VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021
Ran by MoniX (administrator) on LAPTOP-RCOAIGT2 (LENOVO 80T3) (24-01-2021 13:05:53)
Running from F:\PROGFILE\1 POMOC
Loaded Profiles: MoniX
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHeciSvc.exe
(LENOVO -> ) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\MoniX\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-12-27] (LENOVO -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> )
HKLM-x32\...\Run: [OneLinkManager] => C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe [1083904 2015-05-30] () [File not signed]
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MoniX\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)

________
________
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021
Ran by MoniX (24-01-2021 13:00:22)
Running from F:\PROGFILE\1 POMOC
Windows 10 Pro Version 2004 19041.746 (X64) (2020-10-23 00:07:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2055380405-3380175527-2212886683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2055380405-3380175527-2212886683-503 - Limited - Disabled)
Guest (S-1-5-21-2055380405-3380175527-2212886683-501 - Limited - Disabled)
MoniX (S-1-5-21-2055380405-3380175527-2212886683-1001 - Administrator - Enabled) => C:\Users\MoniX
WDAGUtilityAccount (S-1-5-21-2055380405-3380175527-2212886683-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Auto Mouse Mover v9.1 (HKLM-x32\...\{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1) (Version: 9.1 - MurGee.com)
Castle Attack 2 v1.00 (HKLM-x32\...\Castle Attack 2) (Version: - )
CCSDK Customer Engagement Service (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.3.0.3 - Lenovo)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1326.26 - Sonix)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
Free ZIP File Opener (HKLM-x32\...\{00A882CD-7E60-4A01-BCEC-AB71D21F4D53}) (Version: 1.0.1 - Powerful Utilities)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft 365 -sovellukset yrityksille - fi-fi (HKLM\...\O365BusinessRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office 2016 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - fi-fi (HKLM\...\HomeStudentRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
OpenVPN Connect (HKLM-x32\...\{8B4BC420-3DCB-4018-A345-B24F7DBC30C3}) (Version: 2.6.0.100 - OpenVPN Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{4151AAE1-FD6C-4D49-BA0F-79212F960797}) (Version: 4.5.510.0 - Synaptics)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
ThinkPad OneLink Plus Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.10.10 - Lenovo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WiFi Password Revealer (HKLM-x32\...\WiFi Password Revealer_is1) (Version: 1.0.0.7 - Magical Jelly Bean)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-11] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.185.400.0_x86__kgqvnymyfvs32 [2021-01-23] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-18] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-10-12] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2021-01-09] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.3.1.1_x86__h6adky7gbf63m [2021-01-14] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Studios)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MoniX\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxDTCM.dll [2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MoniX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-09-16 20:20 - 2017-09-16 20:20 - 000091648 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001016832 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 000046592 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001411072 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000071168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\bz2.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000061952 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000009728 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000039936 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2018-06-08 09:40 - 2018-06-08 09:40 - 000005120 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
2017-09-16 20:20 - 2017-09-16 20:20 - 000144384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000006656 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2017-12-19 17:51 - 2017-12-19 17:51 - 000396288 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom27.dll
2017-12-19 17:50 - 2017-12-19 17:50 - 000109056 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes27.dll
2017-09-16 20:20 - 2017-09-16 20:20 - 000010240 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000026624 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2018-06-08 09:48 - 2018-06-08 09:48 - 000007168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000687104 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000099840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2017-12-19 17:52 - 2017-12-19 17:52 - 000360448 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000017408 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000118784 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000166912 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000023040 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000035840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000016384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000107520 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000041472 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000021504 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000019456 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 002645504 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\PYTHON27.DLL
2020-08-14 08:56 - 2020-05-30 19:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-12-21 18:12 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-19 16:27 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 001260544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\LIBEAY32.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?khjfsy
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\sharepoint.com -> hxxps://jonckerstrans-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-03-15 23:14 - 000001029 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.ovpn.jonckers.eu

