Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vodafone mi oznámilo, že jsem v botnetu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Vodafone mi oznámilo, že jsem v botnetu

#1 Příspěvek od SGC »

Dobrý den, Vodafone mi poslal email, kde mi oznamuje, že některé z mých zařízení je infikované virem či malwarem. Pokud to do 14 dnů nevyřeším, tak mi omezí téměř veškerý odchozí provoz služeb. Bude povolena komunikace pouze na portech 80 (http), 443 (https), 110 (POP3), 143 (IMAP), 53 (DNS), 67 a 68 (DHCP).

Odhalené zranitelnosti:
Botnet - zjištěna infikace malwarem
IP: 89.176.***.**, čas zjištění: 2021-04-26 00:40:03, incident č. 177693.


Chtěl jsem vědět, jestli se skutečně jedná o mě a ne o někoho jiného, kdo má stejnou IP adresu. Tak mi poslali toto:

MAC adresu k dispozici nemáme, pouze tento výpis z logu:

IP adresa89.176.***.** (rezident s dynamickou IP)
Typ reportu
Typbotnet drone
PopisThis host is most likely infected with malware.
Zdrojový port
Cílové IP216.218.135.114
Cílový port80


FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Chuck (administrator) on HP (Hewlett-Packard HP ProBook 4535s) (04-05-2021 14:36:30)
Running from C:\Users\Karol\Desktop
Loaded Profiles: Chuck & Karol
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Alexandr Irza) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe
(Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
(Appwork GmbH -> AppWork GmbH) C:\Users\Karol\AppData\Local\JDownloader 2.0\JDownloader2.exe
(Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(David Carpenter -> ) C:\Program Files\Everything\Everything.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(CHENGDU AOMEI Tech Co., Ltd. -> ) C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(SalvadorSoftware) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe
(StagWare) [File not signed] C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe <18>
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => c:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [File not signed]
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6531536 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89960 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Volume2] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe [4350464 2021-02-14] (Alexandr Irza) [File not signed]
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [ASuite] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe [12268032 2020-04-20] (SalvadorSoftware) [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9C142C0C-124C-4467-B117-EBCC62801D7B}] -> C:\Program Files (x86)\Vivaldi\Application\2.11.1811.47\Installer\chrmstp.exe [2020-06-14] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2016-12-09]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {184BCB5A-622A-40F3-9750-2FC9C2524F73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {198E4553-E499-4FEC-BF71-2DE98CD4C0C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F0EC664-BA70-4489-9D24-703B627D94E0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FDDF3D9-92F4-4C02-903B-27AF1341F4D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {21F92A90-397C-41F7-B647-3C7C92C85E69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {282EAD2E-9665-404C-A449-2C7CE67BC5ED} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {299238D2-F47F-430F-80F1-27AC3194A516} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {2CBFACDF-FEB3-40D5-9A86-871E18B5F012} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {31537973-BF08-414E-8C18-016AA2E10735} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34E5E123-1946-44CE-9DC6-9C91413F5368} - System32\Tasks\My Tasks\auto hibernation => shutdown [Argument = /h]
Task: {37015500-3F40-4146-9BB5-562F45E40978} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {3C63F250-FAFF-4783-A307-3CF6575A8A9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [124280 2018-08-30] (HP Inc. -> HP Inc.)
Task: {3DA20FC9-D65D-4825-B9F7-EF27D257BC08} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {412CE83E-2101-4893-9CC4-11104E16CA07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44A78B22-8685-4235-86C9-73FDBF5DD960} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {46901229-9BD7-4281-B999-E978D639CB5A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474BD1FC-9BA3-4066-A8C2-2916031099CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4774AC1A-50B0-4D60-8A12-569BB4B71FAE} - System32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C} => "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://ui.skype.com/ui/0/7.40.0.103/cs ... Error=1603
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49FCE141-CB65-4556-BAEC-325331FEB10F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {4D393590-7F03-484F-804E-71650C2A8334} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E0434D3-837C-4592-8AD5-F59D150F5726} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {540ACDE2-69DD-426B-B44A-FCF025497495} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54460751-1A6C-481B-B80E-1657AE7D6D05} - \My Tasks\Empty Windows Recycle Bin. -> No File <==== ATTENTION
Task: {5A6249DF-ADE4-4D85-AAB8-00ED90BDAA12} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {63946C7F-2F66-4269-B0BE-5DE2D5D93C3D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {6759277E-F575-4256-8495-2835E9584A4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\mrt.exe [144749672 2016-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {688F3B79-D539-445E-985D-A2BFB75789B8} - System32\Tasks\My Tasks\open gmail afternoon => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {69CDD3BE-F780-4BAF-B718-8CEB37983D1C} - System32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494 => D:\Karol\Archive\1. Extensions\Software\installers\search engines\file-name-no-index\MasterSeeker1.5.1\MasterSeeker.exe
Task: {6DB21E63-B367-4731-B550-CD321E5A8FC6} - System32\Tasks\My Tasks\open gmail night => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {6E44B8F0-C812-4658-9B76-E44E0B82A0D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E79CB94-B352-41D2-A4A0-9367C98AE0A7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {735ECD01-6F6A-454E-9E9F-E022C90C75CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74874CB4-E137-4889-92BD-3EBA03F78D00} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7833BD64-D7EB-4F6B-A19E-C170DD7803BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {888CEB6B-45A0-4895-A2CF-AB3BCC4B1D0E} - System32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7 => D:\Karol\Archive\1. Extensions\Software\Portable\x32\File Management\search engines\no index\MasterSeeker1.5.1\MasterSeeker.exe
Task: {8A918489-8464-4268-BDEA-20B9CC9401DC} - System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop
Task: {8BDF57BC-BE22-4E9D-82E1-DC9BE897D639} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90720BA0-4D63-49B6-A8FA-795E6C5D4BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {921EEFB9-8FB3-4F6E-9561-FC780AD28532} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {93185870-5C8C-4276-A9B0-F2AA88E784D7} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {961BC585-EFA5-4BBC-BC5B-E1D2F12CBCF1} - System32\Tasks\My Tasks\cleanup versioning folder => ForFiles [Argument = /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"] -> /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"
Task: {9BFD489B-5F09-42F6-9179-963E0268A092} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1162B6-8F0F-401F-A4C7-6EAC6F191C86} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D373580-1126-4A24-8390-8209C423A611} - System32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {9DACAB5B-FBE0-430C-92AD-93EA342DED8F} - System32\Tasks\DisableLockScreen => reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f
Task: {A559D691-E4CE-4FA3-B40E-8BE5B36C2D1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE2D77F8-E407-43CA-AE5F-C1476B92DE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AFCE3371-615A-4DF7-B61B-265516815029} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B110211B-6594-48BA-A4D9-AC9CE6E62372} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1FBC68E-EC26-41FC-8424-AC3EF5202884} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B7B8FB88-F954-493C-A26C-54AEA3239536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8757F00-4BE9-441C-82A1-C02D622CC7F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C177C83C-0572-4E55-BB23-3B99176F2BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D2F5091A-D624-4BBA-B909-A10BCCFFFFC0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D49A867E-51BD-4DB8-AEBB-D60B4CE30DAC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7ABEDB3-8CB2-4BBE-B342-254C882B60C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC659376-2B13-4DF8-9B7C-655E5860D21F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1183256 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E1973331-1B79-42A7-8162-BEB646BFE905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {E474C421-6342-4FD0-AE67-326AA69B457C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {E48428C6-42E5-4FF3-92CF-179A1EEC7685} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {E87652C7-4A47-4B6E-AFF2-4B025DE6C3B7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA0E1989-626F-4100-B137-8575E770F8A3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {EB2D4759-3947-46A1-AB62-1090FED2DF37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ECB03397-042A-4568-94E5-933D1AF35C2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EFED7834-A78C-4E66-8466-35A13701DFF5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F005B929-FDB7-4B46-9B9B-BFE69752C20E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F03EA912-D7A0-41B8-90BD-65A244C72858} - System32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.40.0.103/en ... Error=1603
Task: {F1F1B2FA-3B42-4FF0-9698-16783E6526A9} - System32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c => D:\Karol\Archive\1. Extensions\Software\installers\search engines\MasterSeeker1.5.1\MasterSeeker.exe
Task: {F5EAA833-79BA-4274-8431-C427DC14923D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {FA4D6466-39DD-46B7-850E-A55EE0023061} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{176d9214-02f7-4e63-9c0d-502a9c422f87}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [NameServer] 193.17.47.1,185.43.135.1,192.168.0.1
Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{8137f080-5f60-4f4e-96ea-55efe4e2b74c}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{86177912-d0b5-40fe-8877-9d1e9dd6dcc6}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{dac93b1d-61b9-4a71-8643-bf858b70ff4b}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{f27690ee-9433-475b-863f-23634ed6d325}: [NameServer] 217.31.204.130,193.29.206.206
Tcpip\..\Interfaces\{fe8e91cf-fca4-4ebc-bda8-a69e9ca65b03}: [NameServer] 193.17.47.1,185.43.135.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Chuck\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-10]

FireFox:
========
FF DefaultProfile: ypbhsodm.default
FF ProfilePath: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default [2021-04-10]
FF DownloadDir: C:\Users\Chuck\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\ypbhsodm.default -> is enabled.
FF Extension: (All Aboard) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\@all-aboard-v1-5.xpi [2017-07-04] [Legacy]
FF Extension: (No Name) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-02-02]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

Vivaldi:
=======
VIV Profile: C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default [2021-04-22]
VIV Extension: (Adobe Acrobat) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-10]
VIV Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> )
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6435880 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [8704 2019-04-14] (StagWare) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [332264 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [78848 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [180224 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192504 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [543744 2012-10-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2018-08-07] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2021-04-10] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-05-03] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 14:36 - 2021-05-04 14:40 - 000035233 _____ C:\Users\Karol\Desktop\FRST.txt
2021-05-04 14:27 - 2021-05-04 14:28 - 002298368 _____ (Farbar) C:\Users\Karol\Desktop\FRST64.exe
2021-04-12 21:38 - 2021-04-26 11:51 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72e29197199da
2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteBook FanControl
2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\Program Files (x86)\NoteBook FanControl
2021-04-10 20:32 - 2021-04-10 20:32 - 000000020 ___SH C:\Users\Karol\ntuser.ini
2021-04-10 20:27 - 2021-04-10 20:27 - 000000949 _____ C:\Users\Chuck\Desktop\Sandboxed Web Browser.lnk
2021-04-10 20:27 - 2021-04-10 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-04-10 20:09 - 2021-04-10 20:09 - 000000000 ____D C:\Users\Chuck\AppData\Local\PlaceholderTileLogoFolder
2021-04-10 20:04 - 2021-04-10 20:04 - 000000020 ___SH C:\Users\Chuck\ntuser.ini
2021-04-10 19:16 - 2021-04-10 19:16 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-500
2021-04-10 19:15 - 2021-04-29 00:31 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1001
2021-04-10 19:15 - 2021-04-21 10:57 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-10 19:15 - 2021-04-21 10:57 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-10 19:15 - 2021-04-10 19:16 - 000003328 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{718AEF67-758E-4F0B-8548-2EE7294EE2A7}
2021-04-10 19:15 - 2021-04-10 19:16 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-04-10 19:15 - 2021-04-10 19:16 - 000002514 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c
2021-04-10 19:15 - 2021-04-10 19:16 - 000002246 _____ C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E}
2021-04-10 19:15 - 2021-04-10 19:15 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-10 19:15 - 2021-04-10 19:15 - 000003042 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-10 19:15 - 2021-04-10 19:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1000
2021-04-10 19:15 - 2021-04-10 19:15 - 000002622 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7
2021-04-10 19:15 - 2021-04-10 19:15 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-04-10 19:15 - 2021-04-10 19:15 - 000002590 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494
2021-04-10 19:15 - 2021-04-10 19:15 - 000002528 _____ C:\WINDOWS\system32\Tasks\DisableLockScreen
2021-04-10 19:15 - 2021-04-10 19:15 - 000002298 _____ C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6}
2021-04-10 19:15 - 2021-04-10 19:15 - 000002264 _____ C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54}
2021-04-10 19:15 - 2021-04-10 19:15 - 000002240 _____ C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C}
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1001
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1000
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\My Tasks
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagwrn.xml
2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagerr.xml
2021-04-10 19:08 - 2021-04-10 19:19 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-10 19:08 - 2021-04-10 19:08 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-04-10 19:00 - 2021-04-10 19:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-10 18:49 - 2021-04-27 20:53 - 002847556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-10 18:38 - 2021-04-10 18:38 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-10 18:38 - 2021-04-10 18:38 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-10 18:38 - 2021-04-10 18:38 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-10 18:37 - 2021-04-10 18:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-10 18:37 - 2021-04-10 18:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-10 18:37 - 2021-04-10 18:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-10 18:37 - 2021-04-10 18:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-10 18:37 - 2021-04-10 18:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-10 18:37 - 2021-04-10 18:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-10 18:36 - 2021-04-10 18:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-10 18:36 - 2021-04-10 18:36 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-10 18:36 - 2021-04-10 18:36 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-10 18:36 - 2021-04-10 18:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-10 18:36 - 2021-04-10 18:36 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-10 18:36 - 2021-04-10 18:36 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-10 18:36 - 2021-04-10 18:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-10 18:36 - 2021-04-10 18:36 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-10 18:36 - 2021-04-10 18:36 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-10 18:35 - 2021-04-10 18:35 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-10 18:33 - 2021-04-10 18:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-10 18:33 - 2021-04-10 18:33 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-10 18:33 - 2021-04-10 18:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-10 18:33 - 2021-04-10 18:33 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-10 18:32 - 2021-04-10 18:32 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-10 18:32 - 2021-04-10 18:32 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-10 18:32 - 2021-04-10 18:32 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-10 18:32 - 2021-04-10 18:32 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-10 18:32 - 2021-04-10 18:32 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-10 18:32 - 2021-04-10 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-10 18:31 - 2021-04-10 18:31 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-10 18:31 - 2021-04-10 18:31 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-10 18:31 - 2021-04-10 18:31 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-10 18:31 - 2021-04-10 18:31 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-10 18:30 - 2021-04-29 00:29 - 000002377 _____ C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2021-04-10 20:32 - 000000000 ____D C:\Users\Karol
2021-04-10 18:30 - 2021-04-10 20:04 - 000000000 ____D C:\Users\Chuck
2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\DefaultAppPool
2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\Administrator
2021-04-10 18:30 - 2021-04-10 18:30 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:29 - 2021-04-10 18:29 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-10 18:29 - 2021-04-10 18:29 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-10 18:29 - 2021-04-10 18:29 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-10 18:29 - 2021-04-10 18:29 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-10 18:20 - 2021-05-01 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-10 17:57 - 2019-10-15 14:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-04-10 17:57 - 2019-04-18 19:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-04-10 17:47 - 2021-04-27 20:53 - 000808052 _____ C:\WINDOWS\system32\perfh015.dat
2021-04-10 17:47 - 2021-04-27 20:53 - 000163116 _____ C:\WINDOWS\system32\perfc015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000343212 _____ C:\WINDOWS\system32\perfi015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000041370 _____ C:\WINDOWS\system32\perfd015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\pl
2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\system32\pl
2021-04-10 17:20 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\MSBuild
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\inetpub

