VIRY.CZ

zdravim, od vcerejska mi vyskakuje okno s nehezkou reklamou a take zpravou, ze muj laptop je v ohrozeni, vim, ze jsem neco otevrela, co jsem zrejme nemela, prosim o kontrolu, dekuji vrele. bl.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by A (administrator) on DESKTOP-V7NF5M6 (LENOVO 20BTS1R400) (29-07-2021 08:10:59)
Running from C:\Users\A\Desktop\vyhodit
Loaded Profiles: A
Platform: Windows 10 Pro Version 20H2 19042.1110 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <50>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\A\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114273560 2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\A\AppData\Local\Microsoft\Teams\Update.exe [2454200 2021-07-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\A\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\A\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\RunOnce: [Uninstall 21.129.0627.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\A\AppData\Local\Microsoft\OneDrive\21.129.0627.0002"
HKLM\...\Windows x64\Print Processors\shj2mPC: C:\Windows\System32\spool\prtprocs\x64\shj2mpc.dll [65256 2019-04-01] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\shj2m Langmon: C:\WINDOWS\system32\shj2mlm.dll [44264 2019-04-01] (联想图像(天津)科技有限公司 -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E8E41B8-AFD2-4A41-9655-60680F77FC2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {13A68152-6271-404D-B82A-8F02F6E77D73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19944E34-E891-4BAA-8111-0DC43ED4A769} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311416 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {468A783A-023F-4DCD-8B33-1C48DF177996} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {539A192D-5B6E-4EEE-88C9-10A39D19C56C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311416 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {54C0F3D7-12EE-4B00-98E3-5C0EB979AA5A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6A57FBC4-7598-4AFF-B436-D51F2FB9B769} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
Task: {6AD1005C-70EB-4DEE-B11A-3FC9AB739CC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AC46872-A315-47BB-A064-C6B7DE6A82A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C185CA2-9AA2-4960-B1AA-345C2A64ED08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B00317DE-B765-43D2-83E6-FE2DE83D28A0} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B99B3B4D-910E-4B21-8BDA-AE9EFC3D3FAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182216 2021-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C919DEE5-802E-4C97-B36E-AC15953EC371} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182216 2021-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D16ABE1E-0298-4226-A191-C0FCF9776C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
Task: {D987AA6C-CD4E-4E3D-B56D-1F4F058AB151} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147296 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E252C6D2-4452-467B-B39A-5BDBBD086F86} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [225248 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
Task: {FE6203F2-4ABF-44A2-BAFE-964DC6202F37} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147296 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{a444201f-da03-4fc3-9f12-69083a7c2b85}: [DhcpNameServer] 192.168.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\A\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-26]

