users\Kopci\Desktop\Microsoft Teams.lnk
2021-02-24 12:05 - 2019-03-30 16:33 - 000000000 ____D C:\Users\Kopci\AppData\Roaming\Opera Software
2021-02-23 18:24 - 2017-10-11 20:21 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-16 12:17 - 2020-11-30 20:42 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
==================== Files in the root of some directories ========
2021-02-27 20:43 - 2021-02-27 20:43 - 000016438 _____ () C:\Users\Kopci\AppData\Local\partner.bmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Kopci (13-03-2021 01:32:06)
Running from C:\Users\Kopci\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2021-03-12 06:40:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3044413106-2186633788-3405021347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3044413106-2186633788-3405021347-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3044413106-2186633788-3405021347-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3044413106-2186633788-3405021347-501 - Limited - Disabled)
Kopci (S-1-5-21-3044413106-2186633788-3405021347-1001 - Administrator - Enabled) => C:\Users\Kopci
WDAGUtilityAccount (S-1-5-21-3044413106-2186633788-3405021347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1544031f-5449-4415-b577-993c2a533a1b}) (Version: 18.12.2 - Intel Corporation)
LEGO® Harry Potter™: Years 5-7 DEMO (HKLM-x32\...\{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}) (Version: 1.0.0.0 - WB Games)
Lenovo App Explorer (HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Smart Fingerprint (HKLM-x32\...\{90C700B4-BC7E-4628-867C-FC8622F0DAD9}_is1) (Version: 1.0.0.50 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 cs) (HKLM\...\Mozilla Firefox 86.0 (x64 cs)) (Version: 86.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.289.0 - )
Synaptics WBF DDK 5011 (HKLM\...\{9062E143-DEDB-4F8C-B5B8-30AEC328400C}) (Version: 4.5.289.0 - Synaptics)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-5) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.3.6) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoner Callisto 5 FREE (HKLM-x32\...\ZonerCallisto5_CZ_is1) (Version: 5.0.5000.16 - ZONER software)
Zoom (HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
엔터프라이즈용 Microsoft 365 앱 - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.13801.20266 - Microsoft Corporation)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-27] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-09-14] (Facebook Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-20] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-23] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.5.0.0_x86__g0q0z3kw54rap [2021-02-09] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Video Cutter & Compressor -> C:\Program Files\WindowsApps\24711Mixilab.VideoCutterCompressor_2.0.1.0_x64__c39s816dkej80 [2020-02-17] (Mixilab) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b9b9c39e4e2b88eb\igfxDTCM.dll [2017-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-07 14:55 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-07 14:55 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-07-22 18:44 - 2015-07-22 18:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2021-02-07 11:51 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\x64\SQLite.Interop.dll
2021-03-12 07:53 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2021-03-12 07:50 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2020-03-07 14:55 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3044413106-2186633788-3405021347-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kopci\Desktop\wallpapeeeerssss\se tapetaaa.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{23EF5EFB-4937-4094-86D4-79651D8FA6AC}] => (Allow) C:\Users\Kopci\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3C91C35D-CF09-4B89-A2F9-496BCD4C5FC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52F50906-5B06-49A5-A2A8-5CEF642296F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE2A0697-105E-4BC8-B9C0-88C093B47194}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5C00E400-1F11-4A32-9C97-CA6A36A3D513}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50CA1968-0700-4017-A21E-AA22004B35AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{ACB65E45-6819-4891-8ED4-60649491935B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{35063B0C-4953-459D-A405-8B78D49C101E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5DB4350-2CE3-4965-AE72-9C796FB7DA4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DC50887B-05F7-4502-9AB3-EC14784DE52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8C71CC94-352E-4648-AC9E-E53D00F37F6A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{0393F908-183C-4CE0-BD79-793DE565E783}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9DB305C-E233-46A8-A2B3-C5F7C604E273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1812297-088D-4302-AC15-1B0F987743EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27EE67D4-5A5B-4368-95D4-2BAF4BF405D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4A54488B-5F00-4C81-8E84-D1CA8FF403E8}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FFAFE8E1-E8F4-4149-B310-66C5096038B9}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{351BA8B9-0251-45E4-8A68-37460447537D}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{1EFA947E-0003-4D2B-B77A-B158399053F4}C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\kopci\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