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 14:47 - 2020-04-05 14:45 - 000000000 ____D C:\Users\Karol\AppData\Local\JDownloader 2.0
2021-05-04 14:38 - 2015-09-07 23:48 - 000000000 ____D C:\FRST
2021-05-04 14:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 13:41 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Everything
2021-05-04 12:28 - 2018-02-06 00:06 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Thunderbird
2021-05-04 12:28 - 2015-08-17 00:23 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Mozilla
2021-05-04 01:46 - 2020-11-19 00:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-03 23:20 - 2019-09-24 12:30 - 000000374 _____ C:\Users\Karol\.vivaldi_reporting_data
2021-05-03 22:16 - 2019-10-03 21:17 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-03 16:03 - 2016-01-22 14:52 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\FreeFileSync
2021-05-03 00:56 - 2017-05-29 11:35 - 000000000 ____D C:\ProgramData\NbfcService
2021-05-02 11:43 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-01 12:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-01 12:32 - 2020-11-19 01:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-01 12:32 - 2017-04-25 01:36 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2021-05-01 12:32 - 2015-08-24 09:12 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2021-05-01 12:32 - 2015-08-17 21:09 - 000000000 ____D C:\ProgramData\VMware
2021-05-01 12:29 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-05-01 11:42 - 2020-11-19 01:32 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 00:04 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Karol\AppData\Local\Packages
2021-04-29 00:30 - 2016-07-02 16:43 - 000000000 ___RD C:\Users\Karol\OneDrive
2021-04-27 20:53 - 2019-12-07 16:41 - 000783098 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-27 20:53 - 2019-12-07 16:41 - 000172796 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-27 20:53 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-26 11:51 - 2020-11-19 01:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 11:49 - 2017-12-25 21:36 - 000000000 ____D C:\Users\Karol\AppData\Roaming\NoteBookFanControl
2021-04-22 20:51 - 2020-06-14 01:46 - 000000374 _____ C:\Users\Chuck\.vivaldi_reporting_data
2021-04-16 20:50 - 2016-07-26 00:21 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-04-16 20:45 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Local\Everything
2021-04-12 20:42 - 2020-11-19 01:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-11 11:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-11 00:05 - 2016-09-17 20:47 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2021-04-11 00:05 - 2016-09-17 20:47 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2021-04-11 00:05 - 2015-09-01 20:33 - 000000000 ____D C:\Program Files\FreeFileSync
2021-04-10 20:57 - 2016-07-02 15:02 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-10 20:51 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-10 20:34 - 2020-11-19 01:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-10 20:34 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-10 20:34 - 2017-12-25 19:42 - 000000000 ___RD C:\Users\Karol\3D Objects
2021-04-10 20:32 - 2017-01-06 18:25 - 000000000 ____D C:\Users\Chuck\AppData\Local\Everything
2021-04-10 20:32 - 2016-12-27 21:36 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Everything
2021-04-10 20:32 - 2016-07-13 23:40 - 000014744 _____ C:\WINDOWS\Sandboxie.ini
2021-04-10 20:31 - 2017-12-25 18:43 - 000000000 ____D C:\Users\Chuck\AppData\Local\Packages
2021-04-10 20:31 - 2016-11-30 14:36 - 000000000 ____D C:\Users\Chuck\AppData\LocalLow\Mozilla
2021-04-10 20:27 - 2015-09-09 10:44 - 000000000 ____D C:\Program Files\Sandboxie
2021-04-10 20:12 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-10 20:10 - 2015-08-16 20:23 - 000000000 ____D C:\Users\Chuck\AppData\Local\VirtualStore
2021-04-10 20:06 - 2017-12-25 19:22 - 000000000 ___RD C:\Users\Chuck\3D Objects
2021-04-10 19:20 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-10 19:19 - 2021-01-27 13:04 - 000000000 ____D C:\WINDOWS\system32\Download
2021-04-10 19:19 - 2020-11-19 01:33 - 000000000 ____D C:\ProgramData\Packages
2021-04-10 19:19 - 2020-11-04 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-10 19:19 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\IME
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-10 19:19 - 2019-06-19 12:58 - 000000000 ____D C:\Program Files\UNP
2021-04-10 19:19 - 2019-04-03 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-04-10 19:19 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-10 19:19 - 2019-01-05 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-04-10 19:19 - 2018-10-14 02:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-10 19:19 - 2018-08-18 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2021-04-10 19:19 - 2018-06-19 00:44 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-04-10 19:19 - 2018-06-10 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash
2021-04-10 19:19 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2021-04-10 19:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-10 19:19 - 2017-08-17 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-04-10 19:19 - 2017-04-25 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2021-04-10 19:19 - 2016-10-08 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2021-04-10 19:19 - 2016-10-08 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2021-04-10 19:19 - 2016-08-10 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2021-04-10 19:19 - 2016-07-30 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2021-04-10 19:19 - 2016-05-16 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-10 19:19 - 2016-04-27 08:32 - 000000000 ____D C:\WINDOWS\ShellNew
2021-04-10 19:19 - 2016-04-11 10:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-04-10 19:19 - 2016-04-08 00:24 - 000000000 ____D C:\WINDOWS\system32\oodag
2021-04-10 19:19 - 2016-03-22 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\en
2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\cs
2021-04-10 19:19 - 2015-08-19 13:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2021-04-10 19:19 - 2015-08-18 12:23 - 000000000 ____D C:\WINDOWS\SysWOW64\SDA
2021-04-10 19:19 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-10 19:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-10 19:15 - 2020-11-19 01:32 - 000003286 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-10 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-04-10 19:11 - 2018-01-18 00:07 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-04-10 19:10 - 2016-07-02 15:26 - 000023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-04-10 19:08 - 2019-11-09 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-04-10 19:08 - 2019-04-04 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-04-10 19:08 - 2017-04-07 20:37 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-04-10 19:08 - 2017-04-07 20:35 - 000000000 ____D C:\Program Files\Synaptics
2021-04-10 19:08 - 2016-03-15 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installed apps
2021-04-10 19:08 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Microsoft Games
2021-04-10 18:58 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media
2021-04-10 18:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-10 18:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-10 18:41 - 2020-04-05 14:48 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2021-04-10 18:41 - 2019-12-18 01:19 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Calendar
2021-04-10 18:41 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-10 18:41 - 2018-10-28 21:20 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XYplorer
2021-04-10 18:41 - 2018-03-25 15:44 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2021-04-10 18:41 - 2017-06-07 12:51 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-10 18:41 - 2017-05-09 15:14 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-04-10 18:41 - 2016-12-27 21:52 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-10 18:41 - 2016-10-08 20:20 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2021-04-10 18:37 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-04-10 18:36 - 2019-11-17 22:26 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wReplace
2021-04-10 18:32 - 2016-03-11 16:07 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Apps
2021-04-10 18:29 - 2020-11-19 01:32 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-10 18:28 - 2018-07-04 15:11 - 000001727 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2021-04-10 18:21 - 2020-11-19 00:29 - 000457224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-10 18:07 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\OCR
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-10 17:20 - 2019-12-07 11:10 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2021-04-10 17:20 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2021-04-10 17:20 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2021-04-10 17:20 - 2019-12-07 11:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2021-04-10 17:19 - 2019-12-07 11:10 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2021-04-10 17:19 - 2019-12-07 11:10 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2021-04-10 17:19 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2021-04-10 13:31 - 2016-11-30 12:49 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2021-04-10 02:29 - 2020-11-08 02:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-10 02:29 - 2009-07-14 04:34 - 000000478 _____ C:\WINDOWS\win.ini
2021-04-09 22:32 - 2010-11-21 05:27 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2019-01-07 02:22 - 2019-01-07 02:22 - 000000000 _____ () C:\Users\Chuck\AppData\Local\oobelibMkey.log
2016-05-14 23:27 - 2018-01-28 02:26 - 000007608 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

FRST Log Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Chuck (04-05-2021 14:49:17)
Running from C:\Users\Karol\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2021-04-10 17:16:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2887156172-1520988294-1417751805-500 - Administrator - Disabled) => C:\Users\Administrator
Chuck (S-1-5-21-2887156172-1520988294-1417751805-1000 - Administrator - Enabled) => C:\Users\Chuck
DefaultAccount (S-1-5-21-2887156172-1520988294-1417751805-503 - Limited - Disabled)
Guest (S-1-5-21-2887156172-1520988294-1417751805-501 - Limited - Disabled)
Karol (S-1-5-21-2887156172-1520988294-1417751805-1001 - Limited - Enabled) => C:\Users\Karol
WDAGUtilityAccount (S-1-5-21-2887156172-1520988294-1417751805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.609 - ABBYY Production LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Alcatel onetouch Manager (HKLM-x32\...\{773A349F-182A-0200-0000-000000000000}) (Version: 13.09.2754 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{FE960639-C7F8-5888-3CB2-68823485A9C0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI PE Builder 1.4 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Aspell Czech Dictionary-0.50-2 (HKLM-x32\...\Aspell Czech Dictionary_is1) (Version: - GNU)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Commumication Technology Holdings Limited)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FeedDemon (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 11.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.9 - FreeFileSync.org)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Calendar Backup Utility (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\389f93cb6637d3c1) (Version: 1.0.0.4 - Google Calendar)
GPL Ghostscript 8.63 (HKLM-x32\...\GPL Ghostscript 8.63) (Version: - )
GTD Timer (HKLM-x32\...\{4C1F2B9C-9005-441A-B39B-04C0147A0ABF}) (Version: 2012.12.11.120 - ProductivityScientific.com)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{48D74C03-3D33-4A7E-9D93-A59FE58C1DEA}) (Version: 2.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{3DFFDA17-EE5C-4C09-AB0B-29CD4A9E6C9C}) (Version: 12.10.49.21 - HP)
I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Macrium Reflect Free Edition (HKLM\...\{5037EDD4-FD4D-43EC-8BBA-BE93D60FCCEA}) (Version: 7.2.4524 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-500\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MiPony 2.3.2 (HKLM-x32\...\MiPony) (Version: 2.3.2 - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 85.0 (x64 en-US) (HKLM\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 85.0.0.7688 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NoteBook FanControl (HKLM-x32\...\{6ccab7ac-feb0-4395-97e3-75cd6f6c407b}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (HKLM-x32\...\{C027E819-C64C-443E-B6D5-755FE4A7A925}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) Hidden
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.8.1 - Duodian Technology Co. Ltd.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
Polski (Akcent) (HKLM\...\{E09BE865-9D80-4440-A740-B1E620ABCC7C}) (Version: 1.0.3.40 - FontyPL)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sandboxie 5.49.0 (64-bit) (HKLM\...\Sandboxie) (Version: 5.49.0 - sandboxie-plus.com)
Screencast-O-Matic v2.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Tempus 1.6.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\daf97551-8b86-5eb9-af1a-781f2e64e703) (Version: 1.6.0 - Keziah Moselle)
TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector)
Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 2.11.1811.47 - Vivaldi Technologies AS.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
wReplace 1.2 Free (HKLM-x32\...\wReplace) (Version: 1.2 Free - SharkTime.com)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
Zen Focus 2.1.0 (only current user) (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\c677a390-e872-5285-bff8-d982a2943b74) (Version: 2.1.0 - builtwithluv)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.180.400.0_x86__kgqvnymyfvs32 [2020-11-08] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-07-02] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> D:\Karol\Archive\1.Extensions\Software\Portable\x32\Audio+Video\info\MediaInfo_20.03\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-04-05 14:45 - 2018-05-09 09:45 - 000142336 _____ () [File not signed] C:\Users\Karol\AppData\Local\JDownloader 2.0\.install4j\i4jinst.dll
2021-05-04 12:54 - 2021-05-04 12:54 - 000043520 _____ () [File not signed] C:\Users\Karol\AppData\Local\Temp\proxy_vole3513242259177334774.dll
2012-04-11 10:40 - 2012-04-11 10:40 - 000067584 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.dll
2017-04-25 01:36 - 2015-05-21 14:32 - 002403504 _____ (Aomei Technology Co., Limited -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-04-25 01:36 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI Backupper\vcomp.dll
2012-03-14 14:44 - 2012-03-14 14:44 - 000006656 _____ (Hewlett-Packard Company) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\cs\HandlersStrings.resources.dll
2021-03-31 12:39 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-04 12:55 - 2021-05-04 12:55 - 000216576 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Karol\AppData\Local\JDownloader 2.0\tmp\jna\jna8151142547056323169.dll
2018-05-06 00:49 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\Newtonsoft.Json.dll
2018-05-06 00:49 - 2018-01-26 17:08 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCollect.dll
2018-05-06 00:49 - 2018-01-26 17:08 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> DefaultScope {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1439752415659
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-15 14:25 - 2019-01-09 16:32 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\Chuck\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NoteBook FanControl\
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\Control Panel\Desktop\\Wallpaper -> D:\Karol\Archive\1.Extensions\Pictures\noneducation\windows\my wallpapers\w7\w7 original.jpg
HKU\S-1-5-21-2887156172-1520988294-1417751805-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 193.17.47.1 - 185.43.135.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 4: VMware Bridge Protocol -> vmware_bridge (disabled)
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled)
Wi-Fi 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 5: VMware Bridge Protocol -> vmware_bridge (disabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\StartupFolder: => "Odeslat do OneNote.lnk"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E4E5B7BA-3805-4503-87D2-3132E6D2A58D}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org)
FirewallRules: [TCP Query User{4A845E45-69D2-460E-8077-8F64267454F1}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org)
FirewallRules: [{1B18EE24-2C06-4389-A621-8728598A755E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E3C5F5D6-E1CF-4795-AA71-65869D5CABBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{28DB69DC-CB76-4500-87BF-E513E5A60372}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6FFE87D3-D49E-4F9E-BD2F-12D05D8ADA86}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFBCE3C0-69C5-4F27-9437-BCFB56D1BCB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04B41ED7-C243-4588-85C4-0E994E7BDAB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F4DEC00-723A-457D-9715-E56615B2695C}] => (Allow) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{6C325D68-4916-4008-8465-4211042665C7}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed]
FirewallRules: [TCP Query User{A20F3443-19FA-464E-AA3A-C3A4FBB76C47}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed]
FirewallRules: [UDP Query User{27812ED6-66BF-454E-AD15-F77FB3C305BC}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File
FirewallRules: [TCP Query User{DC10A911-B724-4E5F-AFF9-41839313603C}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File
FirewallRules: [UDP Query User{A57FB4D8-CEFE-4323-B466-1ED362B05D23}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{6CBC343A-B32D-4D27-A2C2-B445DC9379F0}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{67E623D5-8528-48E5-B9CD-AE26DA2CB7CB}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{24699CC1-04A2-4586-85D8-83E3F84EFF6F}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8B7544A2-FBF3-46B1-BBC4-F85A3049F987}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9C381A54-BD38-4707-9A66-D27E20E38568}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65C21616-EA67-4E69-8B72-38EE08040D32}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C808EAA-9C68-4049-90F3-2B73FEE9989B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB768007-57F7-4EF1-89C4-CD6C24DA582E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFE4330E-6A08-4B94-993D-2F67870CBDB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{89491690-4B23-44A3-AF35-3C2D443A2048}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{FAAE1722-9134-4B17-9AB7-D254CC7C32CB}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{F303C763-78E7-42E0-8B0A-0BA41BF8E80A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{1A027C43-B62B-4969-A6DC-D00355C0416B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [{C003F9D7-46D5-4620-B8D0-EA49F30B01FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31AA79F8-C91F-4D9D-8600-74FFF9533DAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{B62F5544-D1D4-4248-812D-38A79BA37B42}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{313580C3-6999-4612-B419-4C42088889AA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{E464F73B-75D6-4D10-9EE8-0F9BA808C812}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{DF5EE57A-7663-486A-9C48-223AF1AA996B}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{EAAE6AE0-3AAC-452D-9E19-62B4A95A8E50}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed]
FirewallRules: [UDP Query User{4ED501D0-A4B7-4C05-9A67-CC5E9A2B6CD1}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed]
FirewallRules: [TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [{B68FC80D-B466-4F33-A222-C7BE4DF964D6}] => (Allow) C:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{A7E785DE-5682-41F6-9EC4-A5E3938432BD}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C5AE4DA6-621D-400D-89A8-12A0EB1E525B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{2C5BAF74-347E-4989-B1BC-B80CDB4FAEC4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2021 03:49:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/03/2021 03:49:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/01/2021 12:29:56 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Přístup k datům o výkonu byl odepřen pro uživatele SYSTEM (hodnota z GetUsera() pro běžící vlákno), když došlo k příslušnému pokusu z modulu C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (hodnota z GetModuleFileName() pro binární soubor, který vystavil dotaz).