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MoniX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "OneLinkManager"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "haozipcd"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2FF1A24A-2D25-4F44-8204-3606937260CF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3E798486-17A4-43C2-A9B6-6F50055E05E8}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{662C9395-628E-4417-8CC1-D838A6494EA3}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{58F54A81-C9EC-46BE-807E-905AEF0E4C84}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{95AF8B88-9E47-478C-9EB5-41514279285D}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{8BF91EC4-94E9-40B8-9FDF-AD93E590BD66}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{FC5E69A0-8D97-4FE1-966C-C4FFA720FBD7}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{858D58FE-84C1-4299-B360-A4C016F9F5AF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC035B2D-4E2D-47AD-B58F-A2B597317591}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D2F2C8A-E50C-4B06-AC3A-DD9CA5DD67D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{47FAFF35-3BAC-4DA8-B743-BF44941E7B10}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F12F379-1763-4984-A678-8316D9860E31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{449D5906-0A43-4365-A12E-DEED95D06F9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3271CAF1-708A-4EF1-A9B1-3331961C1257}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21261109-59B7-4CA3-947B-24D5531218B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EEF4FF8-D6B5-4006-B730-C1B8AB8F83F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A0B8A97-768E-4D67-9177-F0534BD0ED37}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2992FF85-F7E6-416B-B25A-49889964B971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06BAD01F-AA21-49B0-A8CA-E50C93D0EA32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6D2A3ED-D797-43F8-98A9-8D97E26378A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C0011215-7121-4BBA-A15A-3A3D565ED9DF}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{B17A0903-8693-4A0F-B4BD-22584C25F390}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

14-01-2021 21:26:36 Inštalátor modulov systému Windows
22-01-2021 15:32:47 Scheduled Checkpoint
24-01-2021 12:15:53 Removed McAfee Safe Connect

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/24/2021 12:29:07 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-RCOAIGT2$ via https://INTC-KeyId-5e73c89aa3e902b272b9 ... s/Aik/scep failed:

GetCACaps

Method: GET(6047ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/24/2021 12:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: RecoverKeys.exe, verzia: 0.0.0.0, časová značka: 0x535e2dd2
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.662, časová značka: 0x5f641e44
Kód výnimky: 0xc0000005
Odstup chyby: 0x000489f1
Identifikácia chybujúceho procesu: 0x11bc
Čas spustenia chybujúcej aplikácie: 0x01d6f24343c87488
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Recover Keys\RecoverKeys.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 1cc63297-0ebd-4a6a-a240-2827cfb5aca0
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:22:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: splwow64.exe, verzia: 10.0.19041.746, časová značka: 0xbe227c8d
Názov chybujúceho modulu: iertutil.dll, verzia: 11.0.19041.746, časová značka: 0x5c9bbe7d
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000199d3
Identifikácia chybujúceho procesu: 0x4418
Čas spustenia chybujúcej aplikácie: 0x01d6f2434402f4a8
Cesta chybujúcej aplikácie: C:\Windows\splwow64.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\iertutil.dll
Identifikácia hlásenia: efc0c453-824f-4293-a53a-ddc54b1cc8d1
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: RecoverKeys.exe, verzia: 0.0.0.0, časová značka: 0x535e2dd2
Názov chybujúceho modulu: DevDispItemProvider.dll, verzia: 10.0.19041.546, časová značka: 0x3fccdeb3
Kód výnimky: 0xc0000005
Odstup chyby: 0x000093b2
Identifikácia chybujúceho procesu: 0xf18
Čas spustenia chybujúcej aplikácie: 0x01d6f242d4cddcf1
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Recover Keys\RecoverKeys.exe
Cesta chybujúceho modulu: C:\Windows\System32\DevDispItemProvider.dll
Identifikácia hlásenia: b32c77e2-044c-4b77-a9c2-ca35504a0e55
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:19:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: splwow64.exe, verzia: 10.0.19041.746, časová značka: 0xbe227c8d
Názov chybujúceho modulu: iertutil.dll, verzia: 11.0.19041.746, časová značka: 0x5c9bbe7d
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000199d3
Identifikácia chybujúceho procesu: 0x1a40
Čas spustenia chybujúcej aplikácie: 0x01d6f242d6b745ba
Cesta chybujúcej aplikácie: C:\Windows\splwow64.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\iertutil.dll
Identifikácia hlásenia: 31a1f7dc-9acf-43b3-a968-7c7ecaa3489b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:15:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/24/2021 12:15:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/24/2021 12:15:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (01/24/2021 12:34:18 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume93

Error: (01/24/2021 12:29:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Presentation Foundation Font Cache 3.0.0.0 zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (01/24/2021 12:29:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Windows Presentation Foundation Font Cache 3.0.0.0 bol dosiahnutý časový limit (30000 ms).