12-03-2021 13:12:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/12/2021 11:14:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (03/12/2021 07:53:26 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/12/2021 07:50:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (03/12/2021 07:49:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 10.0.19041.844 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1b30
Čas spuštění: 01d7170b8d003ebf
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
ID hlášení: 9db44b29-d628-4099-ba24-75b4533700d8
Úplný název balíčku s chybou: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: WindowsDefaultLockScreen
Typ zablokování: Cross-thread
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí IntelWLANEventProvider se pokusil zaregistrovat dotaz select * from CIntelQosEvent, jehož cílová třída CIntelQosEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí IntelWLANEventProvider se pokusil zaregistrovat dotaz select * from CIntelDot1xEvent, jehož cílová třída CIntelDot1xEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí IntelWLANEventProvider se pokusil zaregistrovat dotaz select * from CIntelWLANEvent, jehož cílová třída CIntelWLANEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
Error: (03/12/2021 07:28:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz select * from CIntelQosEvent, jehož cílová třída CIntelQosEvent v oboru názvů //./ROOT/default neexistuje. Dotaz bude ignorován.
System errors:
=============
Error: (03/12/2021 11:33:14 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/12/2021 11:28:27 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/12/2021 11:19:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll
Error: (03/12/2021 11:19:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll
Error: (03/12/2021 11:18:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll
Error: (03/12/2021 11:18:55 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HH1EQN5N)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/12/2021 11:12:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (03/12/2021 11:12:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology byla neočekávaně ukončena. Tento stav nastal již 1krát.
==================== Memory info ===========================
BIOS: LENOVO D7CN33WW(V3.06) 10/11/2016
Motherboard: LENOVO Lenovo E51-80
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 70%
Total physical RAM: 3954.76 MB
Available physical RAM: 1160.37 MB
Total Virtual: 9074.76 MB
Available Virtual: 4410.55 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:884.23 GB) (Free:740.47 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.91 GB) NTFS
\\?\Volume{6c3fa5a0-0174-47ec-9620-50fa9d879456}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{e5a533a5-59c4-46c1-a763-e04321dd8ea9}\ (LENOVO_PART) (Fixed) (Total:20.06 GB) (Free:8.52 GB) NTFS
\\?\Volume{d776d5a8-d836-456e-bd52-14bf61297784}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6199B984)
Partition: GPT.
==================== End of Addition.txt =======================
Re: Prosím o kontrolu - viz log z FRST
Fuha, super. Uz je to ciste.
Urobime posledne docistenie zbytocnosti:
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Pocitac sa restartovat nebude.
Nemate nainstalovany ziaden antivirus. Doporucujem nainstalovat AntiVirus - Avira.
Urobime posledne docistenie zbytocnosti:
Do poznamkoveho bloku skopirujte obsah dole:
Kód: Vybrat vše
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Pocitac sa restartovat nebude.
Nemate nainstalovany ziaden antivirus. Doporucujem nainstalovat AntiVirus - Avira.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu - viz log z FRST
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2021
Ran by Kopci (13-03-2021 19:11:41) Run:3
Running from C:\Users\Kopci\Desktop
Loaded Profiles: defaultuser0 & Kopci
Boot Mode: Normal
==============================================
fixlist content:
*****************
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
*****************
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
==== End of Fixlog 19:11:41 ====
Ran by Kopci (13-03-2021 19:11:41) Run:3
Running from C:\Users\Kopci\Desktop
Loaded Profiles: defaultuser0 & Kopci
Boot Mode: Normal
==============================================
fixlist content:
*****************
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
CustomCLSID: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Kopci\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
IE trusted site: HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\...\sharepoint.com -> hxxps://gyby-files.sharepoint.com
*****************
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-3044413106-2186633788-3405021347-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
==== End of Fixlog 19:11:41 ====
Přispějete na provoz fóra?