Error: (04/30/2021 08:53:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {41cc83d6-46af-446c-862a-d0f47de53b1c}


System errors:
=============
Error: (05/04/2021 01:02:06 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 11:56:30 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 11:56:30 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 01:02:05 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 12:59:23 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/03/2021 11:20:10 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/03/2021 10:11:43 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/03/2021 10:11:43 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca


Windows Defender:
================
Date: 2021-05-02 12:13:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3AA02220-547F-4598-8C68-FF892A342137}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: HP\Karol

Date: 2021-05-02 11:47:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar; file:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar->xplorer2.Pro.Ult.4.4.0.1.KaranPC\X24LG.1.1.zip->LicGen.exe; webfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar|http://51.15.165.169/karanpc.com/cloud/ ... 4205517669
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: HP\Karol
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.337.336.0, AS: 1.337.336.0, NIS: 1.337.336.0
Verze modulu: AM: 1.1.18100.5, NIS: 1.1.18100.5

Date: 2021-05-02 20:44:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.336.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-30 20:56:51
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.186.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-26 21:38:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1700.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-22 20:39:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80072f78
Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu.

Date: 2021-04-22 20:39:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80072f78
Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu.

==================== Memory info ===========================

BIOS: Hewlett-Packard 68CPC Ver. F.40 03/11/2013
Motherboard: Hewlett-Packard 168B
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 84%
Total physical RAM: 3552.11 MB
Available physical RAM: 554.19 MB
Total Virtual: 7136.11 MB
Available Virtual: 1654.96 MB

==================== Drives ================================

Drive c: (WINDOWS+APPS) (Fixed) (Total:151.03 GB) (Free:47.75 GB) NTFS
Drive d: (MY DATA) (Fixed) (Total:424.7 GB) (Free:23.2 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:15.15 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32

\\?\Volume{27ffcf37-4440-11e5-a4d0-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E920C45C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=575.7 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================
Naposledy upravil(a) SGC dne 04 kvě 2021 23:34, celkem upraveno 1 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#3 Příspěvek od SGC »

Tak tady je ten log:

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-04-2021
# Duration: 00:00:31
# OS: Windows 10 Home
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\mipony
Deleted C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
Deleted C:\Users\Chuck\AppData\Roaming\mipony
Deleted C:\Users\Karol\AppData\Roaming\SecurityXploded
Deleted C:\Users\Karol\AppData\Roaming\mipony

***** [ Files ] *****

Deleted C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
Deleted HKLM\Software\Classes\mipony
Deleted HKLM\Software\Classes\mpybrowser
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\MiPony

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3894 octets] - [04/05/2021 20:32:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#4 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#5 Příspěvek od SGC »

Log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Chuck (administrator) on HP (Hewlett-Packard HP ProBook 4535s) (05-05-2021 00:00:43)
Running from C:\Users\Karol\Desktop
Loaded Profiles: Chuck & Karol
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Alexandr Irza) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe
(Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Cologne Code Company e.K. -> ) D:\Karol\Archive\1.Extensions\Software\Portable\x64\File Browser\xyplorer_full_noinstall\ContextMenu64.exe
(Cologne Code Company e.K. -> Cologne Code Company) D:\Karol\Archive\1.Extensions\Software\Portable\x64\File Browser\xyplorer_full_noinstall\XYplorer.exe
(David Carpenter -> ) C:\Program Files\Everything\Everything.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(CHENGDU AOMEI Tech Co., Ltd. -> ) C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(SalvadorSoftware) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe
(StagWare) [File not signed] C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(StagWare) [File not signed] C:\Program Files (x86)\NoteBook FanControl\NoteBookFanControl.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe <18>
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => c:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [File not signed]
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6531536 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89960 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Volume2] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe [4350464 2021-02-14] (Alexandr Irza) [File not signed]
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [ASuite] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe [12268032 2020-04-20] (SalvadorSoftware) [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9C142C0C-124C-4467-B117-EBCC62801D7B}] -> C:\Program Files (x86)\Vivaldi\Application\2.11.1811.47\Installer\chrmstp.exe [2020-06-14] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2016-12-09]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {184BCB5A-622A-40F3-9750-2FC9C2524F73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {198E4553-E499-4FEC-BF71-2DE98CD4C0C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F0EC664-BA70-4489-9D24-703B627D94E0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FDDF3D9-92F4-4C02-903B-27AF1341F4D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {21F92A90-397C-41F7-B647-3C7C92C85E69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {282EAD2E-9665-404C-A449-2C7CE67BC5ED} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {299238D2-F47F-430F-80F1-27AC3194A516} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {2CBFACDF-FEB3-40D5-9A86-871E18B5F012} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {31537973-BF08-414E-8C18-016AA2E10735} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34E5E123-1946-44CE-9DC6-9C91413F5368} - System32\Tasks\My Tasks\auto hibernation => shutdown [Argument = /h]
Task: {37015500-3F40-4146-9BB5-562F45E40978} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {3C63F250-FAFF-4783-A307-3CF6575A8A9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [124280 2018-08-30] (HP Inc. -> HP Inc.)
Task: {3DA20FC9-D65D-4825-B9F7-EF27D257BC08} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {412CE83E-2101-4893-9CC4-11104E16CA07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44A78B22-8685-4235-86C9-73FDBF5DD960} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {46901229-9BD7-4281-B999-E978D639CB5A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474BD1FC-9BA3-4066-A8C2-2916031099CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4774AC1A-50B0-4D60-8A12-569BB4B71FAE} - System32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C} => "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://ui.skype.com/ui/0/7.40.0.103/cs ... Error=1603
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49FCE141-CB65-4556-BAEC-325331FEB10F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {4D393590-7F03-484F-804E-71650C2A8334} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E0434D3-837C-4592-8AD5-F59D150F5726} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {540ACDE2-69DD-426B-B44A-FCF025497495} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54460751-1A6C-481B-B80E-1657AE7D6D05} - \My Tasks\Empty Windows Recycle Bin. -> No File <==== ATTENTION
Task: {5A6249DF-ADE4-4D85-AAB8-00ED90BDAA12} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {63946C7F-2F66-4269-B0BE-5DE2D5D93C3D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {6759277E-F575-4256-8495-2835E9584A4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\mrt.exe [144749672 2016-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {688F3B79-D539-445E-985D-A2BFB75789B8} - System32\Tasks\My Tasks\open gmail afternoon => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {69CDD3BE-F780-4BAF-B718-8CEB37983D1C} - System32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494 => D:\Karol\Archive\1. Extensions\Software\installers\search engines\file-name-no-index\MasterSeeker1.5.1\MasterSeeker.exe
Task: {6DB21E63-B367-4731-B550-CD321E5A8FC6} - System32\Tasks\My Tasks\open gmail night => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {6E44B8F0-C812-4658-9B76-E44E0B82A0D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E79CB94-B352-41D2-A4A0-9367C98AE0A7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {735ECD01-6F6A-454E-9E9F-E022C90C75CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74874CB4-E137-4889-92BD-3EBA03F78D00} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7833BD64-D7EB-4F6B-A19E-C170DD7803BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {888CEB6B-45A0-4895-A2CF-AB3BCC4B1D0E} - System32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7 => D:\Karol\Archive\1. Extensions\Software\Portable\x32\File Management\search engines\no index\MasterSeeker1.5.1\MasterSeeker.exe
Task: {8A918489-8464-4268-BDEA-20B9CC9401DC} - System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop
Task: {8BDF57BC-BE22-4E9D-82E1-DC9BE897D639} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90720BA0-4D63-49B6-A8FA-795E6C5D4BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {921EEFB9-8FB3-4F6E-9561-FC780AD28532} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {93185870-5C8C-4276-A9B0-F2AA88E784D7} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {961BC585-EFA5-4BBC-BC5B-E1D2F12CBCF1} - System32\Tasks\My Tasks\cleanup versioning folder => ForFiles [Argument = /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"] -> /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"
Task: {9BFD489B-5F09-42F6-9179-963E0268A092} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1162B6-8F0F-401F-A4C7-6EAC6F191C86} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D373580-1126-4A24-8390-8209C423A611} - System32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {9DACAB5B-FBE0-430C-92AD-93EA342DED8F} - System32\Tasks\DisableLockScreen => reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f
Task: {A559D691-E4CE-4FA3-B40E-8BE5B36C2D1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE2D77F8-E407-43CA-AE5F-C1476B92DE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AFCE3371-615A-4DF7-B61B-265516815029} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B110211B-6594-48BA-A4D9-AC9CE6E62372} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1FBC68E-EC26-41FC-8424-AC3EF5202884} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B7B8FB88-F954-493C-A26C-54AEA3239536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8757F00-4BE9-441C-82A1-C02D622CC7F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C177C83C-0572-4E55-BB23-3B99176F2BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D2F5091A-D624-4BBA-B909-A10BCCFFFFC0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D49A867E-51BD-4DB8-AEBB-D60B4CE30DAC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7ABEDB3-8CB2-4BBE-B342-254C882B60C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC659376-2B13-4DF8-9B7C-655E5860D21F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1183256 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E1973331-1B79-42A7-8162-BEB646BFE905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {E474C421-6342-4FD0-AE67-326AA69B457C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {E48428C6-42E5-4FF3-92CF-179A1EEC7685} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {E87652C7-4A47-4B6E-AFF2-4B025DE6C3B7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA0E1989-626F-4100-B137-8575E770F8A3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {EB2D4759-3947-46A1-AB62-1090FED2DF37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ECB03397-042A-4568-94E5-933D1AF35C2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EFED7834-A78C-4E66-8466-35A13701DFF5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F005B929-FDB7-4B46-9B9B-BFE69752C20E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F03EA912-D7A0-41B8-90BD-65A244C72858} - System32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.40.0.103/en ... Error=1603
Task: {F1F1B2FA-3B42-4FF0-9698-16783E6526A9} - System32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c => D:\Karol\Archive\1. Extensions\Software\installers\search engines\MasterSeeker1.5.1\MasterSeeker.exe
Task: {F5EAA833-79BA-4274-8431-C427DC14923D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {FA4D6466-39DD-46B7-850E-A55EE0023061} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{176d9214-02f7-4e63-9c0d-502a9c422f87}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [NameServer] 193.17.47.1,185.43.135.1,192.168.0.1
Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{8137f080-5f60-4f4e-96ea-55efe4e2b74c}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{86177912-d0b5-40fe-8877-9d1e9dd6dcc6}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{dac93b1d-61b9-4a71-8643-bf858b70ff4b}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{f27690ee-9433-475b-863f-23634ed6d325}: [NameServer] 217.31.204.130,193.29.206.206
Tcpip\..\Interfaces\{fe8e91cf-fca4-4ebc-bda8-a69e9ca65b03}: [NameServer] 193.17.47.1,185.43.135.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Chuck\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-10]

FireFox:
========
FF DefaultProfile: ypbhsodm.default
FF ProfilePath: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default [2021-04-10]
FF DownloadDir: C:\Users\Chuck\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\ypbhsodm.default -> is enabled.
FF Extension: (All Aboard) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\@all-aboard-v1-5.xpi [2017-07-04] [Legacy]
FF Extension: (No Name) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-02-02]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

Vivaldi:
=======
VIV Profile: C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default [2021-04-22]
VIV Extension: (Adobe Acrobat) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-10]
VIV Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> )
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6435880 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [8704 2019-04-14] (StagWare) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [332264 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [78848 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [180224 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192504 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [543744 2012-10-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2018-08-07] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2021-04-10] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-05-03] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 00:00 - 2021-05-05 00:03 - 000035369 _____ C:\Users\Karol\Desktop\FRST.txt
2021-05-04 21:05 - 2021-05-04 21:05 - 000000000 ____D C:\WINDOWS\Panther
2021-05-04 20:29 - 2021-05-04 20:29 - 008534696 _____ (Malwarebytes) C:\Users\Karol\Desktop\adwcleaner_8.2.exe
2021-05-04 14:27 - 2021-05-04 14:28 - 002298368 _____ (Farbar) C:\Users\Karol\Desktop\FRST64.exe
2021-04-12 21:38 - 2021-04-26 11:51 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72e29197199da
2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteBook FanControl
2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\Program Files (x86)\NoteBook FanControl
2021-04-10 20:32 - 2021-04-10 20:32 - 000000020 ___SH C:\Users\Karol\ntuser.ini
2021-04-10 20:27 - 2021-04-10 20:27 - 000000949 _____ C:\Users\Chuck\Desktop\Sandboxed Web Browser.lnk
2021-04-10 20:27 - 2021-04-10 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-04-10 20:09 - 2021-04-10 20:09 - 000000000 ____D C:\Users\Chuck\AppData\Local\PlaceholderTileLogoFolder
2021-04-10 20:04 - 2021-04-10 20:04 - 000000020 ___SH C:\Users\Chuck\ntuser.ini
2021-04-10 19:16 - 2021-04-10 19:16 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-500
2021-04-10 19:15 - 2021-04-29 00:31 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1001
2021-04-10 19:15 - 2021-04-21 10:57 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-10 19:15 - 2021-04-21 10:57 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-10 19:15 - 2021-04-10 19:16 - 000003328 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{718AEF67-758E-4F0B-8548-2EE7294EE2A7}
2021-04-10 19:15 - 2021-04-10 19:16 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-04-10 19:15 - 2021-04-10 19:16 - 000002514 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c
2021-04-10 19:15 - 2021-04-10 19:16 - 000002246 _____ C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E}
2021-04-10 19:15 - 2021-04-10 19:15 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-10 19:15 - 2021-04-10 19:15 - 000003042 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-10 19:15 - 2021-04-10 19:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1000
2021-04-10 19:15 - 2021-04-10 19:15 - 000002622 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7
2021-04-10 19:15 - 2021-04-10 19:15 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-04-10 19:15 - 2021-04-10 19:15 - 000002590 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494
2021-04-10 19:15 - 2021-04-10 19:15 - 000002528 _____ C:\WINDOWS\system32\Tasks\DisableLockScreen
2021-04-10 19:15 - 2021-04-10 19:15 - 000002298 _____ C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6}
2021-04-10 19:15 - 2021-04-10 19:15 - 000002264 _____ C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54}
2021-04-10 19:15 - 2021-04-10 19:15 - 000002240 _____ C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C}
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1001
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1000
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\My Tasks
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagwrn.xml
2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagerr.xml
2021-04-10 19:08 - 2021-04-10 19:19 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-10 19:08 - 2021-04-10 19:08 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-04-10 19:00 - 2021-04-10 19:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-10 18:49 - 2021-04-27 20:53 - 002847556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-10 18:38 - 2021-04-10 18:38 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-10 18:38 - 2021-04-10 18:38 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-10 18:38 - 2021-04-10 18:38 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-10 18:37 - 2021-04-10 18:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-10 18:37 - 2021-04-10 18:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-10 18:37 - 2021-04-10 18:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-10 18:37 - 2021-04-10 18:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-10 18:37 - 2021-04-10 18:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-10 18:37 - 2021-04-10 18:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-10 18:36 - 2021-04-10 18:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-10 18:36 - 2021-04-10 18:36 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-10 18:36 - 2021-04-10 18:36 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-10 18:36 - 2021-04-10 18:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-10 18:36 - 2021-04-10 18:36 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-10 18:36 - 2021-04-10 18:36 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-10 18:36 - 2021-04-10 18:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-10 18:36 - 2021-04-10 18:36 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-10 18:36 - 2021-04-10 18:36 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-10 18:35 - 2021-04-10 18:35 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-10 18:33 - 2021-04-10 18:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-10 18:33 - 2021-04-10 18:33 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-10 18:33 - 2021-04-10 18:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-10 18:33 - 2021-04-10 18:33 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-10 18:32 - 2021-04-10 18:32 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-10 18:32 - 2021-04-10 18:32 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-10 18:32 - 2021-04-10 18:32 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-10 18:32 - 2021-04-10 18:32 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-10 18:32 - 2021-04-10 18:32 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-10 18:32 - 2021-04-10 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-10 18:31 - 2021-04-10 18:31 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-10 18:31 - 2021-04-10 18:31 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-10 18:31 - 2021-04-10 18:31 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-10 18:31 - 2021-04-10 18:31 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-10 18:30 - 2021-04-29 00:29 - 000002377 _____ C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2021-04-10 20:32 - 000000000 ____D C:\Users\Karol
2021-04-10 18:30 - 2021-04-10 20:04 - 000000000 ____D C:\Users\Chuck
2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\DefaultAppPool
2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\Administrator
2021-04-10 18:30 - 2021-04-10 18:30 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:29 - 2021-04-10 18:29 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-10 18:29 - 2021-04-10 18:29 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-10 18:29 - 2021-04-10 18:29 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-10 18:29 - 2021-04-10 18:29 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-10 18:20 - 2021-05-04 21:04 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-10 17:57 - 2019-10-15 14:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-04-10 17:57 - 2019-04-18 19:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-04-10 17:47 - 2021-04-27 20:53 - 000808052 _____ C:\WINDOWS\system32\perfh015.dat
2021-04-10 17:47 - 2021-04-27 20:53 - 000163116 _____ C:\WINDOWS\system32\perfc015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000343212 _____ C:\WINDOWS\system32\perfi015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000041370 _____ C:\WINDOWS\system32\perfd015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\pl
2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\system32\pl
2021-04-10 17:20 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\MSBuild
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\inetpub