FireFox:
========
FF DefaultProfile: wuydc3is.default
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\wuydc3is.default [2021-04-29]
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\qt2z2wn1.default-release [2021-04-29]
FF Extension: (Video DownloadHelper) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\qt2z2wn1.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-04-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default [2021-07-29]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://captchadecode.com; hxxps://meet.google.com
CHR HomePage: Default -> hxxp://search.findwide.com/?guid={85EE7439-38F2-48C5-8D6E-0748D8390267}&serpv=22
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... google.com"
CHR Extension: (Slides) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-24]
CHR Extension: (Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-24]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-24]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-24]
CHR Extension: (Sheets) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-24]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-07-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-11-19] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [90328 2020-09-30] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Tdsshbecr; C:\WINDOWS\System32\drivers\shbecr.sys [38496 2017-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-29 08:10 - 2021-07-29 08:11 - 000000000 ____D C:\FRST
2021-07-18 14:12 - 2021-07-18 14:12 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-18 14:12 - 2021-07-18 14:12 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-18 14:12 - 2021-07-18 14:12 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-18 14:12 - 2021-07-18 14:12 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-18 14:12 - 2021-07-18 14:12 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-18 14:12 - 2021-07-18 14:12 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-11 11:12 - 2021-07-11 11:12 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-11 11:12 - 2021-07-11 11:12 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-11 11:12 - 2021-07-11 11:12 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-11 11:12 - 2021-07-11 11:12 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-11 11:12 - 2021-07-11 11:12 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-11 11:12 - 2021-07-11 11:12 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-11 11:11 - 2021-07-11 11:11 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-11 11:11 - 2021-07-11 11:11 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-11 11:11 - 2021-07-11 11:11 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-11 11:11 - 2021-07-11 11:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-11 10:08 - 2021-07-11 10:08 - 000048773 _____ C:\Users\A\Downloads\ink1_195807128615.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-29 08:10 - 2021-03-03 14:20 - 000000000 ____D C:\Users\A\Desktop\vyhodit
2021-07-29 08:07 - 2021-02-24 08:54 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-29 08:07 - 2021-02-08 15:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-29 08:05 - 2021-02-17 20:47 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-778287325-1988700057-2922616860-1001
2021-07-29 08:05 - 2021-02-17 20:47 - 000000000 ___RD C:\Users\A\OneDrive
2021-07-29 08:05 - 2021-02-17 20:43 - 000002367 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-29 08:04 - 2021-02-08 15:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-28 08:08 - 2021-02-08 15:13 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-28 08:08 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-26 21:35 - 2021-02-24 11:24 - 000000000 __SHD C:\Users\A\IntelGraphicsProfiles
2021-07-26 21:35 - 2021-02-24 06:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-07-26 21:35 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\ServiceState
2021-07-26 05:59 - 2021-02-26 12:08 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-23 17:57 - 2021-02-24 08:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-23 17:57 - 2021-02-24 08:55 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-23 17:57 - 2021-02-08 15:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-23 17:57 - 2021-02-08 15:22 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-21 11:47 - 2021-03-02 07:06 - 000000000 ____D C:\Users\A\Documents\finance
2021-07-21 06:57 - 2021-02-08 15:12 - 000000000 ____D C:\WINDOWS\INF
2021-07-19 09:26 - 2021-02-24 09:19 - 000687848 _____ C:\WINDOWS\system32\perfh005.dat
2021-07-19 09:26 - 2021-02-24 09:19 - 000141456 _____ C:\WINDOWS\system32\perfc005.dat
2021-07-19 09:26 - 2021-02-24 09:14 - 000684554 _____ C:\WINDOWS\system32\perfh01D.dat
2021-07-19 09:26 - 2021-02-24 09:14 - 000142014 _____ C:\WINDOWS\system32\perfc01D.dat
2021-07-19 09:26 - 2021-02-17 20:46 - 002412730 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-18 21:38 - 2021-02-24 06:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-07-18 21:38 - 2021-02-08 15:20 - 000440784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-18 21:38 - 2021-02-08 15:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-18 21:37 - 2021-02-08 15:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-18 21:37 - 2021-02-08 15:08 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-07-18 14:15 - 2021-02-08 15:09 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-18 14:05 - 2021-02-25 08:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-18 14:03 - 2021-02-25 08:16 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-16 07:22 - 2021-02-24 08:54 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 07:22 - 2021-02-24 08:54 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-15 08:07 - 2021-02-17 20:43 - 000000000 ____D C:\Users\A\AppData\Local\Packages
2021-07-13 17:21 - 2021-02-24 09:25 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-10 17:12 - 2021-02-08 15:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-05 11:41 - 2021-02-17 20:43 - 000000000 ____D C:\Users\A
2021-07-02 06:32 - 2021-02-08 15:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-02 06:32 - 2021-02-08 15:21 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-01 09:39 - 2021-02-26 12:35 - 000002344 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-07-01 09:39 - 2021-02-26 12:35 - 000002336 _____ C:\Users\A\Desktop\Microsoft Teams.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by A (29-07-2021 08:12:28)
Running from C:\Users\A\Desktop\vyhodit
Windows 10 Pro Version 20H2 19042.1110 (X64) (2021-02-08 13:23:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

