Hello,
I think I have some form of persistent virus in my home pcs.
I have more times reinstalled OSs (win 10) and after some time most of services are disabled. In first case it was immediately, in second case after week (this computer). If I use netstat I can see my pc is connecting to various pages that are marked as malicious or suspicious and some processes (svchost ) are scanning listening many ports. I have eset, which is blocking some communications: UDP, ICMPv6 and UPnP... I tried some anti-virus programs with n result.
Before reinstallations I tried Hitman.pro trial which catch some conduit threat and it was reappearing after deletion by hitman and Malwarebytes catched something like registry.injection and hijack.dll.
I am copying log from FRST + addition:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
Ran by pomlc (administrator) on NOTEBOOOK (Acer Aspire ES1-571) (11-12-2020 10:59:42)
Running from C:\Users\pomlc\Desktop
Loaded Profiles: pomlc
Platform: Windows 10 Pro Version 20H2 19042.685 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0EB4DCEB-704C-46B1-9045-B9A2DEDD7CD8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3A282C57-53BC-49B2-A0E5-D6A3243BA4A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5A7BDAB6-3AE7-4D36-A495-D7ABF4FCB986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)
Task: {DCF73539-B62D-42EA-A8BD-04E3C1248EFF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FA3A3E4C-8A67-469B-B646-992F949D6D0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{263ce8fb-0cd9-4ca7-92a9-8d4efcbb6bf0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9c4c91b7-53fb-4f36-9a56-41306f76f495}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pomlc\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-10]
Chrome:
=======
CHR Profile: C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default [2020-12-11]
CHR Extension: (Prezentácie) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-07]
CHR Extension: (Dokumenty) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-07]
CHR Extension: (Disk Google) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-07]
CHR Extension: (YouTube) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-07]
CHR Extension: (Tabuľky) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-07]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-07]
CHR Extension: (Gmail) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-07]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [89968 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-11 10:59 - 2020-12-11 11:00 - 000011023 _____ C:\Users\pomlc\Desktop\FRST.txt
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\Users\pomlc\Desktop\FRST-OlderVersion
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\FRST
2020-12-11 10:37 - 2020-12-03 14:16 - 046768128 _____ C:\Users\pomlc\Desktop\659ce.msi
2020-12-11 10:36 - 2020-12-11 10:59 - 002288640 _____ (Farbar) C:\Users\pomlc\Desktop\FRST64.exe
2020-12-10 20:49 - 2020-12-10 20:49 - 000073621 _____ C:\Users\pomlc\Desktop\services.exe.txt
2020-12-10 20:08 - 2020-12-10 20:08 - 000000917 _____ C:\Users\pomlc\Desktop\ckfiles.txt
2020-12-10 20:06 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Downloads\CKScanner.exe
2020-12-10 20:05 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Desktop\CKScanner.exe
2020-12-10 19:59 - 2020-12-10 19:59 - 000028034 _____ C:\Users\pomlc\Desktop\smss.exe.txt
2020-12-10 19:50 - 2020-12-10 19:51 - 000727444 _____ C:\Windows\Minidump\121020-8140-01.dmp
2020-12-10 19:45 - 2020-12-10 19:51 - 000036200 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-12-10 19:45 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Desktop\procexp.exe
2020-12-10 19:44 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Downloads\procexp.exe
2020-12-10 19:14 - 2020-12-10 19:14 - 000000000 ____D C:\Users\pomlc\AppData\Local\MicrosoftEdge
2020-12-10 19:13 - 2020-12-10 19:13 - 000852504 _____ C:\Users\pomlc\Downloads\SecurityCheck.exe
2020-12-10 19:05 - 2020-12-10 19:05 - 001228152 _____ (AVG Technologies) C:\Users\pomlc\Downloads\avg_driver_updater_online_setup.exe
2020-12-10 18:48 - 2020-12-10 18:51 - 000000000 ____D C:\Users\pomlc\Desktop\spybotes