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 00:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-05 00:02 - 2015-09-07 23:48 - 000000000 ____D C:\FRST
2021-05-04 23:59 - 2020-09-23 21:14 - 000000000 ____D C:\Users\Karol\Desktop\windows
2021-05-04 23:57 - 2016-01-22 14:52 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\FreeFileSync
2021-05-04 23:29 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Everything
2021-05-04 23:21 - 2019-09-24 12:30 - 000000374 _____ C:\Users\Karol\.vivaldi_reporting_data
2021-05-04 22:26 - 2020-11-19 00:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-04 21:12 - 2017-12-25 21:36 - 000000000 ____D C:\Users\Karol\AppData\Roaming\NoteBookFanControl
2021-05-04 21:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-04 21:05 - 2020-11-19 01:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-04 21:05 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-04 21:05 - 2017-04-25 01:36 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2021-05-04 21:05 - 2015-08-24 09:12 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2021-05-04 21:05 - 2015-08-17 21:09 - 000000000 ____D C:\ProgramData\VMware
2021-05-04 21:03 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-05-04 20:32 - 2017-12-07 15:39 - 000000000 ____D C:\AdwCleaner
2021-05-04 14:47 - 2020-04-05 14:45 - 000000000 ____D C:\Users\Karol\AppData\Local\JDownloader 2.0
2021-05-04 12:28 - 2018-02-06 00:06 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Thunderbird
2021-05-04 12:28 - 2015-08-17 00:23 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Mozilla
2021-05-03 22:16 - 2019-10-03 21:17 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-03 00:56 - 2017-05-29 11:35 - 000000000 ____D C:\ProgramData\NbfcService
2021-05-02 11:43 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-01 11:42 - 2020-11-19 01:32 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 00:04 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Karol\AppData\Local\Packages
2021-04-29 00:30 - 2016-07-02 16:43 - 000000000 ___RD C:\Users\Karol\OneDrive
2021-04-27 20:53 - 2019-12-07 16:41 - 000783098 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-27 20:53 - 2019-12-07 16:41 - 000172796 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-26 11:51 - 2020-11-19 01:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-22 20:51 - 2020-06-14 01:46 - 000000374 _____ C:\Users\Chuck\.vivaldi_reporting_data
2021-04-16 20:50 - 2016-07-26 00:21 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-04-16 20:45 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Local\Everything
2021-04-12 20:42 - 2020-11-19 01:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-11 11:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-11 00:05 - 2016-09-17 20:47 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2021-04-11 00:05 - 2016-09-17 20:47 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2021-04-11 00:05 - 2015-09-01 20:33 - 000000000 ____D C:\Program Files\FreeFileSync
2021-04-10 20:57 - 2016-07-02 15:02 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-10 20:51 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-10 20:34 - 2020-11-19 01:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-10 20:34 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-10 20:34 - 2017-12-25 19:42 - 000000000 ___RD C:\Users\Karol\3D Objects
2021-04-10 20:32 - 2017-01-06 18:25 - 000000000 ____D C:\Users\Chuck\AppData\Local\Everything
2021-04-10 20:32 - 2016-12-27 21:36 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Everything
2021-04-10 20:32 - 2016-07-13 23:40 - 000014744 _____ C:\WINDOWS\Sandboxie.ini
2021-04-10 20:31 - 2017-12-25 18:43 - 000000000 ____D C:\Users\Chuck\AppData\Local\Packages
2021-04-10 20:31 - 2016-11-30 14:36 - 000000000 ____D C:\Users\Chuck\AppData\LocalLow\Mozilla
2021-04-10 20:27 - 2015-09-09 10:44 - 000000000 ____D C:\Program Files\Sandboxie
2021-04-10 20:12 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-10 20:10 - 2015-08-16 20:23 - 000000000 ____D C:\Users\Chuck\AppData\Local\VirtualStore
2021-04-10 20:06 - 2017-12-25 19:22 - 000000000 ___RD C:\Users\Chuck\3D Objects
2021-04-10 19:20 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-10 19:19 - 2021-01-27 13:04 - 000000000 ____D C:\WINDOWS\system32\Download
2021-04-10 19:19 - 2020-11-19 01:33 - 000000000 ____D C:\ProgramData\Packages
2021-04-10 19:19 - 2020-11-04 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-10 19:19 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\IME
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-10 19:19 - 2019-06-19 12:58 - 000000000 ____D C:\Program Files\UNP
2021-04-10 19:19 - 2019-04-03 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-04-10 19:19 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-10 19:19 - 2019-01-05 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-04-10 19:19 - 2018-10-14 02:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-10 19:19 - 2018-08-18 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2021-04-10 19:19 - 2018-06-19 00:44 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-04-10 19:19 - 2018-06-10 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash
2021-04-10 19:19 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2021-04-10 19:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-10 19:19 - 2017-08-17 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-04-10 19:19 - 2017-04-25 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2021-04-10 19:19 - 2016-10-08 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2021-04-10 19:19 - 2016-10-08 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2021-04-10 19:19 - 2016-08-10 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2021-04-10 19:19 - 2016-07-30 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2021-04-10 19:19 - 2016-05-16 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-10 19:19 - 2016-04-27 08:32 - 000000000 ____D C:\WINDOWS\ShellNew
2021-04-10 19:19 - 2016-04-11 10:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-04-10 19:19 - 2016-04-08 00:24 - 000000000 ____D C:\WINDOWS\system32\oodag
2021-04-10 19:19 - 2016-03-22 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\en
2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\cs
2021-04-10 19:19 - 2015-08-19 13:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2021-04-10 19:19 - 2015-08-18 12:23 - 000000000 ____D C:\WINDOWS\SysWOW64\SDA
2021-04-10 19:19 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-10 19:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-10 19:15 - 2020-11-19 01:32 - 000003286 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-10 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-04-10 19:11 - 2018-01-18 00:07 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-04-10 19:10 - 2016-07-02 15:26 - 000023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-04-10 19:08 - 2019-11-09 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-04-10 19:08 - 2019-04-04 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-04-10 19:08 - 2017-04-07 20:37 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-04-10 19:08 - 2017-04-07 20:35 - 000000000 ____D C:\Program Files\Synaptics
2021-04-10 19:08 - 2016-03-15 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installed apps
2021-04-10 19:08 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Microsoft Games
2021-04-10 18:58 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media
2021-04-10 18:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-10 18:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-10 18:41 - 2020-04-05 14:48 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2021-04-10 18:41 - 2019-12-18 01:19 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Calendar
2021-04-10 18:41 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-10 18:41 - 2018-10-28 21:20 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XYplorer
2021-04-10 18:41 - 2018-03-25 15:44 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2021-04-10 18:41 - 2017-06-07 12:51 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-10 18:41 - 2017-05-09 15:14 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-04-10 18:41 - 2016-12-27 21:52 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-10 18:41 - 2016-10-08 20:20 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2021-04-10 18:37 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-04-10 18:36 - 2019-11-17 22:26 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wReplace
2021-04-10 18:32 - 2016-03-11 16:07 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Apps
2021-04-10 18:29 - 2020-11-19 01:32 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-10 18:28 - 2018-07-04 15:11 - 000001727 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2021-04-10 18:21 - 2020-11-19 00:29 - 000457224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-10 18:07 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\OCR
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-10 17:20 - 2019-12-07 11:10 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2021-04-10 17:20 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2021-04-10 17:20 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2021-04-10 17:20 - 2019-12-07 11:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2021-04-10 17:19 - 2019-12-07 11:10 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2021-04-10 17:19 - 2019-12-07 11:10 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2021-04-10 17:19 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2021-04-10 13:31 - 2016-11-30 12:49 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2021-04-10 02:29 - 2020-11-08 02:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-10 02:29 - 2009-07-14 04:34 - 000000478 _____ C:\WINDOWS\win.ini
2021-04-09 22:32 - 2010-11-21 05:27 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2019-01-07 02:22 - 2019-01-07 02:22 - 000000000 _____ () C:\Users\Chuck\AppData\Local\oobelibMkey.log
2016-05-14 23:27 - 2018-01-28 02:26 - 000007608 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

FRST Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Chuck (05-05-2021 00:13:52)
Running from C:\Users\Karol\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2021-04-10 17:16:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2887156172-1520988294-1417751805-500 - Administrator - Disabled) => C:\Users\Administrator
Chuck (S-1-5-21-2887156172-1520988294-1417751805-1000 - Administrator - Enabled) => C:\Users\Chuck
DefaultAccount (S-1-5-21-2887156172-1520988294-1417751805-503 - Limited - Disabled)
Guest (S-1-5-21-2887156172-1520988294-1417751805-501 - Limited - Disabled)
Karol (S-1-5-21-2887156172-1520988294-1417751805-1001 - Limited - Enabled) => C:\Users\Karol
WDAGUtilityAccount (S-1-5-21-2887156172-1520988294-1417751805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.609 - ABBYY Production LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Alcatel onetouch Manager (HKLM-x32\...\{773A349F-182A-0200-0000-000000000000}) (Version: 13.09.2754 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{FE960639-C7F8-5888-3CB2-68823485A9C0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI PE Builder 1.4 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Aspell Czech Dictionary-0.50-2 (HKLM-x32\...\Aspell Czech Dictionary_is1) (Version: - GNU)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Commumication Technology Holdings Limited)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FeedDemon (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 11.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.9 - FreeFileSync.org)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Calendar Backup Utility (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\389f93cb6637d3c1) (Version: 1.0.0.4 - Google Calendar)
GPL Ghostscript 8.63 (HKLM-x32\...\GPL Ghostscript 8.63) (Version: - )
GTD Timer (HKLM-x32\...\{4C1F2B9C-9005-441A-B39B-04C0147A0ABF}) (Version: 2012.12.11.120 - ProductivityScientific.com)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{48D74C03-3D33-4A7E-9D93-A59FE58C1DEA}) (Version: 2.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{3DFFDA17-EE5C-4C09-AB0B-29CD4A9E6C9C}) (Version: 12.10.49.21 - HP)
I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Macrium Reflect Free Edition (HKLM\...\{5037EDD4-FD4D-43EC-8BBA-BE93D60FCCEA}) (Version: 7.2.4524 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-500\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 85.0 (x64 en-US) (HKLM\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 85.0.0.7688 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NoteBook FanControl (HKLM-x32\...\{6ccab7ac-feb0-4395-97e3-75cd6f6c407b}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (HKLM-x32\...\{C027E819-C64C-443E-B6D5-755FE4A7A925}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) Hidden
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.8.1 - Duodian Technology Co. Ltd.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
Polski (Akcent) (HKLM\...\{E09BE865-9D80-4440-A740-B1E620ABCC7C}) (Version: 1.0.3.40 - FontyPL)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sandboxie 5.49.0 (64-bit) (HKLM\...\Sandboxie) (Version: 5.49.0 - sandboxie-plus.com)
Screencast-O-Matic v2.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Tempus 1.6.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\daf97551-8b86-5eb9-af1a-781f2e64e703) (Version: 1.6.0 - Keziah Moselle)
TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector)
Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 2.11.1811.47 - Vivaldi Technologies AS.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
wReplace 1.2 Free (HKLM-x32\...\wReplace) (Version: 1.2 Free - SharkTime.com)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
Zen Focus 2.1.0 (only current user) (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\c677a390-e872-5285-bff8-d982a2943b74) (Version: 2.1.0 - builtwithluv)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.180.400.0_x86__kgqvnymyfvs32 [2020-11-08] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-07-02] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> D:\Karol\Archive\1.Extensions\Software\Portable\x32\Audio+Video\info\MediaInfo_20.03\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2012-04-11 10:40 - 2012-04-11 10:40 - 000067584 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.dll
2018-07-04 15:11 - 2012-03-29 22:48 - 000200288 _____ (Andrea Electronics -> Andrea Electronics Corporation) [File not signed] C:\WINDOWS\system32\AESTAC64.dll
2017-04-25 01:36 - 2015-05-21 14:32 - 002403504 _____ (Aomei Technology Co., Limited -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-04-25 01:36 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI Backupper\vcomp.dll
2021-03-31 12:39 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-05-06 00:49 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\Newtonsoft.Json.dll
2018-05-06 00:49 - 2018-01-26 17:08 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCollect.dll
2018-05-06 00:49 - 2018-01-26 17:08 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> DefaultScope {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1439752415659
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-15 14:25 - 2019-01-09 16:32 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\Chuck\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NoteBook FanControl\
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\Control Panel\Desktop\\Wallpaper -> D:\Karol\Archive\1.Extensions\Pictures\noneducation\windows\my wallpapers\w7\w7 original.jpg
HKU\S-1-5-21-2887156172-1520988294-1417751805-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 193.17.47.1 - 185.43.135.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 4: VMware Bridge Protocol -> vmware_bridge (disabled)
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled)
Wi-Fi 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 5: VMware Bridge Protocol -> vmware_bridge (disabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\StartupFolder: => "Odeslat do OneNote.lnk"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E4E5B7BA-3805-4503-87D2-3132E6D2A58D}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org)
FirewallRules: [TCP Query User{4A845E45-69D2-460E-8077-8F64267454F1}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org)
FirewallRules: [{1B18EE24-2C06-4389-A621-8728598A755E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E3C5F5D6-E1CF-4795-AA71-65869D5CABBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{28DB69DC-CB76-4500-87BF-E513E5A60372}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6FFE87D3-D49E-4F9E-BD2F-12D05D8ADA86}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFBCE3C0-69C5-4F27-9437-BCFB56D1BCB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04B41ED7-C243-4588-85C4-0E994E7BDAB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F4DEC00-723A-457D-9715-E56615B2695C}] => (Allow) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{6C325D68-4916-4008-8465-4211042665C7}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed]
FirewallRules: [TCP Query User{A20F3443-19FA-464E-AA3A-C3A4FBB76C47}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed]
FirewallRules: [UDP Query User{27812ED6-66BF-454E-AD15-F77FB3C305BC}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File
FirewallRules: [TCP Query User{DC10A911-B724-4E5F-AFF9-41839313603C}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File
FirewallRules: [UDP Query User{A57FB4D8-CEFE-4323-B466-1ED362B05D23}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{6CBC343A-B32D-4D27-A2C2-B445DC9379F0}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{67E623D5-8528-48E5-B9CD-AE26DA2CB7CB}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{24699CC1-04A2-4586-85D8-83E3F84EFF6F}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8B7544A2-FBF3-46B1-BBC4-F85A3049F987}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9C381A54-BD38-4707-9A66-D27E20E38568}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65C21616-EA67-4E69-8B72-38EE08040D32}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C808EAA-9C68-4049-90F3-2B73FEE9989B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB768007-57F7-4EF1-89C4-CD6C24DA582E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFE4330E-6A08-4B94-993D-2F67870CBDB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{89491690-4B23-44A3-AF35-3C2D443A2048}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{FAAE1722-9134-4B17-9AB7-D254CC7C32CB}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{F303C763-78E7-42E0-8B0A-0BA41BF8E80A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{1A027C43-B62B-4969-A6DC-D00355C0416B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [{C003F9D7-46D5-4620-B8D0-EA49F30B01FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31AA79F8-C91F-4D9D-8600-74FFF9533DAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{B62F5544-D1D4-4248-812D-38A79BA37B42}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{313580C3-6999-4612-B419-4C42088889AA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{E464F73B-75D6-4D10-9EE8-0F9BA808C812}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{DF5EE57A-7663-486A-9C48-223AF1AA996B}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{EAAE6AE0-3AAC-452D-9E19-62B4A95A8E50}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed]
FirewallRules: [UDP Query User{4ED501D0-A4B7-4C05-9A67-CC5E9A2B6CD1}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed]
FirewallRules: [TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [{B68FC80D-B466-4F33-A222-C7BE4DF964D6}] => (Allow) C:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{A7E785DE-5682-41F6-9EC4-A5E3938432BD}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C5AE4DA6-621D-400D-89A8-12A0EB1E525B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{2C5BAF74-347E-4989-B1BC-B80CDB4FAEC4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2021 09:38:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {5689fd06-11d2-459b-a8dc-a4ded3193181}