A (S-1-5-21-778287325-1988700057-2922616860-1001 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-778287325-1988700057-2922616860-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-778287325-1988700057-2922616860-503 - Limited - Disabled)
Guest (S-1-5-21-778287325-1988700057-2922616860-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-778287325-1988700057-2922616860-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
BankID Security Application (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.10.0.13 - Finansiell ID-Teknik BID AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
Installation av Handelsbankens kortläsare (HKLM-x32\...\{79FDF571-BBC9-4E6C-8297-91CCDC7B7023}) (Version: 1.01.0000 - Todos Data System AB)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14131.20332 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14131.20332 - Microsoft Corporation)
Microsoft 365-appar för företag - sv-se (HKLM\...\O365ProPlusRetail - sv-se) (Version: 16.0.14131.20332 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\Teams) (Version: 1.4.00.16575 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041D-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
VdhCoApp 1.6.1 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Zoom (HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\A\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\A\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-02-20 06:17 - 2021-02-20 06:17 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
2021-02-20 06:17 - 2021-02-20 06:17 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
2021-02-20 06:17 - 2021-02-20 06:17 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
2021-02-20 06:17 - 2021-02-20 06:17 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
2021-02-20 06:17 - 2021-02-20 06:17 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\sharepoint.com -> hxxps://soscv-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-02-08 15:13 - 2021-02-08 15:11 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-778287325-1988700057-2922616860-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{19A2DC23-8ADC-490A-91B2-F55F5A39A8F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{341A9A57-9999-41C3-AE02-3E9193F3A0BE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{39B840B5-E991-47BE-9DB1-0F6B3C93B962}C:\users\a\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\a\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0F402B97-2A5E-4F8B-89D8-07AD191078A0}C:\users\a\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\a\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{921E5673-53FA-44EA-B487-D8D30BFC68FB}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{69026FDC-D38A-425D-95EE-72B52700D68A}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B7A11306-3241-4454-9E3B-709E5B96B3F0}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6263BBB3-D214-4966-85D4-8035C2EC0CC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{390C1A7C-898F-4700-9F91-180E302647C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1B900D4D-317B-48AF-BE3E-EBFACA94CC96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A37CC3AA-192F-4283-AFC3-DC08616811AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EABDC148-AB85-4DA4-804C-9ABC7D5CE224}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7A70A8D6-FC62-4491-A6AE-883AEA17F142}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6962A254-AB37-4346-8B59-275565813108}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9A2EF7DE-84B8-400D-8470-8877F2F8E31C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CDE2F482-46B8-4694-BBBD-94D1CAE49321}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{00A8774C-9454-4767-9D24-31A6FF33416B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6DBD61C1-CA21-4648-87EE-90D81ADC5771}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DED2296-F298-4BD4-B385-DC6697BEEDE0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B28D5F97-0679-4683-B16D-FEAC51FE55EF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2334EFA9-026C-4F24-BF62-713A8CA19755}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FFADB388-1783-4A3C-8A31-48B583439D1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{44497E72-CD2E-4106-B8FA-24F3AB413369}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3444C4E6-AD10-4A50-8D8B-77BA4F2BAF29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FD1295F9-1D3D-4033-B3AC-A3EC54808280}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CDB0096B-E96A-4C8E-8788-C3218CFA70C2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.55\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4DD4DF5-D60D-49CF-BFFB-AA863D401E71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D744525D-9A4F-4B65-9107-AD060E1638FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CBF29366-CC7A-4255-8ADD-F74440437FB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1F94319-DFE5-4FAF-8433-3876A0E191A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2561FAC9-6685-443E-A96E-7F4BCFC810E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0D876552-04DD-4B6F-967F-C0CB4E138939}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D370F664-583D-4FB7-BB42-6115664B5AF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1D3926A9-C7AC-442C-A03C-C03CD5B5D9B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

11-07-2021 10:55:08 Windows Modules Installer
18-07-2021 14:05:13 Windows Modules Installer
28-07-2021 08:08:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (07/22/2021 01:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SynTPEnh.exe, version: 19.3.4.228, time stamp: 0x6094e1cf
Faulting module name: SynTPEnh.exe, version: 19.3.4.228, time stamp: 0x6094e1cf
Exception code: 0xc0000005
Fault offset: 0x000000000000323f
Faulting process ID: 0x1474
Faulting application start time: 0x01d77c0c7928d36c
Faulting application path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Faulting module path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Report ID: 45858eb1-9002-48b3-bb92-8dfea0523a9d
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 11:38:02 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/21/2021 11:38:02 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/05/2021 10:57:50 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/05/2021 10:57:50 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/22/2021 11:24:54 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (06/22/2021 11:24:54 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/18/2021 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 8.68.0.96 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2afc