2020-12-10 17:40 - 2020-12-10 17:40 - 000034719 _____ C:\Users\pomlc\Desktop\includese.zip
2020-12-10 17:39 - 2020-12-10 17:39 - 000070043 _____ C:\Users\pomlc\Desktop\zospybotu.zip
2020-12-10 17:37 - 2020-12-10 17:37 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-10 17:37 - 2020-12-10 17:37 - 000010912 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-12-10 17:36 - 2020-12-10 17:36 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-10 17:33 - 2020-12-10 17:33 - 000000000 ____D C:\Users\pomlc\AppData\Local\Safer-Networking Ltd
2020-12-10 17:29 - 2020-12-10 17:29 - 000000000 ____D C:\Safer-Networking Ltd
2020-12-10 17:28 - 2020-12-10 20:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2020-12-10 18:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-12-10 17:28 - 2020-12-10 17:28 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2020-12-10 17:28 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2020-12-10 17:23 - 2020-12-10 17:26 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\pomlc\Downloads\spybotsd-2.8.68.0.exe
2020-12-10 16:40 - 2020-12-11 10:13 - 001587062 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-10 16:23 - 2020-12-11 10:09 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-10 16:23 - 2020-12-10 16:23 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-10 16:08 - 2020-12-10 16:12 - 000000000 ____D C:\Users\pomlc\Desktop\bordel
2020-12-10 15:48 - 2020-12-10 15:49 - 000000000 ____D C:\KVRT_Data
2020-12-10 15:46 - 2020-12-11 10:13 - 000664864 _____ C:\Windows\system32\perfh01B.dat
2020-12-10 15:46 - 2020-12-11 10:13 - 000121936 _____ C:\Windows\system32\perfc01B.dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000207 _____ C:\Windows\tweaking.com-regbackup-NOTEBOOOK-Windows-10-Pro-(64-bit).dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000000 ____D C:\RegBackup
2020-12-10 14:36 - 2020-12-10 14:36 - 000001989 _____ C:\Users\pomlc\Desktop\Repair_Windows.exe – odkaz.lnk
2020-12-10 14:30 - 2020-12-10 14:30 - 000361792 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2020-12-10 14:30 - 2020-12-10 14:30 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-10 14:26 - 2020-12-10 17:10 - 000000000 ____D C:\Users\pomlc\Desktop\aa
2020-12-10 14:26 - 2020-12-10 15:19 - 000002176 _____ C:\Users\pomlc\Desktop\Rkill.txt
2020-12-10 14:22 - 2020-12-11 10:11 - 000000000 ____D C:\Users\pomlc\Desktop\mirka-notas3
2020-12-10 12:00 - 2020-12-10 12:00 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup (1).exe
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-10 11:58 - 2020-12-10 11:58 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup.exe
2020-12-10 08:37 - 2020-12-10 08:37 - 000000000 ____D C:\Users\pomlc\Downloads\be
2020-12-10 08:34 - 2020-12-10 08:34 - 000000000 ____D C:\asd
2020-12-10 08:23 - 2020-12-10 08:23 - 000000000 ____D C:\Users\pomlc\AppData\Local\WmiExplorer
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ C:\Users\pomlc\AppData\Local\resmon.resmoncfg
2020-12-10 08:01 - 2020-12-10 08:01 - 000228140 _____ C:\Users\pomlc\Downloads\WMIExplorer_2.0.0.0.zip
2020-12-10 08:01 - 2020-12-10 08:01 - 000000000 ____D C:\Users\pomlc\Desktop\WMIExplorer_2.0.0.0
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer.exe
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer (1).exe
2020-12-07 14:14 - 2020-12-10 15:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-07 14:13 - 2020-12-07 14:13 - 000000000 ____D C:\Windows\pss
2020-12-07 14:06 - 2020-12-07 14:06 - 000002331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-07 14:05 - 2020-12-07 14:05 - 000000000 ____D C:\Program Files\Google
2020-12-07 14:04 - 2020-12-07 14:10 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-07 14:04 - 2020-12-07 14:10 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-07 13:58 - 2020-12-07 14:15 - 000000000 ____D C:\Users\pomlc\AppData\Local\Google
2020-12-07 13:58 - 2020-12-07 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-07 13:58 - 2020-12-07 13:58 - 001317080 _____ (Google LLC) C:\Users\pomlc\Downloads\ChromeSetup.exe
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____D C:\Users\pomlc\Desktop\mirka_notas2