Error: (05/04/2021 09:38:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {b3d47975-909f-4fa6-a3a4-61cb7461a428}

Error: (05/03/2021 03:49:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/03/2021 03:49:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}


System errors:
=============
Error: (05/04/2021 11:28:28 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 10:27:02 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: Server Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/04/2021 10:26:49 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 09:48:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/04/2021 09:36:56 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 09:22:23 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 09:11:52 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 09:08:13 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax.AppXnd7rsx17rcmjf7x4y33cgsex7qrrtn8z.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x27e26f40ye031y48a6yb130yd1f20388991ax.AppX09jg2mz3yagbcrg7v3ym4r2ykqy91j5x.mca


Windows Defender:
================
Date: 2021-05-02 12:13:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3AA02220-547F-4598-8C68-FF892A342137}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: HP\Karol

Date: 2021-05-02 11:47:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar; file:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar->xplorer2.Pro.Ult.4.4.0.1.KaranPC\X24LG.1.1.zip->LicGen.exe; webfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar|http://51.15.165.169/karanpc.com/cloud/ ... 4205517669
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: HP\Karol
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.337.336.0, AS: 1.337.336.0, NIS: 1.337.336.0
Verze modulu: AM: 1.1.18100.5, NIS: 1.1.18100.5

Date: 2021-05-02 20:44:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.336.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-30 20:56:51
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.186.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-26 21:38:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1700.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-22 20:39:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80072f78
Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu.

Date: 2021-04-22 20:39:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80072f78
Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu.

==================== Memory info ===========================

BIOS: Hewlett-Packard 68CPC Ver. F.40 03/11/2013
Motherboard: Hewlett-Packard 168B
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 94%
Total physical RAM: 3552.11 MB
Available physical RAM: 177.77 MB
Total Virtual: 7136.11 MB
Available Virtual: 1693.79 MB

==================== Drives ================================

Drive c: (WINDOWS+APPS) (Fixed) (Total:151.03 GB) (Free:47.61 GB) NTFS
Drive d: (MY DATA) (Fixed) (Total:424.7 GB) (Free:21.94 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:15.15 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32

\\?\Volume{27ffcf37-4440-11e5-a4d0-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E920C45C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=575.7 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21F92A90-397C-41F7-B647-3C7C92C85E69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2CBFACDF-FEB3-40D5-9A86-871E18B5F012} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {31537973-BF08-414E-8C18-016AA2E10735} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {412CE83E-2101-4893-9CC4-11104E16CA07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4E0434D3-837C-4592-8AD5-F59D150F5726} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {54460751-1A6C-481B-B80E-1657AE7D6D05} - \My Tasks\Empty Windows Recycle Bin. -> No File <==== ATTENTION
Task: {735ECD01-6F6A-454E-9E9F-E022C90C75CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {921EEFB9-8FB3-4F6E-9561-FC780AD28532} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {90720BA0-4D63-49B6-A8FA-795E6C5D4BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {8A918489-8464-4268-BDEA-20B9CC9401DC} - System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop
Task: {AE2D77F8-E407-43CA-AE5F-C1476B92DE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B1FBC68E-EC26-41FC-8424-AC3EF5202884} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1973331-1B79-42A7-8162-BEB646BFE905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {EB2D4759-3947-46A1-AB62-1090FED2DF37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ECB03397-042A-4568-94E5-933D1AF35C2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EFED7834-A78C-4E66-8466-35A13701DFF5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
U3 idsvc; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E}
C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6}
C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54}
C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C}
C:\DumpStack.log.tmp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{B62F5544-D1D4-4248-812D-38A79BA37B42}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{313580C3-6999-4612-B419-4C42088889AA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#7 Příspěvek od SGC »

Log se objevil a tak je tady:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Chuck (05-05-2021 14:30:35) Run:1
Running from C:\Users\Karol\Desktop
Loaded Profiles: Chuck & Karol & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21F92A90-397C-41F7-B647-3C7C92C85E69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2CBFACDF-FEB3-40D5-9A86-871E18B5F012} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {31537973-BF08-414E-8C18-016AA2E10735} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {412CE83E-2101-4893-9CC4-11104E16CA07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4E0434D3-837C-4592-8AD5-F59D150F5726} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {54460751-1A6C-481B-B80E-1657AE7D6D05} - \My Tasks\Empty Windows Recycle Bin. -> No File <==== ATTENTION
Task: {735ECD01-6F6A-454E-9E9F-E022C90C75CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {921EEFB9-8FB3-4F6E-9561-FC780AD28532} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {90720BA0-4D63-49B6-A8FA-795E6C5D4BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {8A918489-8464-4268-BDEA-20B9CC9401DC} - System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop
Task: {AE2D77F8-E407-43CA-AE5F-C1476B92DE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B1FBC68E-EC26-41FC-8424-AC3EF5202884} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1973331-1B79-42A7-8162-BEB646BFE905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {EB2D4759-3947-46A1-AB62-1090FED2DF37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ECB03397-042A-4568-94E5-933D1AF35C2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EFED7834-A78C-4E66-8466-35A13701DFF5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
U3 idsvc; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E}
C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6}
C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54}
C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C}
C:\DumpStack.log.tmp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{B62F5544-D1D4-4248-812D-38A79BA37B42}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{313580C3-6999-4612-B419-4C42088889AA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21F92A90-397C-41F7-B647-3C7C92C85E69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F92A90-397C-41F7-B647-3C7C92C85E69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CBFACDF-FEB3-40D5-9A86-871E18B5F012}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CBFACDF-FEB3-40D5-9A86-871E18B5F012}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31537973-BF08-414E-8C18-016AA2E10735}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31537973-BF08-414E-8C18-016AA2E10735}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{412CE83E-2101-4893-9CC4-11104E16CA07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{412CE83E-2101-4893-9CC4-11104E16CA07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E0434D3-837C-4592-8AD5-F59D150F5726}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E0434D3-837C-4592-8AD5-F59D150F5726}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54460751-1A6C-481B-B80E-1657AE7D6D05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54460751-1A6C-481B-B80E-1657AE7D6D05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\My Tasks\Empty Windows Recycle Bin." => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{735ECD01-6F6A-454E-9E9F-E022C90C75CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735ECD01-6F6A-454E-9E9F-E022C90C75CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{921EEFB9-8FB3-4F6E-9561-FC780AD28532}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{921EEFB9-8FB3-4F6E-9561-FC780AD28532}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90720BA0-4D63-49B6-A8FA-795E6C5D4BCD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90720BA0-4D63-49B6-A8FA-795E6C5D4BCD}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A918489-8464-4268-BDEA-20B9CC9401DC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A918489-8464-4268-BDEA-20B9CC9401DC}" => removed successfully
C:\WINDOWS\System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{768B319C-4286-4539-9A64-D45279719C54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE2D77F8-E407-43CA-AE5F-C1476B92DE54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE2D77F8-E407-43CA-AE5F-C1476B92DE54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1FBC68E-EC26-41FC-8424-AC3EF5202884}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1FBC68E-EC26-41FC-8424-AC3EF5202884}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1973331-1B79-42A7-8162-BEB646BFE905}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1973331-1B79-42A7-8162-BEB646BFE905}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB2D4759-3947-46A1-AB62-1090FED2DF37}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2D4759-3947-46A1-AB62-1090FED2DF37}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECB03397-042A-4568-94E5-933D1AF35C2A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB03397-042A-4568-94E5-933D1AF35C2A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFED7834-A78C-4E66-8466-35A13701DFF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFED7834-A78C-4E66-8466-35A13701DFF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E} => moved successfully
C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6} => moved successfully
"C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54}" => not found
C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C} => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\Software\Classes\CLSID\{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\TeraCopy => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B62F5544-D1D4-4248-812D-38A79BA37B42}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{313580C3-6999-4612-B419-4C42088889AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe" => removed successfully
"D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6797486 B
Java, Flash, Steam htmlcache => 715 B
Windows/system/drivers => 125317629 B
Edge => 5446262 B
Vivaldi => 74752347 B
Firefox => 491558021 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
ProgramData => 7680 B
Public => 7680 B
systemprofile => 7680 B
systemprofile32 => 7680 B
LocalService => 10126 B
NetworkService => 19259006 B
Chuck => 20027305 B
Karol => 141712489 B
Administrator => 141723759 B
DefaultAppPool => 141723759 B

RecycleBin => 2262 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#8 Příspěvek od Rudy »

Bylo smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#9 Příspěvek od SGC »

Tak o trošku svižnější reakce, ale můžu teď aspoň říct Vodafonu, že tenhle počítač není ničím infikovaný, takže není ani v žádném botnetu. A tím se dostávám ještě k jedné věci, šlo by mi zkontrolovat ještě jeden počítač, který je připojen k té síti Vodafone taky? Aby třeba ten nebyl v tom botnetu. Více počítačů tady fakt už nemám. 😀

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#10 Příspěvek od Rudy »

Jistě. Dejte z něj logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#11 Příspěvek od SGC »

Díky, tak tady jsou.