Error: (01/24/2021 11:22:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby BFE bol dosiahnutý časový limit (30000 ms).

Error: (01/24/2021 11:21:58 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume93

Error: (01/24/2021 11:21:46 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.4 with the system
having network hardware address 18-F0-E4-FA-50-B3. Network operations on this system may
be disrupted as a result.

Error: (01/23/2021 01:56:05 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume83

Error: (01/21/2021 03:22:19 PM) (Source: DCOM) (EventID: 10029) (User: LAPTOP-RCOAIGT2)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.


Windows Defender:
===================================
Date: 2021-01-12 22:18:11.3550000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {87A89A29-A0DB-4B0B-8EA2-C8601FBAEC4B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-10 20:14:48.8460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {8D038AEA-2FDC-4C59-BA07-818C14FED8B5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 00:30:14.9530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {FDC37265-8C99-4F4F-8FDA-9ACE8F29A49A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 23:55:34.7470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F7F744FF-8972-436C-B6EC-EFCC5A4168A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-30 23:41:42.3870000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {365BF01B-0A0F-4C03-914E-C574759ABABB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 23:44:35.2670000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2185.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2021-01-12 21:33:49.2170000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-01-12 21:33:48.8460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:12:21.2650000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:06:20.6640000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070050
Error description: The file exists.

CodeIntegrity:
===================================

Date: 2021-01-24 11:41:25.1790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:41:24.1390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:24:05.0390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:56.9460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:29.9790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9480000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9330000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 2WCN33WW 10/18/2017
Motherboard: LENOVO
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 88%
Total physical RAM: 3990.85 MB
Available physical RAM: 476.61 MB
Total Virtual: 7190.85 MB
Available Virtual: 2707.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:892.22 GB) (Free:783.51 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.9 GB) NTFS
Drive f: (MATRIX) (Removable) (Total:117.14 GB) (Free:7.43 GB) exFAT

\\?\Volume{79f63d4e-622b-450a-abc2-5f30a885b961}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{26c05541-e5be-4d3d-99d5-94204b82d63f}\ (LENOVO_PART) (Fixed) (Total:12.07 GB) (Free:1.82 GB) NTFS
\\?\Volume{96bb8403-3b71-49f1-8e28-36fdbc424ff8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C1CF027A)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 117.2 GB) (Disk ID: EF031357)
Partition 1: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-24-2021
# Duration: 00:00:45
# OS: Windows 10 Pro
# Scanned: 31956
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoCCSDK Folder C:\Program Files (x86)\LENOVO\CCSDK
Preinstalled.LenovoCCSDK Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{67827BB6-4B05-6181-921A-E49FC484E859}
Preinstalled.LenovoCCSDK Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\MoniX\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoUtility Folder C:\Program Files\LENOVO\LENOVOUTILITY
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}
Preinstalled.LenovoUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