2020-12-07 13:54 - 2020-12-07 13:54 - 000055993 _____ C:\Users\pomlc\Desktop\ibatextaky.zip
2020-12-07 13:54 - 2020-12-07 13:54 - 000000000 ____D C:\Users\pomlc\Desktop\ibatextaky
2020-12-07 13:08 - 2020-12-07 13:08 - 000081659 _____ C:\Users\pomlc\Desktop\vtempe.zip
2020-12-07 13:04 - 2020-12-07 13:04 - 000000000 ____D C:\Users\pomlc\Desktop\v tempe-onedrive
2020-12-07 12:55 - 2020-12-07 12:55 - 000089968 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-12-07 12:53 - 2020-12-10 19:51 - 000000000 ____D C:\Windows\Minidump
2020-12-07 12:53 - 2020-12-10 19:50 - 477160921 _____ C:\Windows\MEMORY.DMP
2020-12-05 09:20 - 2020-12-10 20:55 - 071041024 _____ C:\Windows\system32\config\SOFTWARE
2020-12-05 09:17 - 2020-12-05 09:20 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-12-04 20:49 - 2020-12-04 20:49 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Macromedia
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-04 18:57 - 2020-12-04 18:57 - 001333248 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-04 18:57 - 2020-12-04 18:57 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000165376 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-04 17:20 - 2020-12-04 17:20 - 000000000 ____D C:\Users\pomlc\AppData\Local\PeerDistRepub
2020-12-03 19:46 - 2020-12-03 19:46 - 002045618 _____ C:\Users\pomlc\Downloads\ProcessMonitor.zip
2020-12-03 19:46 - 2020-12-03 19:46 - 000000000 ____D C:\Users\pomlc\Desktop\ProcessMonitor
2020-12-03 16:21 - 2020-12-03 16:21 - 000137016 _____ C:\Windows\system32\HvsiManagementApi.dll
2020-12-03 16:21 - 2020-12-03 16:21 - 000101688 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2020-12-03 16:20 - 2020-12-03 16:20 - 001309504 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-12-03 16:20 - 2020-12-03 16:20 - 000045880 _____ C:\Windows\system32\HvSocket.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000455168 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2020-12-03 16:19 - 2020-12-03 16:19 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2020-12-03 16:18 - 2020-12-03 16:18 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2020-12-03 16:18 - 2020-12-03 16:18 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2020-12-03 16:18 - 2020-12-03 16:18 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2020-12-03 16:17 - 2020-12-03 16:17 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000707544 _____ C:\Windows\system32\TextShaping.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000645120 _____ C:\Windows\system32\WindowManagementAPI.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-12-03 16:17 - 2020-12-03 16:17 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2020-12-03 16:17 - 2020-12-03 16:17 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2020-12-03 16:16 - 2020-12-03 16:16 - 000455168 _____ C:\Windows\system32\ssdm.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000064552 _____ C:\Windows\system32\umpdc.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\ProgramData\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:19 - 2020-12-03 14:19 - 000000000 ____D C:\Users\pomlc\AppData\Local\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\Program Files\ESET
2020-12-03 14:14 - 2020-12-03 14:14 - 006341552 _____ (ESET) C:\Users\pomlc\Downloads\eset_internet_security_live_installer.exe
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Synaptics
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\ProgramData\Synaptics
2020-12-03 14:09 - 2020-12-03 14:09 - 000000000 ____D C:\Windows\system32\MRT
2020-12-03 14:04 - 2020-12-03 14:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-12-03 14:03 - 2020-12-03 14:03 - 000000000 ___HD C:\$WinREAgent
2020-12-03 14:02 - 2020-12-10 18:35 - 000000000 ____D C:\Users\pomlc\AppData\Local\D3DSCache
2020-12-03 14:00 - 2020-12-03 14:00 - 000000000 ____D C:\Users\pomlc\AppData\Local\Comms
2020-12-03 13:59 - 2020-12-03 18:31 - 000000000 ____D C:\Users\pomlc\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 13:58 - 2020-12-07 13:18 - 000000000 ___RD C:\Users\pomlc\OneDrive
2020-12-03 13:58 - 2020-12-03 13:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-12-03 13:57 - 2020-12-03 13:57 - 000000000 ____D C:\Users\pomlc\AppData\Local\Publishers