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-04-2021
Ran by Comp (administrator) on MAIN-HOME-PC (MICRO-STAR INTERNATIONAL CO.,LTD MS-7529) (05-05-2021 09:41:50)
Running from C:\Users\Maminka\Desktop
Loaded Profiles: Maminka & Comp
Platform: Microsoft Windows 10 Home Version 20H2 19042.928 (X86) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed] C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\NisSrv.exe
(Opera Software AS -> Opera Software) C:\Users\Maminka\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>
0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x86__8wekyb3d8bbwe\Cortana.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.215.0_x86__8wekyb3d8bbwe\YourPhone.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6707744 2008-12-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-26] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM\...\Run: [AMP WinOFF] => c:\program files\amp winoff\winoff_admin.exe [120320 2016-11-04] (Alberto Martínez Pérez) [File not signed]
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [4511712 2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1710880 2019-02-04] (voidtools -> voidtools)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [2665624 2019-02-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Run: [Avast Browser] => C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateCore.exe
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Run: [Opera Browser Assistant] => C:\Users\Maminka\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Maminka\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Maminka\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\RunOnce: [Uninstall 21.052.0314.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maminka\AppData\Local\Microsoft\OneDrive\21.052.0314.0001"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [18603096 2020-02-28] (Cyfrowy Polsat S.A. -> Cyfrowy Polsat S.A.)
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Run: [Windows Shutdown Assistant] => C:\Program Files\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe [2566992 2016-11-26] (APOWERSOFT LIMITED -> Apowersoft)
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-438729375-2292271272-1643045957-1011\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1011\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows NT x86\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\W32X86\hpzppWN7.dll [90624 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\LIDIL hpzllwn7: C:\WINDOWS\system32\hpzllwn7.dll [37888 2009-07-14] (Microsoft Windows -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PDFCreator: C:\WINDOWS\system32\pdfcmnnt.dll [116224 2001-10-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-05-04] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AppInit_DLLs: C:\Windows\System32\guard32.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiseAutoShutdown.exe – zástupce.lnk [2016-08-11]
ShortcutTarget: WiseAutoShutdown.exe – zástupce.lnk -> C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Startup: C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-08-16]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) [File not signed]
Startup: C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-01-17]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () [File not signed]
Startup: C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-08-13] ()
Startup: C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2011-08-24] ()
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-07-14]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () [File not signed]
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReIcon.lnk [2019-06-20]
ShortcutTarget: ReIcon.lnk -> C:\ProgramData\ReIcon\ReIcon.exe (Sordum Software -> www.sordum.org) [File not signed]
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WiseAutoShutdown.exe – zástupce.lnk [2016-07-22]
ShortcutTarget: WiseAutoShutdown.exe – zástupce.lnk -> C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-438729375-2292271272-1643045957-1006\User: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015242DB-2F89-4EBD-8FDF-6BD803962AF1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {01A02A3B-F5CF-4060-B603-9DB9E97726E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {05D5BDAC-A502-41DC-843B-CF7DC12519A9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B6A283E-9D3C-43D2-A858-C23455E817E0} - \User_Feed_Synchronization-{F6CE3E0C-74CC-46CF-8C45-DE2FE86C5794} -> No File <==== ATTENTION
Task: {0C078A32-ACEF-4254-8C09-403C0DCD927D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0DF62F0D-CB25-452A-90B1-3BE4AB6632E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {10D35043-6050-486C-A622-F3A0BE2354CA} - System32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {18934300-EBAE-442F-89D4-A7FCE2F9D735} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {18DFFA26-3033-4BF3-B01B-DECC20D7966B} - System32\Tasks\SafeZone scheduled Autoupdate 1495997204 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {195E46F2-1FFD-4E38-948F-8A8D4E3421E9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => C:\Users\Karlíček\AppData\Local\Facebook\Update\FacebookUpdate.exe [137536 2011-08-04] (Facebook, Inc. -> Facebook Inc.)
Task: {19AC77B2-FB2A-4F4B-9CA6-3A4AAA3B9780} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E78C6BE-B0EA-4925-9497-3661BCC27FF6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {1ED0DF46-3514-4EEA-A0BE-17E8565693AC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {249109C3-27C3-47D5-AFAD-0B86AE985523} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {260B3ED2-B82A-4142-9270-8CE3627D4AB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => C:\Users\Karlíček\AppData\Local\Facebook\Update\FacebookUpdate.exe [137536 2011-08-04] (Facebook, Inc. -> Facebook Inc.)
Task: {2B1FE9CB-695A-48F5-B056-E20CCCB31480} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {33D3B1F4-CABC-4E39-8515-8DA45E152008} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34A72D6B-A250-45E7-82E1-163F152D961A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {3551C8B2-42C6-49A4-8270-16C427C30739} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {3849242C-32A4-4BF6-8920-21C7ABCBA81F} - System32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8} => C:\Windows\system32\pcalua.exe -a D:\Network\Realtek\giga\setup.exe -d D:\Network\Realtek\giga
Task: {3B6A652E-170D-4CD8-A005-E46BB90382A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {495E5763-59D0-4345-888C-EAAFA8890868} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4C0FACD6-1E96-4695-8494-43AAC947D2C7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1003 => C:\Users\Comp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {506791CB-50F0-41D5-B3F0-F5E446708C23} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {5537E4DE-8C56-469D-B3D5-243FE98B1047} - System32\Tasks\hibernace => C:\Windows\System32\shutdown.exe [23552 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {5644836C-B191-496E-A5FE-8FDEFBF417CC} - System32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD} => C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\IM's\PidginPortable\PidginPortable.exe
Task: {5813F2CC-E3A9-4FCE-9F9A-70A2A874820F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D48026B-AF3D-44A9-BCA1-C97321C3932A} - System32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5 => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {5E958D49-305D-4448-8EB5-D9D864B7E79B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5F4F897B-B0CE-4828-9090-F5B5D196E166} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {62981A1A-B20F-44BB-AB42-82FBEB428CBE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {63964FE2-D964-4AA3-8EA9-7F398B160F82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6550E7AA-9883-4D45-ACCC-98B774C0BA8A} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe [2105872 2017-04-13] (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Task: {6AC715AE-BEBD-46F7-BBB9-B935C4BB5B82} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6D4ACAAF-9FC4-4BA4-A882-17A2E351F847} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E24FBDE-F099-4764-A196-DA75F21850AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F48DD67-5E4E-426C-8356-59D1E94CACA9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {73ED9B17-01AC-4003-B5A8-C311469EA34E} - System32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE} => "c:\program files\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {751FF52F-9341-401F-AB6E-38615B80DDED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CA8241D-FFA2-4917-BABC-A3E152FA47BD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E30EFDB-2AF0-4FFD-981B-B5D652F930E7} - System32\Tasks\Opera scheduled Autoupdate 1375252152 => C:\Users\Maminka\AppData\Local\Programs\Opera\launcher.exe [1596568 2021-04-26] (Opera Software AS -> Opera Software)
Task: {80B5D156-FB47-491B-87B2-4CF63E5FB411} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8645CF15-736A-481C-872F-3DB682F6E636} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {883C1EF1-F845-4B48-BA9B-6F312BB8ACDD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {89AF9E6D-02B9-48DF-9409-502D36DA7A7A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {8C01AA03-E6FB-489F-AA99-A642331A0F83} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8E40374D-17C7-4BC1-B2DE-7EFC96B336BF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {935DE609-F220-40F3-8CBD-E9B44720B742} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7948FFA-2DA2-4F40-86B8-558E381DBF21} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A79B4017-AD29-4A3E-A50D-ACD33CA96227} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A7C54477-069E-43CD-A580-DF067FA4D12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {AA88399F-D4AF-4D5C-8D13-11A24193D9BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {AC7EA363-4AF6-42EE-82AC-0C74AB25E008} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD2FD4C0-D899-4026-8572-12B16F86723D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE5FBBF7-B757-4CCB-9F1B-A696BC58B586} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Comp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {AFAE27B5-5A37-4AA1-ADFD-49FDCC68652A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1004 => C:\Users\Comp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B8988841-0F94-424D-9FB3-667961196B58} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B8E8B954-C42C-4542-A57A-1466504BFF28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD16A4EE-F9EC-44A3-BFAC-C4028FCAB40A} - System32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16} => "c:\program files\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {BFF70B1C-6A24-4ABF-AF73-190FADA754F2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C04D2E67-E8A3-42F0-9DD5-A2EBE4EA8240} - System32\Tasks\WiseCleaner\WASSkipUAC => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe [2105872 2017-04-13] (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Task: {C3B2E8E9-2725-4CDE-934A-43BAF780D90F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C5599F6A-4F0D-483F-986A-00D82EF60110} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5925743-D8D2-4BAD-B946-4F5280409621} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C86B9A99-54EF-49CB-9CE2-593C72C1D26F} - System32\Tasks\{BAB4145C-E88F-4A66-819C-2BE60CDC7AD3} => "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ ... adedefault
Task: {CA43540F-9B84-4677-BD6C-A0A84FD54F4C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC1EE004-12D3-4192-A6FF-4EF178F5FF36} - System32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE} => C:\Program Files\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Software Sarl -> Skype Technologies S.A.)
Task: {CF743BEF-1921-49AB-98D5-C3390F6DC961} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {D001CFFF-1324-4A99-AA4A-1D853F3FCF9A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [642544 2021-04-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D06E5AFB-13BA-4766-92D3-B31850A7D85A} - System32\Tasks\{DD90D3CF-2969-4A94-800E-8C9D9455F1A2} => "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ ... adyoffered
Task: {D7969268-B43F-4B73-8054-98E4F89030EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {D88FC983-0258-4DD7-97CA-47BDF27A81E2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DA891CFC-6C6E-4350-A6A9-23373A95F72F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E23E02EB-5F77-441D-A7C3-DA6412071E8F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E28D5973-CFB8-4EC9-AB5B-DA444FF12971} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore1d5ff07347049de" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA1d5ff0734b56ec5" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d72c01217d5f68" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task v2" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1003" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1004" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\Opera scheduled assistant Autoupdate 1581104545" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1375252152" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\PostponeDeviceSetupToast_S-1-5-21-438729375-2292271272-1643045957-1004_0" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{F7262D93-127A-4F3F-92C3-929FCF75FC8B}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\Wise Auto Shutdown Task" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\Wise Auto Shutdown Task.job" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\{44133E25-8CA6-44B6-B401-C336A0E15969}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\{ACE7A557-8088-40F3-914A-358B1A8996BE}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(24): schtasks.exe -> /Change /TN "\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(25): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E6CCF2EB-A756-47AB-9A8D-CDD8BFF501C5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {ED61A1AC-76F0-4B3C-9370-154671EBD304} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EF77B54C-DF4B-48F8-92D4-7ACE9B153E41} - System32\Tasks\Opera scheduled assistant Autoupdate 1581104545 => C:\Users\Maminka\AppData\Local\Programs\Opera\launcher.exe [1596568 2021-04-26] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Maminka\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {F0526EEA-83C5-43E9-9690-4F11B141E044} - System32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.22.0.109/cs/ ... rogressBar
Task: {F0E52D99-A829-4587-8E6B-D2CA78493BCB} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {F2069893-8E7D-44C5-81FC-2924A3B04DCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {F234F8D5-661F-4AF6-9ED2-815A17E68BB1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3D19692-0FB0-410D-BD9C-7A2044FEB8FD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {F560D2F4-E214-459A-A698-DCB19E07FE7B} - System32\Tasks\Wise Auto Shutdown Task => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe [2105872 2017-04-13] (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Task: {F75ABFF9-C1C0-4426-97EA-72DE2D60DFCA} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {FADFDA32-09F5-4390-BE58-20FC563B4C65} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {FB0D1C66-59FD-4653-92C3-253D5F56C008} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD98795F-7464-4D8B-B206-ED9C90C93F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FD9C5D81-FFD1-4958-B2B6-D5EFCEDB7A2A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {FF387E74-DC30-4AD1-BE15-ACD9A5DDB5B4} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Wise Auto Shutdown Task.job => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{8175a705-23af-461d-b23d-c7c59cd11b6f}: [DhcpNameServer] 213.46.172.38 213.46.172.39

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Comp\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-04]

FireFox:
========
FF DefaultProfile: fd93r2bu.default-1383898885237
FF ProfilePath: C:\Users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\fd93r2bu.default-1383898885237 [2021-05-04]
FF Extension: (Mozilla Archive Format) - C:\Users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\fd93r2bu.default-1383898885237\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2016-02-25] [Legacy]
FF Extension: (No Name) - C:\Users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\fd93r2bu.default-1383898885237\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-06-06]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2021-04-28] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation -> Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks -> TVU networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) [File not signed]
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc. -> Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Karlíček\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2011-08-11] (Skype Technologies SA -> Skype Limited)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karlíček\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-07-21] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @talk.google.com/O3DPlugin -> C:\Users\Karlíček\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-07-21] (Google Inc -> )
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Karlíček\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll [2011-07-31] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Karlíček\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll [2011-07-31] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karlíček\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @xenocode.com/Spoon Plugin 3.26 -> C:\Users\Karlíček\AppData\Local\Spoon\3.26.0.6\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Maminka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-08-11] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: SkypePlugin -> C:\Users\Maminka\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Návštěvník\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Comp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS -> Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fpgkjhpjldibdbbppfcabadmpfenkdfe] - <no Path/update_url>