poprosim o nove logy FRST + ADDITION

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021
Ran by MoniX (administrator) on LAPTOP-RCOAIGT2 (LENOVO 80T3) (24-01-2021 14:07:50)
Running from F:\PROGFILE\1 POMOC\FRST
Loaded Profiles: MoniX
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\MoniX\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> )
HKLM-x32\...\Run: [OneLinkManager] => C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe [1083904 2015-05-30] () [File not signed]
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MoniX\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {213D2771-F41E-4818-BF0D-06AE3EA0E476} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24A612BB-A09E-44DC-8B01-7BDECE162F08} - \Lenovo\ImController\TimeBasedEvents\db81d42a-de58-4bc2-987c-a92249b056f2 -> No File <==== ATTENTION
Task: {3338685D-BD43-4E24-B98A-FD7A80266BD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-21] (Google Inc -> Google Inc.)
Task: {3356D2D6-2241-40E7-B63B-ECC5F13B0B02} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {563A0E1B-050B-4177-BA36-46EAB9040AFB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B378C92-9CC5-45E6-91A2-02AC2872A8D0} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {5BA12115-C87D-4828-9B8B-BA085F470751} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C5DD3D9-0DEC-4284-B703-DC2E858D5721} - \Lenovo\ImController\TimeBasedEvents\68bda5d2-b66d-4ecc-820f-f7069c3708ef -> No File <==== ATTENTION
Task: {7E1527E7-31A9-416E-8958-2044A68D328B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-21] (Google Inc -> Google Inc.)
Task: {7E15F5EE-4890-4ABF-8312-5B4B886A4007} - \Lenovo\ImController\TimeBasedEvents\5fecf72c-5820-43d8-af58-0076a8de13d7 -> No File <==== ATTENTION
Task: {8C081069-B500-4EB1-8CB5-0E1B97C20676} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {8ED3F3C6-057B-4EBF-BDEC-C0E2203E999B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9370EE2F-B46D-4474-9BE9-64026C8B1C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {98BD469D-1B24-46C4-B0D5-221C6FB5B66E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1161112 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FEEE4FF-D186-48A8-B58E-4B4ADF72CAE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE6628E8-24BD-43DB-8BAE-F1504C310435} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {B1E4752C-E38F-45EE-85E7-E13021BC80CB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAC5427D-2863-4E8A-8FE7-942CD4A3D06C} - \Lenovo\ImController\TimeBasedEvents\4dbe5eb3-ba31-4140-9dc3-62dcb3e366be -> No File <==== ATTENTION
Task: {D452A145-146B-4807-AB9F-5D1844EBF4A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D86B8310-E46B-4896-8308-9894F9F1CA7E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
Task: {D8D8AC1E-ACB0-4B29-9723-9DD6C638005F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {EDE6FED2-7B13-4869-89AF-B760967D3FF0} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {FF82A818-9B28-4E00-8AD3-9B7234BE956D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0221f867-3f1e-464b-9c8b-9ee5ff4aa8f3}: [DhcpNameServer] 147.251.210.1
Tcpip\..\Interfaces\{79a0a509-2cbc-4328-bd1a-4af91d41094c}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\MoniX\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-16]