2020-12-03 13:56 - 2020-12-11 10:09 - 000000000 __SHD C:\Users\pomlc\IntelGraphicsProfiles
2020-12-03 13:56 - 2020-12-10 18:59 - 000000000 ____D C:\Users\pomlc\AppData\Local\Packages
2020-12-03 13:56 - 2020-12-07 17:59 - 000000000 ____D C:\ProgramData\Packages
2020-12-03 13:56 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Local\ConnectedDevicesPlatform
2020-12-03 13:56 - 2020-12-03 13:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-03 13:56 - 2020-12-03 13:56 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ___RD C:\Users\pomlc\3D Objects
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Adobe
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Local\VirtualStore
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2020-12-03 13:56 - 2017-06-27 05:55 - 000099816 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2020-12-03 13:53 - 2020-12-10 20:55 - 000000000 ____D C:\Users\pomlc
2020-12-03 13:53 - 2020-12-03 13:53 - 000000020 ___SH C:\Users\pomlc\ntuser.ini
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____D C:\Program Files\Synaptics
2020-12-03 13:52 - 2017-07-11 18:41 - 000077912 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2020-12-03 13:48 - 2020-12-10 16:23 - 000000000 ____D C:\Windows\CSC
2020-12-03 13:46 - 2020-12-03 13:46 - 000000000 _SHDL C:\Documents and Settings
2020-12-03 13:43 - 2020-12-10 20:55 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-03 13:43 - 2020-12-10 20:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-03 13:43 - 2020-12-10 19:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-03 13:43 - 2020-12-05 17:28 - 000000000 ____D C:\Windows\Panther
2020-12-03 13:43 - 2020-12-05 09:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-03 13:43 - 2020-12-03 13:43 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-11 10:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2020-12-11 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-10 20:55 - 2019-12-07 10:03 - 000262144 _____ C:\Windows\system32\config\BBI
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2020-12-10 17:38 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2020-12-10 17:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-08 20:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-12-07 12:51 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-12-05 09:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2020-12-04 21:59 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-04 16:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-12-03 19:51 - 2019-12-07 15:41 - 000000000 ___SD C:\Windows\system32\AppV
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2020-12-03 19:50 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2020-12-03 16:26 - 2019-12-07 15:41 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2020-12-03 16:26 - 2019-12-07 15:41 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2020-12-03 14:12 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2020-12-03 13:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-12-03 13:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-03 13:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2020-12-03 13:43 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
==================== Files in the root of some directories ========
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ () C:\Users\pomlc\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
I think I have some form of persistent virus in my home pcs.
I have more times reinstalled OSs (win 10) and after some time most of services are disabled. In first case it was immediately, in second case after week (this computer). If I use netstat I can see my pc is connecting to various pages that are marked as malicious or suspicious and some processes (svchost ) are scanning listening many ports. I have eset, which is blocking some communications: UDP, ICMPv6 and UPnP... I tried some anti-virus programs with n result.
Before reinstallations I tried Hitman.pro trial which catch some conduit threat and it was reappearing after deletion by hitman and Malwarebytes catched something like registry.injection and hijack.dll.