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-438729375-2292271272-1643045957-1003) Opera - "C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Web Browsers\Opera.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed]
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Everything; C:\Program Files\Everything\Everything.exe [1710880 2019-02-04] (voidtools -> voidtools)
S4 HotspotShieldService; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [247808 2010-07-27] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [57640 2010-07-27] (AnchorFree Inc -> ) [File not signed]
S4 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [322608 2010-06-23] (AnchorFree Inc -> ) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4293488 2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 MsgPlusService; C:\Program Files\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [119296 2012-02-08] (Yuna Software) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [261272 2019-02-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [263504 2021-03-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\NisSrv.exe [1716720 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MsMpEng.exe [87648 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2016-07-25] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [17352 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 PAC7302; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
S3 PcaSp60; C:\WINDOWS\system32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [562176 2019-12-07] (Microsoft Windows -> Realtek)
S3 RTL8169; C:\WINDOWS\System32\DRIVERS\Rtlh86.sys [133120 2008-10-03] (Realtek Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [193656 2019-02-04] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (OpenVPN, Inc. -> The OpenVPN Project)
R3 taphss; C:\WINDOWS\System32\drivers\taphss.sys [32768 2010-06-16] (AnchorFree Inc -> AnchorFree Inc)
R1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [98704 2016-02-25] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [39328 2021-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [327904 2021-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53496 2021-05-04] (Microsoft Windows -> Microsoft Corporation)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 09:41 - 2021-05-05 09:44 - 000046326 _____ C:\Users\Maminka\Desktop\FRST.txt
2021-05-05 09:40 - 2021-05-05 09:43 - 000000000 ____D C:\FRST
2021-05-05 09:36 - 2021-05-05 09:36 - 002010624 _____ (Farbar) C:\Users\Maminka\Desktop\FRST.exe
2021-05-04 11:33 - 2021-05-04 11:33 - 012612600 _____ (AVAST Software) C:\Users\Comp\Downloads\avastclear.exe
2021-05-04 11:17 - 2021-05-04 11:17 - 012612600 _____ (AVAST Software) C:\Users\Maminka\Downloads\avastclear.exe
2021-05-03 12:31 - 2021-05-03 12:31 - 000002621 _____ C:\Users\Maminka\Downloads\smime.p7s
2021-04-28 13:41 - 2021-05-04 11:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-15 22:37 - 2021-05-04 11:44 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72c01217d5f68
2021-04-15 15:14 - 2021-04-15 15:14 - 001434336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 12:30 - 2021-04-14 12:30 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-10 14:10 - 2021-04-10 14:10 - 000218258 _____ C:\Users\Maminka\Downloads\prilohy_178365.zip
2021-04-08 10:35 - 2021-04-08 10:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-08 01:57 - 2021-04-08 01:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-04-08 01:55 - 2021-04-08 01:55 - 000000020 ___SH C:\Users\Comp\ntuser.ini
2021-04-08 01:48 - 2021-04-08 01:48 - 000000020 ___SH C:\Users\Maminka\ntuser.ini
2021-04-08 01:44 - 2021-05-04 11:48 - 000004204 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1375252152
2021-04-08 01:44 - 2021-05-04 11:47 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1004
2021-04-08 01:44 - 2021-05-04 11:46 - 000004208 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F7262D93-127A-4F3F-92C3-929FCF75FC8B}
2021-04-08 01:44 - 2021-05-04 11:44 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-08 01:44 - 2021-05-04 11:40 - 000003770 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1581104545
2021-04-08 01:44 - 2021-05-04 11:40 - 000003276 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-08 01:44 - 2021-05-04 11:40 - 000003104 _____ C:\WINDOWS\system32\Tasks\Wise Auto Shutdown Task.job
2021-04-08 01:44 - 2021-05-04 11:40 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1003
2021-04-08 01:44 - 2021-05-04 11:40 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-04-08 01:44 - 2021-05-04 11:40 - 000002504 _____ C:\WINDOWS\system32\Tasks\Wise Auto Shutdown Task
2021-04-08 01:44 - 2021-05-04 11:40 - 000002352 _____ C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002286 _____ C:\WINDOWS\system32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002286 _____ C:\WINDOWS\system32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002230 _____ C:\WINDOWS\system32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002012 _____ C:\WINDOWS\system32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE}
2021-04-08 01:44 - 2021-05-04 11:39 - 000003816 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2021-04-08 01:44 - 2021-05-04 11:39 - 000003648 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2021-04-08 01:44 - 2021-05-04 11:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5
2021-04-08 01:44 - 2021-05-04 11:39 - 000003406 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2021-04-08 01:44 - 2021-05-04 11:39 - 000003390 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-08 01:44 - 2021-05-04 11:39 - 000003194 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de
2021-04-08 01:44 - 2021-05-04 11:39 - 000003166 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-08 01:44 - 2021-05-04 11:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-08 01:44 - 2021-05-04 10:14 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-08 01:44 - 2021-04-22 18:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-08 01:44 - 2021-04-08 01:46 - 000003546 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA
2021-04-08 01:44 - 2021-04-08 01:46 - 000003274 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core
2021-04-08 01:44 - 2021-04-08 01:46 - 000003236 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-04-08 01:44 - 2021-04-08 01:46 - 000002490 _____ C:\WINDOWS\system32\Tasks\{BAB4145C-E88F-4A66-819C-2BE60CDC7AD3}
2021-04-08 01:44 - 2021-04-08 01:46 - 000002482 _____ C:\WINDOWS\system32\Tasks\{DD90D3CF-2969-4A94-800E-8C9D9455F1A2}
2021-04-08 01:44 - 2021-04-08 01:46 - 000002138 _____ C:\WINDOWS\system32\Tasks\SidebarExecute
2021-04-08 01:44 - 2021-04-08 01:45 - 000003512 _____ C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA
2021-04-08 01:44 - 2021-04-08 01:45 - 000003270 _____ C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core
2021-04-08 01:44 - 2021-04-08 01:45 - 000002734 _____ C:\WINDOWS\system32\Tasks\hibernace
2021-04-08 01:44 - 2021-04-08 01:44 - 000003424 _____ C:\WINDOWS\system32\Tasks\SafeZone scheduled Autoupdate 1495997204
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\WiseCleaner
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\moje úlohy
2021-04-08 01:44 - 2017-05-28 19:33 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2021-04-08 01:44 - 2010-08-06 14:49 - 000003080 _____ C:\WINDOWS\system32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD}
2021-04-08 01:44 - 2010-07-15 18:23 - 000003102 _____ C:\WINDOWS\system32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8}
2021-04-08 01:39 - 2021-04-08 01:44 - 000026673 _____ C:\WINDOWS\diagwrn.xml
2021-04-08 01:39 - 2021-04-08 01:44 - 000026673 _____ C:\WINDOWS\diagerr.xml
2021-04-08 01:31 - 2021-04-08 01:47 - 000000000 ____D C:\Windows.old
2021-04-08 01:20 - 2021-04-08 01:31 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-08 01:20 - 2021-04-08 01:20 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-04-08 01:10 - 2021-04-08 01:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-04-08 01:10 - 2021-04-08 01:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-08 01:05 - 2021-04-08 01:05 - 000000000 ____D C:\ProgramData\ssh
2021-04-08 00:58 - 2021-05-04 11:46 - 003355582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-08 00:56 - 2021-04-08 00:56 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-08 00:56 - 2021-04-08 00:56 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-08 00:56 - 2021-04-08 00:56 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-04-08 00:56 - 2021-04-08 00:56 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-08 00:56 - 2021-04-08 00:56 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-08 00:56 - 2021-04-08 00:56 - 000036160 _____ C:\WINDOWS\system32\HvSocket.dll
2021-04-08 00:55 - 2021-04-08 00:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-08 00:55 - 2021-04-08 00:55 - 000941568 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-08 00:55 - 2021-04-08 00:55 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-08 00:55 - 2021-04-08 00:55 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-08 00:55 - 2021-04-08 00:55 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-08 00:55 - 2021-04-08 00:55 - 000053760 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 001797120 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 001128520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-08 00:54 - 2021-04-08 00:54 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000266240 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000162304 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000045056 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-08 00:54 - 2021-04-08 00:54 - 000039936 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 001333760 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000611952 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000455680 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000235520 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000118784 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-08 00:53 - 2021-04-08 00:53 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-04-08 00:53 - 2021-04-08 00:53 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-08 00:52 - 2021-04-08 00:52 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-04-08 00:52 - 2021-04-08 00:52 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-08 00:52 - 2021-04-08 00:52 - 000330752 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000240640 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-08 00:52 - 2021-04-08 00:52 - 000148480 _____ C:\WINDOWS\system32\IHDS.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000128000 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-08 00:52 - 2021-04-08 00:52 - 000057344 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000047472 _____ C:\WINDOWS\system32\umpdc.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-04-08 00:52 - 2021-04-08 00:52 - 000010752 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-08 00:39 - 2019-04-18 19:49 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-04-08 00:38 - 2021-05-04 11:47 - 000002417 _____ C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2021-05-04 11:46 - 000723958 _____ C:\WINDOWS\system32\perfh019.dat
2021-04-08 00:38 - 2021-05-04 11:46 - 000143432 _____ C:\WINDOWS\system32\perfc019.dat
2021-04-08 00:38 - 2021-04-08 01:55 - 000000000 ____D C:\Users\Comp
2021-04-08 00:38 - 2021-04-08 01:48 - 000000000 ____D C:\Users\Maminka
2021-04-08 00:38 - 2021-04-08 01:39 - 000000000 ____D C:\Users\Karlíček
2021-04-08 00:38 - 2021-04-08 01:23 - 000000000 ____D C:\Users\Návštěvník
2021-04-08 00:38 - 2021-04-08 01:18 - 000000000 ____D C:\Users\Karol
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:37 - 000340720 _____ C:\WINDOWS\system32\perfi019.dat
2021-04-08 00:38 - 2021-04-08 00:37 - 000041686 _____ C:\WINDOWS\system32\perfd019.dat
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Návštěvník\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:37 - 2021-04-08 00:58 - 000000000 ____D C:\Users\Guest
2021-04-08 00:37 - 2021-04-08 00:37 - 000000000 ____D C:\WINDOWS\system32\ru
2021-04-08 00:37 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:33 - 2021-04-15 22:32 - 000461504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-08 00:33 - 2021-04-08 00:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-08 00:32 - 2021-04-08 00:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-08 00:26 - 2021-05-04 11:46 - 000738240 _____ C:\WINDOWS\system32\perfh015.dat
2021-04-08 00:26 - 2021-05-04 11:46 - 000144162 _____ C:\WINDOWS\system32\perfc015.dat
2021-04-08 00:26 - 2021-04-08 00:26 - 000343212 _____ C:\WINDOWS\system32\perfi015.dat
2021-04-08 00:26 - 2021-04-08 00:26 - 000041370 _____ C:\WINDOWS\system32\perfd015.dat
2021-04-08 00:26 - 2021-04-08 00:26 - 000000000 ____D C:\WINDOWS\system32\pl
2021-04-06 16:21 - 2021-04-08 01:49 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-06 16:20 - 2021-04-06 16:20 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 09:37 - 2016-11-19 14:04 - 000000000 ____D C:\Users\Maminka\AppData\LocalLow\Mozilla
2021-05-05 09:37 - 2012-05-10 13:56 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-04 13:03 - 2011-08-26 11:12 - 000000000 ____D C:\Program Files\JDownloader
2021-05-04 12:35 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-04 12:33 - 2019-12-07 08:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 12:21 - 2019-04-24 20:04 - 000000000 ____D C:\Users\Maminka\AppData\Local\AVAST Software
2021-05-04 12:21 - 2017-05-28 20:45 - 000000000 ____D C:\Users\Maminka\AppData\Roaming\AVAST Software
2021-05-04 11:55 - 2018-05-15 23:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-04 11:52 - 2019-12-07 08:12 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-04 11:51 - 2020-10-29 01:17 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-04 11:51 - 2020-10-29 01:17 - 000002227 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-04 11:49 - 2016-07-12 11:28 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-04 11:48 - 2017-06-30 19:38 - 000001445 _____ C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-05-04 11:47 - 2016-07-05 20:43 - 000000000 ___RD C:\Users\Maminka\OneDrive
2021-05-04 11:46 - 2019-12-07 14:21 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-04 11:46 - 2019-12-07 14:21 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-04 11:46 - 2019-12-07 08:10 - 000000000 ____D C:\WINDOWS\INF
2021-05-04 11:40 - 2016-07-04 09:27 - 000000426 _____ C:\WINDOWS\Tasks\Wise Auto Shutdown Task.job
2021-05-04 11:39 - 2012-05-10 13:56 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2021-05-04 11:39 - 2011-09-26 20:43 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-04 11:38 - 2019-12-07 08:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-04 11:35 - 2017-05-28 20:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-05-04 11:33 - 2017-05-28 19:12 - 000000000 ____D C:\Users\Comp\AppData\LocalLow\Mozilla
2021-05-04 11:31 - 2011-03-26 15:23 - 000001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-30 11:28 - 2020-10-24 21:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-29 12:52 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-22 10:46 - 2019-06-19 15:31 - 000000000 ____D C:\Users\Maminka\AppData\Roaming\Everything
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 15:30 - 2019-12-07 08:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-15 15:30 - 2019-12-07 08:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-15 15:14 - 2010-07-15 14:40 - 000414044 __RSH C:\bootmgr
2021-04-14 15:46 - 2013-08-15 03:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 15:30 - 2010-07-15 17:45 - 128249400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 15:29 - 2013-06-06 14:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-04-14 15:21 - 2009-07-14 04:04 - 000000786 _____ C:\WINDOWS\win.ini
2021-04-14 12:30 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-04-09 22:19 - 2015-07-26 09:22 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-04-09 15:49 - 2019-03-20 15:12 - 000000000 ____D C:\Users\Maminka\Desktop\DANUTA
2021-04-08 10:29 - 2020-01-25 18:57 - 000647560 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-04-08 10:06 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-08 10:05 - 2017-12-23 05:12 - 000000000 ____D C:\Users\Maminka\AppData\Local\Packages
2021-04-08 02:08 - 2019-12-07 08:12 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-08 01:51 - 2018-08-09 17:47 - 000000000 ____D C:\ProgramData\Packages
2021-04-08 01:51 - 2017-12-23 09:15 - 000000000 ___RD C:\Users\Maminka\3D Objects
2021-04-08 01:51 - 2016-04-27 06:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-08 01:46 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Windows NT
2021-04-08 01:45 - 2019-12-07 08:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-08 01:44 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Registration
2021-04-08 01:44 - 2019-12-07 08:12 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-08 01:44 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-08 01:32 - 2019-12-07 08:12 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\spool
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\IME
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\System
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\schemas
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-08 01:32 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-08 01:32 - 2017-04-11 14:57 - 000000000 ____D C:\WINDOWS\PixArt
2021-04-08 01:32 - 2016-04-27 06:18 - 000000000 ____D C:\WINDOWS\ShellNew
2021-04-08 01:32 - 2014-11-20 19:15 - 000000000 ____D C:\WINDOWS\system32\vbox
2021-04-08 01:32 - 2011-10-19 20:44 - 000000000 ____D C:\WINDOWS\system32\TVUAx
2021-04-08 01:32 - 2011-02-25 15:23 - 000000000 ____D C:\WINDOWS\system32\SPReview
2021-04-08 01:32 - 2011-02-25 15:22 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2021-04-08 01:32 - 2010-07-27 01:06 - 000000000 ____D C:\WINDOWS\system32\Lang
2021-04-08 01:32 - 2010-07-15 16:38 - 000000000 ____D C:\WINDOWS\system32\Adobe
2021-04-08 01:31 - 2019-12-07 08:14 - 000000000 ____D C:\WINDOWS\Setup
2021-04-08 01:31 - 2019-12-07 08:12 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-04-08 01:31 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-08 01:31 - 2019-06-19 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-04-08 01:31 - 2019-06-18 11:28 - 000000000 ____D C:\Program Files\UNP
2021-04-08 01:31 - 2019-04-14 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-04-08 01:31 - 2018-12-30 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S 4.5.9
2021-04-08 01:31 - 2018-09-15 07:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-08 01:31 - 2017-10-05 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-08 01:31 - 2017-04-11 14:57 - 000000000 ____D C:\Program Files\Realtek
2021-04-08 01:31 - 2016-11-04 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2021-04-08 01:31 - 2016-10-13 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade S 2.8.5
2021-04-08 01:31 - 2016-08-10 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-08 01:31 - 2016-07-25 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 6.0
2021-04-08 01:31 - 2016-07-05 14:44 - 000000000 ____D C:\Program Files\MSBuild
2021-04-08 01:31 - 2016-05-08 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown
2021-04-08 01:31 - 2015-08-16 09:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
2021-04-08 01:31 - 2015-08-14 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI PE Builder 1.4
2021-04-08 01:31 - 2015-07-29 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2021-04-08 01:31 - 2015-06-06 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcatel onetouch Manager
2021-04-08 01:31 - 2015-06-06 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade S 2.8.0
2021-04-08 01:31 - 2014-08-29 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-04-08 01:31 - 2013-10-21 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-08 01:31 - 2013-04-02 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2021-04-08 01:31 - 2013-04-02 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 3
2021-04-08 01:31 - 2013-04-02 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC VGA Camer@ Plus
2021-04-08 01:31 - 2013-03-27 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-04-08 01:31 - 2013-03-21 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-04-08 01:31 - 2012-10-13 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla
2021-04-08 01:31 - 2012-10-02 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-04-08 01:31 - 2012-07-15 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro
2021-04-08 01:31 - 2012-07-02 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-08 01:31 - 2012-04-04 17:46 - 000000000 ____D C:\WINDOWS\cs
2021-04-08 01:31 - 2012-02-26 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Messenger Plus! for Skype
2021-04-08 01:31 - 2012-01-10 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenWith.org Desktop Tool
2021-04-08 01:31 - 2011-11-24 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASuite
2021-04-08 01:31 - 2011-10-04 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2021-04-08 01:31 - 2011-08-28 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Premium
2021-04-08 01:31 - 2011-08-24 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eyeQ
2021-04-08 01:31 - 2011-08-21 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuro-Programmer 3
2021-04-08 01:31 - 2011-07-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All Ten Fingers
2021-04-08 01:31 - 2011-07-18 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FacebookDiscovery
2021-04-08 01:31 - 2011-05-04 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2021-04-08 01:31 - 2011-04-30 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperMemo Extreme English!
2021-04-08 01:31 - 2011-04-29 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LanguageNow! V7
2021-04-08 01:31 - 2011-04-11 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocaboly
2021-04-08 01:31 - 2011-04-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfoTag Magic
2021-04-08 01:31 - 2011-04-05 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TapinRadio 1.34
2021-04-08 01:31 - 2011-03-31 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free HTTP Sniffer
2021-04-08 01:31 - 2011-03-23 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
2021-04-08 01:31 - 2011-02-23 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
2021-04-08 01:31 - 2011-02-15 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Coach
2021-04-08 01:31 - 2011-02-02 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP3 Joiner
2021-04-08 01:31 - 2011-01-13 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Time
2021-04-08 01:31 - 2010-12-29 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fwink
2021-04-08 01:31 - 2010-11-23 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2021-04-08 01:31 - 2010-09-07 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ziepod+
2021-04-08 01:31 - 2010-08-01 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2021-04-08 01:31 - 2010-07-28 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedlingua Professional Individual
2021-04-08 01:31 - 2010-07-26 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2021-04-08 01:31 - 2010-07-26 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-04-08 01:31 - 2010-07-23 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TELL ME MORE Performance
2021-04-08 01:31 - 2010-07-22 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperMemo UX
2021-04-08 01:31 - 2010-07-19 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
2021-04-08 01:31 - 2010-07-18 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2021-04-08 01:31 - 2010-07-17 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2021-04-08 01:31 - 2010-07-15 20:34 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
2021-04-08 01:31 - 2010-07-15 19:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2021-04-08 01:31 - 2010-07-15 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam 1200
2021-04-08 01:31 - 2010-07-15 18:18 - 000000000 ____D C:\Program Files\Intel
2021-04-08 01:31 - 2009-07-14 04:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicyUsers
2021-04-08 01:31 - 2009-07-14 04:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-08 01:30 - 2019-12-07 08:12 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-08 01:25 - 2016-07-05 14:44 - 000021592 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-04-08 01:24 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Media
2021-04-08 01:22 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-08 01:22 - 2016-07-05 14:44 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
2021-04-08 01:21 - 2016-07-05 14:44 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-04-08 01:20 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Resources
2021-04-08 01:20 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Help
2021-04-08 01:20 - 2019-06-19 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-04-08 01:20 - 2016-11-26 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2021-04-08 01:20 - 2016-07-05 14:44 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-08 01:20 - 2013-06-06 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-04-08 01:20 - 2012-07-05 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2021-04-08 01:20 - 2011-01-13 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-04-08 01:20 - 2010-08-04 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2021-04-08 01:20 - 2010-07-28 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
2021-04-08 01:20 - 2010-07-26 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamingStar
2021-04-08 01:20 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2021-04-08 01:05 - 2019-12-07 14:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\IME
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-08 01:03 - 2019-12-07 14:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-04-08 01:03 - 2019-12-07 14:23 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-04-08 00:50 - 2019-06-19 12:59 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-08 00:50 - 2019-03-29 10:36 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-08 00:50 - 2012-07-02 11:22 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-08 00:50 - 2012-05-08 20:46 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MemoryLifter
2021-04-08 00:50 - 2012-02-18 16:15 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task List Guru
2021-04-08 00:50 - 2012-01-19 15:46 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSS Bandit
2021-04-08 00:50 - 2011-12-02 13:05 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyFreeze
2021-04-08 00:50 - 2011-10-07 21:40 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher
2021-04-08 00:50 - 2011-07-19 10:36 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2021-04-08 00:50 - 2011-05-15 20:41 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamTorrent 1.0
2021-04-08 00:50 - 2011-04-29 12:18 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCS WinVisible
2021-04-08 00:50 - 2011-03-16 16:36 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOICEbook Shelf Volume 1
2021-04-08 00:50 - 2011-01-18 21:19 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
2021-04-08 00:46 - 2017-12-23 05:11 - 000000000 ____D C:\Users\Návštěvník\AppData\Local\Packages
2021-04-08 00:45 - 2017-12-23 05:17 - 000000000 ____D C:\Users\Comp\AppData\Local\Packages
2021-04-08 00:45 - 2011-02-10 19:31 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2021-04-08 00:43 - 2019-04-14 09:47 - 000000000 ____D C:\Users\Karlíček\AppData\Local\Packages
2021-04-08 00:43 - 2011-03-05 17:53 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digsby
2021-04-08 00:39 - 2019-12-07 14:22 - 000000000 ____D C:\WINDOWS\OCR
2021-04-08 00:38 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-08 00:38 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-08 00:38 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-08 00:37 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-08 00:37 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-04-08 00:35 - 2017-04-11 14:57 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2021-04-07 23:09 - 2010-07-15 14:40 - 000008192 __RSH C:\BOOTSECT.BAK