FireFox:
========
FF DefaultProfile: r12vxv9i.default
FF ProfilePath: C:\Users\MoniX\AppData\Roaming\Mozilla\Firefox\Profiles\r12vxv9i.default [2021-01-24]
FF Notifications: Mozilla\Firefox\Profiles\r12vxv9i.default -> hxxps://www.facebook.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2018-01-01] (Adobe Systems Incorporated -> )
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2018-01-01] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default [2021-01-24]
CHR Notifications: Default -> hxxps://www.esky.sk; hxxps://www.facebook.com; hxxps://www.kiwi.com; hxxps://www.netflix.com
CHR Extension: (Slides) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]
CHR Extension: (Docs) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]
CHR Extension: (Google Drive) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-21]
CHR Extension: (Adobe Acrobat) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-17]
CHR Extension: (Sheets) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-16]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Gmail) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960904 2021-01-03] (Microsoft Corporation -> Microsoft Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] (Dolby Laboratories, Inc. -> )
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-23] (LENOVO -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe [18360 2020-07-09] (Lenovo -> Lenovo Group Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [23552 2018-06-08] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2021-01-24] (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snp2uvcW10.sys [1708640 2017-01-19] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 13:41 - 2021-01-24 13:43 - 000000000 ____D C:\AdwCleaner
2021-01-24 12:50 - 2021-01-24 14:09 - 000000000 ____D C:\FRST
2021-01-24 12:50 - 2021-01-24 12:50 - 000000000 ____D C:\Users\MoniX\AppData\Local\mbam
2021-01-24 12:49 - 2021-01-24 12:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-24 12:23 - 2021-01-24 12:23 - 000013551 _____ C:\Users\MoniX\Desktop\LAPTOP-RCOAIGT2.xls
2021-01-24 12:20 - 2021-01-24 12:20 - 000001288 _____ C:\Users\MoniX\Desktop\LAPTOP-RCOAIGT2.txt
2021-01-24 12:13 - 2021-01-24 12:40 - 000000000 ____D C:\PROG FILE
2021-01-24 11:54 - 2021-01-24 12:12 - 000000000 ____D C:\Users\MoniX\AppData\Roaming\Geek Uninstaller
2021-01-17 12:32 - 2021-01-24 13:18 - 000000000 ____D C:\Users\MoniX\AppData\Local\CrashDumps
2021-01-16 14:02 - 2021-01-16 14:02 - 000000440 _____ C:\Users\MoniX\Desktop\Tento počítač - odkaz.lnk
2021-01-16 13:47 - 2021-01-16 14:05 - 000000000 ____D C:\Users\MoniX\Documents\KNIHY
2021-01-16 13:33 - 2021-01-22 17:20 - 000000000 ____D C:\Users\MoniX\Downloads\Install_SW
2021-01-16 13:10 - 2021-01-16 13:10 - 000000000 ____D C:\Users\MoniX\AppData\Roaming\Spotify
2021-01-16 12:41 - 2021-01-24 12:27 - 000000000 ____D C:\ProgramData\Avast Software
2021-01-16 11:58 - 2021-01-24 12:32 - 000092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2021-01-14 23:50 - 2021-01-14 23:50 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-14 23:50 - 2021-01-14 23:50 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-14 23:50 - 2021-01-14 23:50 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-14 23:49 - 2021-01-14 23:49 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-14 23:49 - 2021-01-14 23:49 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-14 23:49 - 2021-01-14 23:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-14 23:48 - 2021-01-14 23:48 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-14 23:48 - 2021-01-14 23:48 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-14 23:48 - 2021-01-14 23:48 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-14 23:48 - 2021-01-14 23:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-14 23:48 - 2021-01-14 23:48 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-14 23:48 - 2021-01-14 23:48 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-14 23:47 - 2021-01-14 23:47 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-14 23:46 - 2021-01-14 23:46 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-14 23:46 - 2021-01-14 23:46 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-14 23:46 - 2021-01-14 23:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-14 23:46 - 2021-01-14 23:46 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-14 23:45 - 2021-01-14 23:45 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-14 23:45 - 2021-01-14 23:45 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-14 23:44 - 2021-01-14 23:44 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-14 23:44 - 2021-01-14 23:44 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-14 23:43 - 2021-01-14 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-14 23:43 - 2021-01-14 23:43 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-14 23:42 - 2021-01-14 23:42 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-14 23:42 - 2021-01-14 23:42 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-14 23:41 - 2021-01-14 23:41 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-14 22:26 - 2021-01-14 22:26 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-14 22:24 - 2021-01-14 22:24 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-14 22:23 - 2021-01-14 22:23 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-14 22:23 - 2021-01-14 22:23 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-14 22:23 - 2021-01-14 22:23 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-14 22:23 - 2021-01-14 22:23 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-14 22:22 - 2021-01-14 22:22 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-14 22:22 - 2021-01-14 22:22 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-14 22:21 - 2021-01-14 22:21 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-14 22:20 - 2021-01-14 22:20 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-14 22:20 - 2021-01-14 22:20 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 22:20 - 2021-01-14 22:20 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-14 22:20 - 2021-01-14 22:20 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-14 22:20 - 2021-01-14 22:20 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 13:53 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-24 13:53 - 2017-10-12 15:34 - 000000000 __SHD C:\Users\MoniX\IntelGraphicsProfiles