I am copying log from FRST + addition:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
Ran by pomlc (administrator) on NOTEBOOOK (Acer Aspire ES1-571) (11-12-2020 10:59:42)
Running from C:\Users\pomlc\Desktop
Loaded Profiles: pomlc
Platform: Windows 10 Pro Version 20H2 19042.685 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0EB4DCEB-704C-46B1-9045-B9A2DEDD7CD8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3A282C57-53BC-49B2-A0E5-D6A3243BA4A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5A7BDAB6-3AE7-4D36-A495-D7ABF4FCB986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)
Task: {DCF73539-B62D-42EA-A8BD-04E3C1248EFF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FA3A3E4C-8A67-469B-B646-992F949D6D0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-07] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{263ce8fb-0cd9-4ca7-92a9-8d4efcbb6bf0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9c4c91b7-53fb-4f36-9a56-41306f76f495}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pomlc\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-10]
Chrome:
=======
CHR Profile: C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default [2020-12-11]
CHR Extension: (Prezentácie) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-07]
CHR Extension: (Dokumenty) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-07]
CHR Extension: (Disk Google) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-07]
CHR Extension: (YouTube) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-07]
CHR Extension: (Tabuľky) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-07]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-07]
CHR Extension: (Gmail) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\pomlc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-07]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [89968 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-11 10:59 - 2020-12-11 11:00 - 000011023 _____ C:\Users\pomlc\Desktop\FRST.txt
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\Users\pomlc\Desktop\FRST-OlderVersion
2020-12-11 10:59 - 2020-12-11 10:59 - 000000000 ____D C:\FRST
2020-12-11 10:37 - 2020-12-03 14:16 - 046768128 _____ C:\Users\pomlc\Desktop\659ce.msi
2020-12-11 10:36 - 2020-12-11 10:59 - 002288640 _____ (Farbar) C:\Users\pomlc\Desktop\FRST64.exe
2020-12-10 20:49 - 2020-12-10 20:49 - 000073621 _____ C:\Users\pomlc\Desktop\services.exe.txt
2020-12-10 20:08 - 2020-12-10 20:08 - 000000917 _____ C:\Users\pomlc\Desktop\ckfiles.txt
2020-12-10 20:06 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Downloads\CKScanner.exe
2020-12-10 20:05 - 2020-12-10 20:06 - 000468480 _____ () C:\Users\pomlc\Desktop\CKScanner.exe
2020-12-10 19:59 - 2020-12-10 19:59 - 000028034 _____ C:\Users\pomlc\Desktop\smss.exe.txt
2020-12-10 19:50 - 2020-12-10 19:51 - 000727444 _____ C:\Windows\Minidump\121020-8140-01.dmp
2020-12-10 19:45 - 2020-12-10 19:51 - 000036200 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-12-10 19:45 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Desktop\procexp.exe
2020-12-10 19:44 - 2020-12-10 19:45 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\pomlc\Downloads\procexp.exe
2020-12-10 19:14 - 2020-12-10 19:14 - 000000000 ____D C:\Users\pomlc\AppData\Local\MicrosoftEdge
2020-12-10 19:13 - 2020-12-10 19:13 - 000852504 _____ C:\Users\pomlc\Downloads\SecurityCheck.exe
2020-12-10 19:05 - 2020-12-10 19:05 - 001228152 _____ (AVG Technologies) C:\Users\pomlc\Downloads\avg_driver_updater_online_setup.exe
2020-12-10 18:48 - 2020-12-10 18:51 - 000000000 ____D C:\Users\pomlc\Desktop\spybotes
2020-12-10 17:40 - 2020-12-10 17:40 - 000034719 _____ C:\Users\pomlc\Desktop\includese.zip
2020-12-10 17:39 - 2020-12-10 17:39 - 000070043 _____ C:\Users\pomlc\Desktop\zospybotu.zip
2020-12-10 17:37 - 2020-12-10 17:37 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-10 17:37 - 2020-12-10 17:37 - 000010912 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-12-10 17:36 - 2020-12-10 17:36 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-10 17:33 - 2020-12-10 17:33 - 000000000 ____D C:\Users\pomlc\AppData\Local\Safer-Networking Ltd
2020-12-10 17:29 - 2020-12-10 17:29 - 000000000 ____D C:\Safer-Networking Ltd