Start Time: 01d76338e7236c49

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe

Report Id: 58746e68-59c1-42a1-ada3-661ad0f1bf95

Faulting package full name: Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Hang type: Quiesce

System errors:
=============
Error: (07/29/2021 08:04:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/28/2021 08:00:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/28/2021 02:09:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: HP - USB - 3/27/2019 12:00:00 AM - 13.54.20.543.

Error: (07/28/2021 02:08:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/28/2021 07:57:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/27/2021 08:48:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/26/2021 09:35:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/26/2021 10:56:50 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V7NF5M6)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2021-07-28 17:25:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-26 21:45:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-25 21:16:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-24 22:13:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-24 11:01:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-30 08:07:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.99.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 08:07:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.99.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 08:07:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-04 09:26:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.28.0
Previous security intelligence Version: 1.339.1926.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-04 09:26:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.28.0
Previous security intelligence Version: 1.339.1926.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: LENOVO N14ET52W (1.30 ) 08/28/2019
Motherboard: LENOVO 20BTS1R400
Processor: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 73%
Total physical RAM: 8071.21 MB
Available physical RAM: 2155.32 MB
Total Virtual: 13959.21 MB
Available Virtual: 4972.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.07 GB) (Free:96.56 GB) NTFS

\\?\Volume{d2838311-cd2f-4edb-9ef1-d894883bec59}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f8413ecd-8101-490b-ad4f-71d599fcd5b1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: BD4CA2EF)

Partition: GPT.

==================== End of Addition.txt =======================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-29-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 7
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted FindWide
Deleted FindWide
Deleted http://search.findwide.com/?guid={85EE7 ... }&serpv=22
Deleted http://search.findwide.com/?guid={85EE7 ... }&serpv=22
Deleted vi-view
Deleted vi-view
Deleted youndoo

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1805 octets] - [29/07/2021 11:02:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

reklamy porad vyskakuji...jakmile vyskoci, pokusim se udelat prtscr, jsou vsak vzdy velmi kratce, tezke je odchytit...

Dejte nové logy FRST+Addition.

prikladam prtscr

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by A (administrator) on DESKTOP-V7NF5M6 (LENOVO 20BTS1R400) (29-07-2021 15:46:44)
Running from C:\Users\A\Desktop\vyhodit
Loaded Profiles: A
Platform: Windows 10 Pro Version 20H2 19042.1110 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <51>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\A\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114273560 2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\A\AppData\Local\Microsoft\Teams\Update.exe [2454200 2021-07-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\shj2mPC: C:\Windows\System32\spool\prtprocs\x64\shj2mpc.dll [65256 2019-04-01] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\shj2m Langmon: C:\WINDOWS\system32\shj2mlm.dll [44264 2019-04-01] (联想图像(天津)科技有限公司 -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E8E41B8-AFD2-4A41-9655-60680F77FC2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {13A68152-6271-404D-B82A-8F02F6E77D73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19944E34-E891-4BAA-8111-0DC43ED4A769} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311416 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {468A783A-023F-4DCD-8B33-1C48DF177996} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {539A192D-5B6E-4EEE-88C9-10A39D19C56C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311416 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {54C0F3D7-12EE-4B00-98E3-5C0EB979AA5A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6A57FBC4-7598-4AFF-B436-D51F2FB9B769} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
Task: {6AD1005C-70EB-4DEE-B11A-3FC9AB739CC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AC46872-A315-47BB-A064-C6B7DE6A82A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C185CA2-9AA2-4960-B1AA-345C2A64ED08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B00317DE-B765-43D2-83E6-FE2DE83D28A0} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B99B3B4D-910E-4B21-8BDA-AE9EFC3D3FAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182216 2021-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C919DEE5-802E-4C97-B36E-AC15953EC371} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182216 2021-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D16ABE1E-0298-4226-A191-C0FCF9776C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
Task: {D987AA6C-CD4E-4E3D-B56D-1F4F058AB151} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147296 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E252C6D2-4452-467B-B39A-5BDBBD086F86} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [225248 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
Task: {FE6203F2-4ABF-44A2-BAFE-964DC6202F37} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147296 2021-07-24] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{a444201f-da03-4fc3-9f12-69083a7c2b85}: [DhcpNameServer] 192.168.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\A\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-29]