2021-01-24 13:52 - 2020-10-23 01:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 13:52 - 2020-10-23 00:27 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 13:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-24 13:52 - 2017-10-12 19:04 - 000000000 ____D C:\ProgramData\Synaptics
2021-01-24 13:51 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-24 13:49 - 2020-10-23 01:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-01-24 13:49 - 2020-03-15 16:56 - 000000000 ____D C:\WINDOWS\Lenovo
2021-01-24 13:49 - 2017-10-18 18:33 - 000000000 ____D C:\Users\MoniX\AppData\Local\Lenovo
2021-01-24 13:49 - 2016-12-27 17:03 - 000000000 ____D C:\Program Files\Lenovo
2021-01-24 13:49 - 2016-12-27 17:03 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-01-24 13:38 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-24 12:34 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-24 12:29 - 2020-10-23 00:39 - 000000000 ____D C:\Users\MoniX
2021-01-24 12:12 - 2016-12-27 16:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-01-24 12:07 - 2018-01-30 08:41 - 000000000 ____D C:\Users\MoniX\AppData\Roaming\CyberLink
2021-01-24 12:07 - 2016-12-27 16:50 - 000000000 ____D C:\ProgramData\Temp
2021-01-24 12:07 - 2016-12-27 16:50 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2021-01-24 12:07 - 2016-12-27 16:50 - 000000000 ____D C:\ProgramData\CyberLink
2021-01-24 12:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 12:01 - 2017-10-22 12:56 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-24 11:25 - 2020-10-05 17:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 11:21 - 2020-10-23 00:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-23 14:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-22 17:20 - 2020-10-23 19:25 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a8cdf160c804
2021-01-22 17:20 - 2020-10-23 01:06 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-01-22 17:20 - 2020-10-23 01:06 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-22 17:20 - 2020-10-23 01:06 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-22 17:20 - 2020-10-23 01:06 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-22 17:20 - 2020-10-23 01:06 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-22 17:20 - 2020-10-23 01:06 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-22 17:20 - 2020-10-23 01:06 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2055380405-3380175527-2212886683-1001
2021-01-22 17:20 - 2020-10-23 01:06 - 000002476 _____ C:\WINDOWS\system32\Tasks\CLMLSvc_P2G8
2021-01-22 11:12 - 2020-06-20 10:39 - 000002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-22 11:12 - 2020-06-20 10:39 - 000002272 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-22 11:12 - 2020-06-20 10:39 - 000002272 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-18 10:19 - 2020-10-23 00:52 - 001836076 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-18 10:19 - 2020-10-23 00:36 - 000707688 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-18 10:19 - 2020-10-23 00:36 - 000145036 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-18 10:19 - 2019-08-30 01:08 - 000132210 _____ C:\WINDOWS\system32\perfh01B.dat
2021-01-18 10:19 - 2019-08-30 01:08 - 000028230 _____ C:\WINDOWS\system32\perfc01B.dat
2021-01-18 10:11 - 2020-10-23 00:28 - 000436096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-18 10:04 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-18 10:04 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-18 10:03 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-18 10:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-17 14:49 - 2017-10-12 20:07 - 000000000 ____D C:\Users\MoniX\AppData\Local\GHISLER
2021-01-16 13:58 - 2018-09-03 18:38 - 000000000 ____D C:\Users\MoniX\Documents\My Received Files
2021-01-16 13:53 - 2018-10-21 16:50 - 000000000 ____D C:\Users\MoniX\Desktop\SKOLA
2021-01-16 13:42 - 2017-11-29 00:58 - 000000000 ____D C:\Users\MoniX\AppData\Local\Packages
2021-01-16 12:07 - 2020-09-25 19:20 - 000000000 ___DC C:\WINDOWS\Panther
2021-01-16 11:57 - 2016-12-27 16:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-01-16 11:48 - 2017-10-12 15:35 - 000000000 ____D C:\Users\MoniX\AppData\Local\VirtualStore
2021-01-15 19:14 - 2018-06-16 23:18 - 000000000 ____D C:\Users\MoniX\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 00:05 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-14 22:19 - 2020-10-23 00:33 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 22:38 - 2017-10-15 12:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-12 22:28 - 2017-10-15 12:27 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-11 23:03 - 2017-10-21 18:41 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 19:45 - 2020-08-14 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