2020-12-10 17:28 - 2020-12-10 20:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2020-12-10 18:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-12-10 17:28 - 2020-12-10 17:28 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000001448 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2020-12-10 17:28 - 2020-12-10 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2020-12-10 17:28 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2020-12-10 17:28 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2020-12-10 17:23 - 2020-12-10 17:26 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\pomlc\Downloads\spybotsd-2.8.68.0.exe
2020-12-10 16:40 - 2020-12-11 10:13 - 001587062 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-10 16:23 - 2020-12-11 10:09 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-10 16:23 - 2020-12-10 16:23 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-10 16:08 - 2020-12-10 16:12 - 000000000 ____D C:\Users\pomlc\Desktop\bordel
2020-12-10 15:48 - 2020-12-10 15:49 - 000000000 ____D C:\KVRT_Data
2020-12-10 15:46 - 2020-12-11 10:13 - 000664864 _____ C:\Windows\system32\perfh01B.dat
2020-12-10 15:46 - 2020-12-11 10:13 - 000121936 _____ C:\Windows\system32\perfc01B.dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000207 _____ C:\Windows\tweaking.com-regbackup-NOTEBOOOK-Windows-10-Pro-(64-bit).dat
2020-12-10 14:44 - 2020-12-10 14:44 - 000000000 ____D C:\RegBackup
2020-12-10 14:36 - 2020-12-10 14:36 - 000001989 _____ C:\Users\pomlc\Desktop\Repair_Windows.exe – odkaz.lnk
2020-12-10 14:30 - 2020-12-10 14:30 - 000361792 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2020-12-10 14:30 - 2020-12-10 14:30 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-10 14:30 - 2020-12-10 14:30 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-10 14:26 - 2020-12-10 17:10 - 000000000 ____D C:\Users\pomlc\Desktop\aa
2020-12-10 14:26 - 2020-12-10 15:19 - 000002176 _____ C:\Users\pomlc\Desktop\Rkill.txt
2020-12-10 14:22 - 2020-12-11 10:11 - 000000000 ____D C:\Users\pomlc\Desktop\mirka-notas3
2020-12-10 12:00 - 2020-12-10 12:00 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup (1).exe
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000001079 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-10 12:00 - 2020-12-10 12:00 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-10 11:58 - 2020-12-10 11:58 - 007458656 _____ (VS Revo Group ) C:\Users\pomlc\Downloads\revosetup.exe
2020-12-10 08:37 - 2020-12-10 08:37 - 000000000 ____D C:\Users\pomlc\Downloads\be
2020-12-10 08:34 - 2020-12-10 08:34 - 000000000 ____D C:\asd
2020-12-10 08:23 - 2020-12-10 08:23 - 000000000 ____D C:\Users\pomlc\AppData\Local\WmiExplorer
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ C:\Users\pomlc\AppData\Local\resmon.resmoncfg
2020-12-10 08:01 - 2020-12-10 08:01 - 000228140 _____ C:\Users\pomlc\Downloads\WMIExplorer_2.0.0.0.zip
2020-12-10 08:01 - 2020-12-10 08:01 - 000000000 ____D C:\Users\pomlc\Desktop\WMIExplorer_2.0.0.0
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer.exe
2020-12-08 20:34 - 2020-12-08 20:34 - 001965536 _____ (Malwarebytes) C:\Users\pomlc\Downloads\MBSetup-106724.106724-consumer (1).exe
2020-12-07 14:14 - 2020-12-10 15:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-07 14:13 - 2020-12-07 14:13 - 000000000 ____D C:\Windows\pss
2020-12-07 14:06 - 2020-12-07 14:06 - 000002331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 14:06 - 2020-12-07 14:06 - 000002290 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-07 14:05 - 2020-12-07 14:05 - 000000000 ____D C:\Program Files\Google
2020-12-07 14:04 - 2020-12-07 14:10 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-07 14:04 - 2020-12-07 14:10 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-07 13:58 - 2020-12-07 14:15 - 000000000 ____D C:\Users\pomlc\AppData\Local\Google
2020-12-07 13:58 - 2020-12-07 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-07 13:58 - 2020-12-07 13:58 - 001317080 _____ (Google LLC) C:\Users\pomlc\Downloads\ChromeSetup.exe
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-12-07 13:55 - 2020-12-07 13:55 - 000000000 ____D C:\Users\pomlc\Desktop\mirka_notas2
2020-12-07 13:54 - 2020-12-07 13:54 - 000055993 _____ C:\Users\pomlc\Desktop\ibatextaky.zip
2020-12-07 13:54 - 2020-12-07 13:54 - 000000000 ____D C:\Users\pomlc\Desktop\ibatextaky
2020-12-07 13:08 - 2020-12-07 13:08 - 000081659 _____ C:\Users\pomlc\Desktop\vtempe.zip
2020-12-07 13:04 - 2020-12-07 13:04 - 000000000 ____D C:\Users\pomlc\Desktop\v tempe-onedrive