FireFox:
========
FF DefaultProfile: wuydc3is.default
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\wuydc3is.default [2021-04-29]
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\qt2z2wn1.default-release [2021-04-29]
FF Extension: (Video DownloadHelper) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\qt2z2wn1.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-04-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default [2021-07-29]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://captchadecode.com; hxxps://meet.google.com
CHR HomePage: Default -> hxxp://search.findwide.com/?guid={85EE7439-38F2-48C5-8D6E-0748D8390267}&serpv=22
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... google.com"
CHR Extension: (Slides) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-24]
CHR Extension: (Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-24]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-24]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-24]
CHR Extension: (Sheets) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-24]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-07-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-11-19] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [90328 2020-09-30] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Tdsshbecr; C:\WINDOWS\System32\drivers\shbecr.sys [38496 2017-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-29 11:02 - 2021-07-29 11:02 - 000000000 ____D C:\AdwCleaner
2021-07-29 08:10 - 2021-07-29 15:47 - 000000000 ____D C:\FRST
2021-07-18 14:12 - 2021-07-18 14:12 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-18 14:12 - 2021-07-18 14:12 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-18 14:12 - 2021-07-18 14:12 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-18 14:12 - 2021-07-18 14:12 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-18 14:12 - 2021-07-18 14:12 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-18 14:12 - 2021-07-18 14:12 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-11 11:12 - 2021-07-11 11:12 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-11 11:12 - 2021-07-11 11:12 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-11 11:12 - 2021-07-11 11:12 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-11 11:12 - 2021-07-11 11:12 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-11 11:12 - 2021-07-11 11:12 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-11 11:12 - 2021-07-11 11:12 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-11 11:11 - 2021-07-11 11:11 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-11 11:11 - 2021-07-11 11:11 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-11 11:11 - 2021-07-11 11:11 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-11 11:11 - 2021-07-11 11:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-11 10:08 - 2021-07-11 10:08 - 000048773 _____ C:\Users\A\Downloads\ink1_195807128615.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-29 15:47 - 2021-03-03 14:20 - 000000000 ____D C:\Users\A\Desktop\vyhodit
2021-07-29 15:45 - 2021-02-24 08:54 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-29 15:45 - 2021-02-08 15:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-29 15:44 - 2021-02-08 15:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-29 11:08 - 2021-02-24 09:19 - 000687848 _____ C:\WINDOWS\system32\perfh005.dat
2021-07-29 11:08 - 2021-02-24 09:19 - 000141456 _____ C:\WINDOWS\system32\perfc005.dat
2021-07-29 11:08 - 2021-02-24 09:14 - 000684554 _____ C:\WINDOWS\system32\perfh01D.dat
2021-07-29 11:08 - 2021-02-24 09:14 - 000142014 _____ C:\WINDOWS\system32\perfc01D.dat
2021-07-29 11:08 - 2021-02-17 20:46 - 002412730 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-29 11:08 - 2021-02-08 15:12 - 000000000 ____D C:\WINDOWS\INF
2021-07-29 11:04 - 2021-02-24 06:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-07-29 11:04 - 2021-02-24 06:57 - 000000000 ____D C:\ProgramData\Synaptics
2021-07-29 11:04 - 2021-02-17 20:47 - 000000000 ___RD C:\Users\A\OneDrive
2021-07-29 11:04 - 2021-02-08 15:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-29 11:04 - 2021-02-08 15:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-29 11:04 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\ServiceState
2021-07-29 11:03 - 2021-02-08 15:08 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-07-29 08:05 - 2021-02-17 20:47 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-778287325-1988700057-2922616860-1001
2021-07-29 08:05 - 2021-02-17 20:43 - 000002367 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-28 08:08 - 2021-02-08 15:13 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-28 08:08 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-26 21:35 - 2021-02-24 11:24 - 000000000 __SHD C:\Users\A\IntelGraphicsProfiles
2021-07-26 05:59 - 2021-02-26 12:08 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-23 17:57 - 2021-02-24 08:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-23 17:57 - 2021-02-24 08:55 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-23 17:57 - 2021-02-08 15:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-23 17:57 - 2021-02-08 15:22 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-21 11:47 - 2021-03-02 07:06 - 000000000 ____D C:\Users\A\Documents\finance
2021-07-18 21:38 - 2021-02-08 15:20 - 000440784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-18 21:37 - 2021-02-08 15:13 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-18 14:15 - 2021-02-08 15:09 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-18 14:05 - 2021-02-25 08:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-18 14:03 - 2021-02-25 08:16 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-16 07:22 - 2021-02-24 08:54 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 07:22 - 2021-02-24 08:54 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-15 08:07 - 2021-02-17 20:43 - 000000000 ____D C:\Users\A\AppData\Local\Packages
2021-07-13 17:21 - 2021-02-24 09:25 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-11 21:41 - 2021-02-08 15:13 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-10 17:12 - 2021-02-08 15:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-05 11:41 - 2021-02-17 20:43 - 000000000 ____D C:\Users\A
2021-07-02 06:32 - 2021-02-08 15:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-02 06:32 - 2021-02-08 15:21 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-01 09:39 - 2021-02-26 12:35 - 000002344 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-07-01 09:39 - 2021-02-26 12:35 - 000002336 _____ C:\Users\A\Desktop\Microsoft Teams.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by A (29-07-2021 15:48:14)
Running from C:\Users\A\Desktop\vyhodit
Windows 10 Pro Version 20H2 19042.1110 (X64) (2021-02-08 13:23:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