==================== Files in the root of some directories ========

2018-01-13 13:09 - 2018-01-13 13:09 - 007649280 _____ () C:\Program Files (x86)\GUT4CBC.tmp
2018-02-17 19:26 - 2018-02-17 19:26 - 000000514 _____ () C:\Users\MoniX\AppData\Roaming\6Free ZIP File Opener

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

---------
-----------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021
Ran by MoniX (24-01-2021 14:17:09)
Running from F:\PROGFILE\1 POMOC\FRST
Windows 10 Pro Version 2004 19041.746 (X64) (2020-10-23 00:07:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2055380405-3380175527-2212886683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2055380405-3380175527-2212886683-503 - Limited - Disabled)
Guest (S-1-5-21-2055380405-3380175527-2212886683-501 - Limited - Disabled)
MoniX (S-1-5-21-2055380405-3380175527-2212886683-1001 - Administrator - Enabled) => C:\Users\MoniX
WDAGUtilityAccount (S-1-5-21-2055380405-3380175527-2212886683-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Auto Mouse Mover v9.1 (HKLM-x32\...\{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1) (Version: 9.1 - MurGee.com)
Castle Attack 2 v1.00 (HKLM-x32\...\Castle Attack 2) (Version: - )
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1326.26 - Sonix)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
Free ZIP File Opener (HKLM-x32\...\{00A882CD-7E60-4A01-BCEC-AB71D21F4D53}) (Version: 1.0.1 - Powerful Utilities)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft 365 -sovellukset yrityksille - fi-fi (HKLM\...\O365BusinessRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office 2016 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - fi-fi (HKLM\...\HomeStudentRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
OpenVPN Connect (HKLM-x32\...\{8B4BC420-3DCB-4018-A345-B24F7DBC30C3}) (Version: 2.6.0.100 - OpenVPN Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{4151AAE1-FD6C-4D49-BA0F-79212F960797}) (Version: 4.5.510.0 - Synaptics)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
ThinkPad OneLink Plus Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.10.10 - Lenovo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WiFi Password Revealer (HKLM-x32\...\WiFi Password Revealer_is1) (Version: 1.0.0.7 - Magical Jelly Bean)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-11] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.185.400.0_x86__kgqvnymyfvs32 [2021-01-23] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-18] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-10-12] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2021-01-09] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.3.1.1_x86__h6adky7gbf63m [2021-01-14] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Studios)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MoniX\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxDTCM.dll [2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MoniX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-09-16 20:20 - 2017-09-16 20:20 - 000091648 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001016832 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 000046592 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001411072 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000071168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\bz2.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000061952 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000009728 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000039936 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000144384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000006656 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2017-12-19 17:51 - 2017-12-19 17:51 - 000396288 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom27.dll
2017-12-19 17:50 - 2017-12-19 17:50 - 000109056 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes27.dll
2017-09-16 20:20 - 2017-09-16 20:20 - 000010240 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000026624 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2018-06-08 09:48 - 2018-06-08 09:48 - 000007168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000687104 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000099840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2017-12-19 17:52 - 2017-12-19 17:52 - 000360448 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000017408 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000118784 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000023040 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000035840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000016384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000107520 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000041472 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000021504 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000019456 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 002645504 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\PYTHON27.DLL
2020-08-14 08:56 - 2020-05-30 19:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 001260544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\LIBEAY32.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\sharepoint.com -> hxxps://jonckerstrans-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-03-15 23:14 - 000001029 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.ovpn.jonckers.eu