2020-12-07 12:55 - 2020-12-07 12:55 - 000089968 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-12-07 12:53 - 2020-12-10 19:51 - 000000000 ____D C:\Windows\Minidump
2020-12-07 12:53 - 2020-12-10 19:50 - 477160921 _____ C:\Windows\MEMORY.DMP
2020-12-05 09:20 - 2020-12-10 20:55 - 071041024 _____ C:\Windows\system32\config\SOFTWARE
2020-12-05 09:17 - 2020-12-05 09:20 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-12-04 20:49 - 2020-12-04 20:49 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Macromedia
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-04 18:58 - 2020-12-04 18:58 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-04 18:57 - 2020-12-04 18:57 - 001333248 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-04 18:57 - 2020-12-04 18:57 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-04 18:57 - 2020-12-04 18:57 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-04 18:56 - 2020-12-04 18:56 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000165376 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-04 18:56 - 2020-12-04 18:56 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-04 18:56 - 2020-12-04 18:56 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-04 17:20 - 2020-12-04 17:20 - 000000000 ____D C:\Users\pomlc\AppData\Local\PeerDistRepub
2020-12-03 19:46 - 2020-12-03 19:46 - 002045618 _____ C:\Users\pomlc\Downloads\ProcessMonitor.zip
2020-12-03 19:46 - 2020-12-03 19:46 - 000000000 ____D C:\Users\pomlc\Desktop\ProcessMonitor
2020-12-03 16:21 - 2020-12-03 16:21 - 000137016 _____ C:\Windows\system32\HvsiManagementApi.dll
2020-12-03 16:21 - 2020-12-03 16:21 - 000101688 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2020-12-03 16:20 - 2020-12-03 16:20 - 001309504 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-12-03 16:20 - 2020-12-03 16:20 - 000045880 _____ C:\Windows\system32\HvSocket.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000455168 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2020-12-03 16:19 - 2020-12-03 16:19 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2020-12-03 16:19 - 2020-12-03 16:19 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2020-12-03 16:18 - 2020-12-03 16:18 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2020-12-03 16:18 - 2020-12-03 16:18 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2020-12-03 16:18 - 2020-12-03 16:18 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2020-12-03 16:17 - 2020-12-03 16:17 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000707544 _____ C:\Windows\system32\TextShaping.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000645120 _____ C:\Windows\system32\WindowManagementAPI.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-12-03 16:17 - 2020-12-03 16:17 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2020-12-03 16:17 - 2020-12-03 16:17 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2020-12-03 16:17 - 2020-12-03 16:17 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2020-12-03 16:16 - 2020-12-03 16:16 - 000455168 _____ C:\Windows\system32\ssdm.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000064552 _____ C:\Windows\system32\umpdc.dll
2020-12-03 16:16 - 2020-12-03 16:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:25 - 2020-12-03 14:25 - 000002016 _____ C:\ProgramData\Desktop\ESET Ochrana online platieb.lnk
2020-12-03 14:19 - 2020-12-03 14:19 - 000000000 ____D C:\Users\pomlc\AppData\Local\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\ProgramData\ESET
2020-12-03 14:18 - 2020-12-03 14:18 - 000000000 ____D C:\Program Files\ESET
2020-12-03 14:14 - 2020-12-03 14:14 - 006341552 _____ (ESET) C:\Users\pomlc\Downloads\eset_internet_security_live_installer.exe
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Synaptics
2020-12-03 14:11 - 2020-12-03 14:11 - 000000000 ____D C:\ProgramData\Synaptics
2020-12-03 14:09 - 2020-12-03 14:09 - 000000000 ____D C:\Windows\system32\MRT
2020-12-03 14:04 - 2020-12-03 14:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-12-03 14:03 - 2020-12-03 14:03 - 000000000 ___HD C:\$WinREAgent
2020-12-03 14:02 - 2020-12-10 18:35 - 000000000 ____D C:\Users\pomlc\AppData\Local\D3DSCache
2020-12-03 14:00 - 2020-12-03 14:00 - 000000000 ____D C:\Users\pomlc\AppData\Local\Comms
2020-12-03 13:59 - 2020-12-03 18:31 - 000000000 ____D C:\Users\pomlc\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 13:58 - 2020-12-07 13:18 - 000000000 ___RD C:\Users\pomlc\OneDrive