A (S-1-5-21-778287325-1988700057-2922616860-1001 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-778287325-1988700057-2922616860-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-778287325-1988700057-2922616860-503 - Limited - Disabled)
Guest (S-1-5-21-778287325-1988700057-2922616860-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-778287325-1988700057-2922616860-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
BankID Security Application (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.10.0.13 - Finansiell ID-Teknik BID AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
Installation av Handelsbankens kortläsare (HKLM-x32\...\{79FDF571-BBC9-4E6C-8297-91CCDC7B7023}) (Version: 1.01.0000 - Todos Data System AB)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14131.20332 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14131.20332 - Microsoft Corporation)
Microsoft 365-appar för företag - sv-se (HKLM\...\O365ProPlusRetail - sv-se) (Version: 16.0.14131.20332 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\Teams) (Version: 1.4.00.16575 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Mozilla Firefox 88.0 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041D-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
VdhCoApp 1.6.1 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Zoom (HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\A\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\A\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-778287325-1988700057-2922616860-1001\...\sharepoint.com -> hxxps://soscv-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-02-08 15:13 - 2021-02-08 15:11 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-778287325-1988700057-2922616860-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{19A2DC23-8ADC-490A-91B2-F55F5A39A8F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{341A9A57-9999-41C3-AE02-3E9193F3A0BE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{39B840B5-E991-47BE-9DB1-0F6B3C93B962}C:\users\a\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\a\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0F402B97-2A5E-4F8B-89D8-07AD191078A0}C:\users\a\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\a\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{921E5673-53FA-44EA-B487-D8D30BFC68FB}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{69026FDC-D38A-425D-95EE-72B52700D68A}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B7A11306-3241-4454-9E3B-709E5B96B3F0}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6263BBB3-D214-4966-85D4-8035C2EC0CC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{390C1A7C-898F-4700-9F91-180E302647C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1B900D4D-317B-48AF-BE3E-EBFACA94CC96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A37CC3AA-192F-4283-AFC3-DC08616811AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EABDC148-AB85-4DA4-804C-9ABC7D5CE224}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7A70A8D6-FC62-4491-A6AE-883AEA17F142}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6962A254-AB37-4346-8B59-275565813108}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9A2EF7DE-84B8-400D-8470-8877F2F8E31C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CDE2F482-46B8-4694-BBBD-94D1CAE49321}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{00A8774C-9454-4767-9D24-31A6FF33416B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6DBD61C1-CA21-4648-87EE-90D81ADC5771}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DED2296-F298-4BD4-B385-DC6697BEEDE0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B28D5F97-0679-4683-B16D-FEAC51FE55EF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2334EFA9-026C-4F24-BF62-713A8CA19755}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FFADB388-1783-4A3C-8A31-48B583439D1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{44497E72-CD2E-4106-B8FA-24F3AB413369}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3444C4E6-AD10-4A50-8D8B-77BA4F2BAF29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FD1295F9-1D3D-4033-B3AC-A3EC54808280}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CDB0096B-E96A-4C8E-8788-C3218CFA70C2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.55\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4DD4DF5-D60D-49CF-BFFB-AA863D401E71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D744525D-9A4F-4B65-9107-AD060E1638FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CBF29366-CC7A-4255-8ADD-F74440437FB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1F94319-DFE5-4FAF-8433-3876A0E191A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2561FAC9-6685-443E-A96E-7F4BCFC810E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0D876552-04DD-4B6F-967F-C0CB4E138939}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D370F664-583D-4FB7-BB42-6115664B5AF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1D3926A9-C7AC-442C-A03C-C03CD5B5D9B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