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MoniX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "OneLinkManager"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "haozipcd"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2FF1A24A-2D25-4F44-8204-3606937260CF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3E798486-17A4-43C2-A9B6-6F50055E05E8}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{662C9395-628E-4417-8CC1-D838A6494EA3}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{58F54A81-C9EC-46BE-807E-905AEF0E4C84}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{95AF8B88-9E47-478C-9EB5-41514279285D}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{8BF91EC4-94E9-40B8-9FDF-AD93E590BD66}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{FC5E69A0-8D97-4FE1-966C-C4FFA720FBD7}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{858D58FE-84C1-4299-B360-A4C016F9F5AF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC035B2D-4E2D-47AD-B58F-A2B597317591}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D2F2C8A-E50C-4B06-AC3A-DD9CA5DD67D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{47FAFF35-3BAC-4DA8-B743-BF44941E7B10}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F12F379-1763-4984-A678-8316D9860E31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{449D5906-0A43-4365-A12E-DEED95D06F9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3271CAF1-708A-4EF1-A9B1-3331961C1257}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21261109-59B7-4CA3-947B-24D5531218B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EEF4FF8-D6B5-4006-B730-C1B8AB8F83F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A0B8A97-768E-4D67-9177-F0534BD0ED37}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2992FF85-F7E6-416B-B25A-49889964B971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06BAD01F-AA21-49B0-A8CA-E50C93D0EA32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6D2A3ED-D797-43F8-98A9-8D97E26378A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C0011215-7121-4BBA-A15A-3A3D565ED9DF}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{B17A0903-8693-4A0F-B4BD-22584C25F390}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

14-01-2021 21:26:36 Inštalátor modulov systému Windows
22-01-2021 15:32:47 Scheduled Checkpoint
24-01-2021 12:15:53 Removed McAfee Safe Connect
24-01-2021 13:47:11 AdwCleaner_BeforeCleaning_24/01/2021_13:47:05

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/24/2021 01:53:27 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\LAPTOP-RCOAIGT2$ via https://INTC-KeyId-5e73c89aa3e902b272b9 ... s/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request: 0x80070057."}
HTTP/1.1 400 Bad Request
Date: Sun, 24 Jan 2021 12:53:27 GMT
Content-Length: 86
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bbeb7403-a346-4041-af8c-fc16510faf63

Method: POST(6844ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (01/24/2021 01:46:07 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:46:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:47 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.


System errors:
=============
Error: (01/24/2021 02:07:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:55:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby CCSDK zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:53:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:53:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Presentation Foundation Font Cache 3.0.0.0 zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (01/24/2021 01:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Windows Presentation Foundation Font Cache 3.0.0.0 bol dosiahnutý časový limit (30000 ms).

Error: (01/24/2021 01:52:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2021-01-12 22:18:11.3550000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {87A89A29-A0DB-4B0B-8EA2-C8601FBAEC4B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-10 20:14:48.8460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {8D038AEA-2FDC-4C59-BA07-818C14FED8B5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 00:30:14.9530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {FDC37265-8C99-4F4F-8FDA-9ACE8F29A49A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 23:55:34.7470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F7F744FF-8972-436C-B6EC-EFCC5A4168A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-30 23:41:42.3870000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {365BF01B-0A0F-4C03-914E-C574759ABABB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 23:44:35.2670000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2185.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2021-01-12 21:33:49.2170000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-01-12 21:33:48.8460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:12:21.2650000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:06:20.6640000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070050
Error description: The file exists.

CodeIntegrity:
===================================

Date: 2021-01-24 11:41:25.1790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:41:24.1390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:24:05.0390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:56.9460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:29.9790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9480000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9330000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 2WCN33WW 10/18/2017
Motherboard: LENOVO
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 80%
Total physical RAM: 3990.85 MB
Available physical RAM: 764.52 MB
Total Virtual: 7190.85 MB
Available Virtual: 3231.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:892.22 GB) (Free:783.23 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.9 GB) NTFS
Drive f: (MATRIX) (Removable) (Total:117.14 GB) (Free:7.41 GB) exFAT

\\?\Volume{79f63d4e-622b-450a-abc2-5f30a885b961}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{26c05541-e5be-4d3d-99d5-94204b82d63f}\ (LENOVO_PART) (Fixed) (Total:12.07 GB) (Free:1.82 GB) NTFS
\\?\Volume{96bb8403-3b71-49f1-8e28-36fdbc424ff8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C1CF027A)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 117.2 GB) (Disk ID: EF031357)
Partition 1: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Tema neaktivna, zamykam.