2020-12-03 13:58 - 2020-12-03 13:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-12-03 13:57 - 2020-12-03 13:57 - 000000000 ____D C:\Users\pomlc\AppData\Local\Publishers
2020-12-03 13:56 - 2020-12-11 10:09 - 000000000 __SHD C:\Users\pomlc\IntelGraphicsProfiles
2020-12-03 13:56 - 2020-12-10 18:59 - 000000000 ____D C:\Users\pomlc\AppData\Local\Packages
2020-12-03 13:56 - 2020-12-07 17:59 - 000000000 ____D C:\ProgramData\Packages
2020-12-03 13:56 - 2020-12-03 14:11 - 000000000 ____D C:\Users\pomlc\AppData\Local\ConnectedDevicesPlatform
2020-12-03 13:56 - 2020-12-03 13:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-03 13:56 - 2020-12-03 13:56 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ___RD C:\Users\pomlc\3D Objects
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Roaming\Adobe
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Users\pomlc\AppData\Local\VirtualStore
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 ____D C:\Intel
2020-12-03 13:56 - 2020-12-03 13:56 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2020-12-03 13:56 - 2017-06-27 05:55 - 000099816 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2020-12-03 13:53 - 2020-12-10 20:55 - 000000000 ____D C:\Users\pomlc
2020-12-03 13:53 - 2020-12-03 13:53 - 000000020 ___SH C:\Users\pomlc\ntuser.ini
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2020-12-03 13:52 - 2020-12-03 13:52 - 000000000 ____D C:\Program Files\Synaptics
2020-12-03 13:52 - 2017-07-11 18:41 - 000077912 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2020-12-03 13:48 - 2020-12-10 16:23 - 000000000 ____D C:\Windows\CSC
2020-12-03 13:46 - 2020-12-03 13:46 - 000000000 _SHDL C:\Documents and Settings
2020-12-03 13:43 - 2020-12-10 20:55 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-03 13:43 - 2020-12-10 20:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-03 13:43 - 2020-12-10 19:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-03 13:43 - 2020-12-05 17:28 - 000000000 ____D C:\Windows\Panther
2020-12-03 13:43 - 2020-12-05 09:16 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-03 13:43 - 2020-12-03 13:43 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-11 10:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2020-12-11 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-10 20:55 - 2019-12-07 10:03 - 000262144 _____ C:\Windows\system32\config\BBI
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-10 18:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2020-12-10 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2020-12-10 17:38 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2020-12-10 17:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-08 20:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-12-07 12:51 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-12-05 09:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-04 22:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2020-12-04 21:59 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-12-04 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-04 16:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-12-03 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-12-03 19:51 - 2019-12-07 15:41 - 000000000 ___SD C:\Windows\system32\AppV
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2020-12-03 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-12-03 19:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2020-12-03 19:50 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2020-12-03 16:26 - 2019-12-07 15:41 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2020-12-03 16:26 - 2019-12-07 15:41 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2020-12-03 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2020-12-03 14:12 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2020-12-03 13:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-12-03 13:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-03 13:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2020-12-03 13:43 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
==================== Files in the root of some directories ========
2020-12-10 08:21 - 2020-12-10 11:10 - 000007628 _____ () C:\Users\pomlc\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================