11-07-2021 10:55:08 Windows Modules Installer
18-07-2021 14:05:13 Windows Modules Installer
28-07-2021 08:08:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (07/22/2021 01:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SynTPEnh.exe, version: 19.3.4.228, time stamp: 0x6094e1cf
Faulting module name: SynTPEnh.exe, version: 19.3.4.228, time stamp: 0x6094e1cf
Exception code: 0xc0000005
Fault offset: 0x000000000000323f
Faulting process ID: 0x1474
Faulting application start time: 0x01d77c0c7928d36c
Faulting application path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Faulting module path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Report ID: 45858eb1-9002-48b3-bb92-8dfea0523a9d
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2021 11:38:02 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/21/2021 11:38:02 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/05/2021 10:57:50 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (07/05/2021 10:57:50 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/22/2021 11:24:54 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (06/22/2021 11:24:54 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/18/2021 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 8.68.0.96 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2afc

Start Time: 01d76338e7236c49

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe

Report Id: 58746e68-59c1-42a1-ada3-661ad0f1bf95

Faulting package full name: Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Hang type: Quiesce

System errors:
=============
Error: (07/29/2021 03:45:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/29/2021 03:45:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: HP - USB - 3/27/2019 12:00:00 AM - 13.54.20.543.

Error: (07/29/2021 11:04:06 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (07/29/2021 11:04:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (07/29/2021 11:04:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (07/29/2021 11:04:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (07/29/2021 11:03:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll

Error: (07/29/2021 11:03:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll

Windows Defender:
================
Date: 2021-07-28 17:25:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-26 21:45:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-25 21:16:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-24 22:13:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-24 11:01:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-30 08:07:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.99.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 08:07:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.99.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 08:07:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-04 09:26:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.28.0
Previous security intelligence Version: 1.339.1926.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-04 09:26:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.28.0
Previous security intelligence Version: 1.339.1926.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: LENOVO N14ET52W (1.30 ) 08/28/2019
Motherboard: LENOVO 20BTS1R400
Processor: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 62%
Total physical RAM: 8071.21 MB
Available physical RAM: 3008.96 MB
Total Virtual: 13959.21 MB
Available Virtual: 8169.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.07 GB) (Free:95.66 GB) NTFS

\\?\Volume{d2838311-cd2f-4edb-9ef1-d894883bec59}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f8413ecd-8101-490b-ad4f-71d599fcd5b1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: BD4CA2EF)

Partition: GPT.

==================== End of Addition.txt =======================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\A\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{69026FDC-D38A-425D-95EE-72B52700D68A}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B7A11306-3241-4454-9E3B-709E5B96B3F0}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{1B900D4D-317B-48AF-BE3E-EBFACA94CC96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A37CC3AA-192F-4283-AFC3-DC08616811AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EABDC148-AB85-4DA4-804C-9ABC7D5CE224}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7A70A8D6-FC62-4491-A6AE-883AEA17F142}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6962A254-AB37-4346-8B59-275565813108}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9A2EF7DE-84B8-400D-8470-8877F2F8E31C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CDE2F482-46B8-4694-BBBD-94D1CAE49321}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{00A8774C-9454-4767-9D24-31A6FF33416B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
Task: {6A57FBC4-7598-4AFF-B436-D51F2FB9B769} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
Task: {D16ABE1E-0298-4226-A191-C0FCF9776C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... google.com"
CHR HomePage: Default -> hxxp://search.findwide.com/?guid={85EE7439-38F2-48C5-8D6E-0748D8390267}&serpv=22

EmptyTemp:
End

Uložte do C:\Users\A\Desktop\vyhodit jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by A (29-07-2021 16:07:22) Run:1
Running from C:\Users\A\Desktop\vyhodit
Loaded Profiles: A
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\A\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{69026FDC-D38A-425D-95EE-72B52700D68A}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B7A11306-3241-4454-9E3B-709E5B96B3F0}] => (Allow) C:\Users\A\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{1B900D4D-317B-48AF-BE3E-EBFACA94CC96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A37CC3AA-192F-4283-AFC3-DC08616811AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EABDC148-AB85-4DA4-804C-9ABC7D5CE224}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7A70A8D6-FC62-4491-A6AE-883AEA17F142}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6962A254-AB37-4346-8B59-275565813108}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9A2EF7DE-84B8-400D-8470-8877F2F8E31C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CDE2F482-46B8-4694-BBBD-94D1CAE49321}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{00A8774C-9454-4767-9D24-31A6FF33416B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0\Spotify.exe => No File
Task: {6A57FBC4-7598-4AFF-B436-D51F2FB9B769} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
Task: {D16ABE1E-0298-4226-A191-C0FCF9776C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-24] (Google LLC -> Google LLC)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... google.com"
CHR HomePage: Default -> hxxp://search.findwide.com/?guid={85EE7439-38F2-48C5-8D6E-0748D8390267}&serpv=22

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-778287325-1988700057-2922616860-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69026FDC-D38A-425D-95EE-72B52700D68A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7A11306-3241-4454-9E3B-709E5B96B3F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B900D4D-317B-48AF-BE3E-EBFACA94CC96}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A37CC3AA-192F-4283-AFC3-DC08616811AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EABDC148-AB85-4DA4-804C-9ABC7D5CE224}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A70A8D6-FC62-4491-A6AE-883AEA17F142}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6962A254-AB37-4346-8B59-275565813108}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A2EF7DE-84B8-400D-8470-8877F2F8E31C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDE2F482-46B8-4694-BBBD-94D1CAE49321}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00A8774C-9454-4767-9D24-31A6FF33416B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A57FBC4-7598-4AFF-B436-D51F2FB9B769}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A57FBC4-7598-4AFF-B436-D51F2FB9B769}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D16ABE1E-0298-4226-A191-C0FCF9776C11}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D16ABE1E-0298-4226-A191-C0FCF9776C11}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"Chrome StartupUrls" => removed successfully
"Chrome HomePage" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22113168 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 13812656 B
Edge => 0 B
Chrome => 1830075370 B
Firefox => 96346617 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 317938 B
A => 108018415 B

RecycleBin => 6479023557 B
EmptyTemp: => 8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:10:05 ====

Smazáno. Nastala nějaká změna?

Dekuji vrele, zda se, ze to prestalo. Byl to vir?

Byly tam fake odkazy v prohlížeči. Byly smazány a s nimi i další zbytečnosti. Nemáte zač!

VIRY.CZ

asi virus

asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus

Re: asi virus