==================== Files in the root of some directories ========

2011-12-02 13:28 - 2011-12-02 13:28 - 000000308 _____ () C:\Program Files\KeyFreeze.appref-ms
2011-03-02 15:12 - 2011-03-02 15:13 - 000000990 ___SH () C:\Users\Comp\AppData\Roaming\systemfl.$dk
2011-11-27 12:00 - 2011-11-27 12:00 - 000007623 _____ () C:\Users\Comp\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#12 Příspěvek od SGC »

Addition jsem musel dát na další post, protože mi to tady ohlásilo, že jsem překročil povolený limit znaků.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-04-2021
Ran by Comp (05-05-2021 09:50:15)
Running from C:\Users\Maminka\Desktop
Microsoft Windows 10 Home Version 20H2 19042.928 (X86) (2021-04-07 23:47:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-438729375-2292271272-1643045957-500 - Administrator - Disabled)
ASPNET (S-1-5-21-438729375-2292271272-1643045957-1010 - Limited - Enabled)
Comp (S-1-5-21-438729375-2292271272-1643045957-1007 - Administrator - Enabled) => C:\Users\Comp
DefaultAccount (S-1-5-21-438729375-2292271272-1643045957-503 - Limited - Disabled)
Guest (S-1-5-21-438729375-2292271272-1643045957-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-438729375-2292271272-1643045957-1014 - Limited - Enabled)
Karlíček (S-1-5-21-438729375-2292271272-1643045957-1003 - Limited - Enabled) => C:\Users\Karlíček
Karol (S-1-5-21-438729375-2292271272-1643045957-1011 - Limited - Enabled) => C:\Users\Karol
Maminka (S-1-5-21-438729375-2292271272-1643045957-1004 - Limited - Enabled) => C:\Users\Maminka
Návštěvník (S-1-5-21-438729375-2292271272-1643045957-1006 - Limited - Enabled) => C:\Users\Návštěvník
WDAGUtilityAccount (S-1-5-21-438729375-2292271272-1643045957-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Time ver 2.2 (HKLM\...\1Time ver 2.2_is1) (Version: - )
32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
Adblock Plus pro IE (32-bit) (HKLM\...\{829B7328-74A3-4DF1-BCD2-C8415A36B486}) (Version: 1.6 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMP WinOFF 5.0.1 (HKLM\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
Anki (HKLM\...\Anki) (Version: - )
AOMEI Partition Assistant Standard Edition 6.0 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI PE Builder 1.4 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
ArcSoft WebCam Companion 3 (HKLM\...\{B3236C7B-455E-4CDB-B3E1-7A2190B054BC}) (Version: 3.0.33.183 - ArcSoft)
Ashampoo Burning Studio 10 10.0.7 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.7 - ashampoo GmbH & Co. KG)
ASUS RT-N12E Wireless Router Utilities (HKLM\...\{BAC6FEB3-D5F4-4627-BCA1-18F914FC6C17}) (Version: 4.2.3.8 - ASUS)
Captcha.trader Mipony Plugin 1.0 (HKLM\...\Captcha.trader Mipony Plugin) (Version: 1.0 - )
CzRus QWERTY Caps 2.0.2 (HKLM\...\{C841483C-8A64-452A-93C8-53D5CDE03F8A}) (Version: 1.0.3.40 - Đonny)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EasyBits GO (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Game Organizer) (Version: - EasyBits Media)
Everything 1.4.1.935 (x86) (HKLM\...\Everything) (Version: 1.4.1.935 - David Carpenter)
eyeQ (HKLM\...\{B33CD700-6738-11D4-87FE-0080C6F974A2}) (Version: - )
Facebook Video Calling 1.0.0.7897 (HKLM\...\{422D76A7-38F1-4243-A7C7-21FCA56B7FA9}) (Version: 1.0.7897 - Skype Limited)
FacebookDiscovery 5.0.126 (HKLM\...\FacebookDiscovery_is1) (Version: 5.0.126 - msgdiscovery.com)
FeedDemon (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\FeedDemon_is1) (Version: 4.0.0.22 - NewsGator Technologies, Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free HTTP Sniffer (HKLM\...\Free HTTP Sniffer) (Version: - )
Free MP3 Joiner 3.6.1.2 (HKLM\...\Free MP3 Joiner_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
Freecorder 4.01 Application (HKLM\...\Freecorder4.01) (Version: 4.01 - Applian Technologies Inc.)
FreeFileSync 10.13 (HKLM\...\FreeFileSync_is1) (Version: 10.13 - FreeFileSync.org)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.8.1 - )
Fwink (HKLM\...\{F432F2AE-F463-4491-A5FE-844849992F6E}) (Version: 1.0.96 - Chris Lundie)
Gadu-Gadu 10 (HKLM\...\Gadu-Gadu 10) (Version: - GG Network S.A.)
GameXN GO (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Game Organizer) (Version: - EasyBits Media)
Gmail Backup (HKLM\...\gmailbackup) (Version: - )
Google Earth Pro (HKLM\...\{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Google Talk (remove only) (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM\...\{A89DEBCA-F743-3412-97F6-B2E489194551}) (Version: 2.2.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.145 - Google Inc.) Hidden
Hotspot Shield 1.49 (HKLM\...\HotspotShield) (Version: 1.49 - AnchorFree)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
I-Doser Premium (HKLM\...\I-Doser) (Version: 5.0 - I-Doser.com)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Improve Your English Pro 2.7.0 (HKLM\...\{A311A732-8FAD-4970-94A6-A8D1F97366DF}_is1) (Version: - www.rentanadviser.com)
InfoTag Magic 1.0 (HKLM\...\InfoTag Magic 1.0) (Version: 1.0.beta5 - ContextMagic.com)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
ipla 2.10 (HKLM\...\ipla) (Version: 2.10 - Redefine Sp z o.o.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyFreeze (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\266e56dfe0bcee5a) (Version: 1.0.0.1 - KeyFreeze)
Klavaro-1.9.4 (HKLM\...\Klavaro_is1) (Version: - )
K-Lite Codec Pack 10.4.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LanguageNow! (HKLM\...\LanguageNow!) (Version: - )
Macrium Reflect Free Edition (HKLM\...\{C53E7340-7446-47D1-A191-5BC5A0EBD470}) (Version: 7.2.4325 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MemoryLifter (HKLM\...\{2120B2F7-93AF-4063-B2E0-C1707E77D78C}) (Version: 2.4.1 - OMICRON electronics GmbH)
Messenger Plus! 5 (HKLM\...\Messenger Plus!) (Version: 5.10.0.750 - Yuna Software)
Messenger Plus! for Skype (HKLM\...\Messenger Plus! for Skype) (Version: 1.0.0.77 (BETA) - Yuna Software)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\OneDriveSetup.exe) (Version: 18.143.0717.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{389456AD-8CD0-42D6-866A-531330AE8372}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
MiPony 1.6.0 (HKLM\...\MiPony) (Version: 1.6.0 - )
Mobile Upgrade S 4.5.9 (HKLM\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)
Mozilla Firefox 88.0 (x86 cs) (HKLM\...\Mozilla Firefox 88.0 (x86 cs)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.0.7775 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NCS WinVisible (HKLM\...\{D1FD6957-27F6-41FF-90F3-2C9AF5912719}) (Version: 1.0.5004 - Neptune Century Studios)
Neuro-Programmer 3.0.1 (HKLM\...\Neuro-Programmer 3_is1) (Version: - Transparent Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OpenFM (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\OpenFM) (Version: 2 - GG Network S.A.)
OpenOffice.org 3.2 (HKLM\...\{FAB43061-FEFB-46E8-A159-96710395DB5E}) (Version: 3.2.9505 - OpenOffice.org)
OpenWith.org 1.0.3 (HKLM\...\{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1) (Version: - OpenWith.org)
Opera 11.50 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Opera 11.50.1074) (Version: 11.50.1074 - Opera Software ASA)
Opera Stable 75.0.3969.243 (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Opera 75.0.3969.243) (Version: 75.0.3969.243 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaltalkScene (HKLM\...\PalTalk8.2) (Version: 9.9 - AVM Software Inc.)
PC VGA Camer@ Plus (HKLM\...\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}) (Version: 1.0.0.19 - Aecotech)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polish QWERTY (HKLM\...\{110ABC2E-97F0-4001-8D3E-CCA63F53A5FD}) (Version: 1.0.3.40 - STROKES)
QT Lite 4.1.0 (HKLM\...\quicktime_lite_is1) (Version: 4.1.0 - )
QTTabBar 1.5.0.0 Beta 1 (HKLM\...\{EF791F98-18A0-4446-AEE9-38511C16D521}) (Version: 1.5.225 - Quizo and Paul Accisano)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version: - )
RapidLoader (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\RapidLoader) (Version: - Colin Palmer)
Real Alternative 2.0.2 Lite (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5767 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Sandboxie 5.28 (32-bit) (HKLM\...\Sandboxie) (Version: 5.28 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0100-0405-0000-0000000FF1CE}_Office15.OMUI.cs-cz_{78A9943A-5DB1-4B90-8AEF-5CE30456FB6E}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype Web Plugin (HKLM\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SopCast 3.0.3 (HKLM\...\SopCast) (Version: 3.0.3 - SopCast.com)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Speedlingua American English Pack 2.1 SLPI (HKLM\...\{7B15F03F-1982-4bd1-BC4B-F53A93AE8D56}_is1) (Version: 2.1 - Speedlingua S.A.)
Speedlingua Individual 2.1 (HKLM\...\{27E7DBC9-904E-453e-A6F5-01DADE9D8B5B}_is1) (Version: 2.1 - Speedlingua S.A.)
Spoon Sandbox Manager 3.26 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Spoon Sandbox Manager 3.26) (Version: 3.26.0.6 - Code Systems Corporation)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1022 - SUPERAntiSpyware.com)
SuperMemo Extreme English! (HKLM\...\SuperMemo Extreme English!) (Version: - )
SuperMemo UX - Grammar&Idioms in Use (HKLM\...\SuperMemo UX - Extreme English: Grammar & Idioms in Use ) (Version: 1.4.0.1 - SuperMemo World)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Task Coach 1.2.9 (HKLM\...\Task Coach_is1) (Version: - Frank Niessink and Jerome Laheurte)
Task List Guru 2.50 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Task List Guru_is1) (Version: 2.50 - Jiri Novotny, Dextronet)
TELL ME MORE (HKLM\...\TMM90) (Version: - )
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.OMUI.cs-cz_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
URL Helper (HKLM\...\URL Helper_is1) (Version: - )
URL Snooper v2.28.01 (HKLM\...\URLSnooper 2_is1) (Version: - DonationCoder.com)
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vocaboly 3.0 (HKLM\...\{43EBFA90-95DF-4b69-A63F-68B3FAE4E8F8}_is1) (Version: - Vocaboly Software)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
Windows 7 Manager (HKLM\...\{13DE3939-422A-44D5-BD52-B85EF48DBDAB}) (Version: 1.2.6 - Yamicsoft)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{1407B87C-36E3-4FC1-9051-D08B21E1096F}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Shutdown Assistant V3.0.9 (HKLM\...\{4DFA83B9-2722-435D-9F7D-756F902D48FE}_is1) (Version: 3.0.9 - APOWERSOFT LIMITED)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wise Auto Shutdown 1.61 (HKLM\...\Wise Auto Shutdown_is1) (Version: 1.61 - WiseCleaner.com, Inc.)
Xleaner v3.3.0.1 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version: - MoreThanACleaner.de)
XviD Video Codec (remove only) (HKLM\...\XviD Video Codec) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
YouSendIt Application Plug-in SDK (HKLM\...\InstallShield_{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}) (Version: 1.0.2 - YouSendIt)
YouTube Downloader 2.5.7 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - BienneSoft)

Packages:
=========
@{Microsoft.BingNews_4.36.20583.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithTagline} -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x86__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation) [MS Ad]
@{Microsoft.BingWeather_4.36.20503.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding} -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x86__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-09] (Microsoft Corporation) [MS Ad]
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2016-07-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{10D8693B-09F1-4595-8944-F8DFB825F11F}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Maminka\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{62593C70-ACF0-44CC-8716-990919D46A85}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{68184D48-051A-311C-882D-30E8CDECFE3D}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Karlíček\AppData\Local\temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Maminka\AppData\Local\SkypePlugin\7.31.0.56\EdgeBrokerPS.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{78347620-4EAB-30D9-A0E0-17812FAFE927}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7BD11BDB-D781-3B76-AB98-EAE7663D8644}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{A2D48AF1-951B-44FC-BA37-B27EBBF95C3B}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.4.154.333\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{AD125A81-9419-33B1-9FC7-71430C0CD9D9}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{B7AEE3D0-7829-4B16-853D-8A8062091FD2}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E4441051-104A-32A7-AF72-D4C66D8CB61B}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E5A7A7B5-9D06-4DBE-BAC0-04B69FF070B5}\InprocServer32 -> C:\Users\Maminka\AppData\Local\SkypePlugin\7.31.0.56\GatewayActiveX.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> C:\Users\Maminka\AppData\Local\Programs\Opera\75.0.3969.243\notification_helper.exe (Opera Software AS -> The Chromium Authors)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Comp\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS -> Unity Technologies ApS)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com -> SuperAdBlocker.com) [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [OpenWith.org] -> [CC]{1569D0D3-1127-48A2-A4BC-958553F472C5} => -> No File
ContextMenuHandlers1: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers4: [DAP_ShredMenu] -> [CC]{BED4C38B-F765-45AC-8C56-613F76BBF43E} => -> No File
ContextMenuHandlers4: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers4: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers4: [SimpleShlExt] -> {03B54A4E-A635-418E-81FC-CF60CBB141AA} => -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [163840 2009-08-23] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-07-04 23:32 - 2010-07-04 23:32 - 000010752 _____ () [File not signed] C:\Program Files\Unlocker\UnlockerCOM.dll
2011-09-06 11:02 - 2001-10-28 17:42 - 000116224 _____ () [File not signed] C:\WINDOWS\System32\pdfcmnnt.dll
2009-09-20 12:36 - 2009-09-20 12:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 12:31 - 2009-09-20 12:31 - 000694784 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpslpsvc32.dll
2011-07-19 02:08 - 2011-07-19 02:08 - 000141696 _____ (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\ampa.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ampa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3 [131]
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [126]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [129]
AlternateDataStreams: C:\ProgramData\TEMP:CDF51F17 [490]
AlternateDataStreams: C:\ProgramData\TEMP:F87C192A [106]
AlternateDataStreams: C:\Users\Maminka\Desktop\1002562_4437333991295_1889097141_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1025384_10202870660219847_49888386563297184_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10403097_10202871395558230_1785771478449425294_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10418493_10202871391438127_6616450470683584480_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10458993_10202870627419027_170774857220055740_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10487249_10201150167236108_3247067776297046836_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10513423_10201175598991886_3229205883465822546_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1900434_10202871398118294_1828841530637484206_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1964966_10200572759441274_533746769_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\257956_149018278502655_6371460_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\482aeb68c5_71787275_o2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\googleupdatesetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\IMG_20130908_103946.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\photo.php:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Jídelní lístek č.3 13.2.-19.2.2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Lyrica_75mg_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-cerven-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\pdfshow.php:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PI16251.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\poezjaani.republika.pl-zyczenia-urodziny.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2012-01-01_-_2012-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2013-01-01_-_2013-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-06-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ptáček.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SandboxieInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Soft_letters.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201001-0014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0010.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SPP_DUK_1_4_17.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ubytovaci_rad.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\VZP-Antonie-hotel-partner.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Windows10Upgrade9252.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
URLSearchHook: HKLM - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 - (No Name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No File
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies SA -> Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1007 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1007 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies SA -> Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\kuaiche.com -> hxxp://software.kuaiche.com
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\paltalk.com -> hxxp://advertising.paltalk.com
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\pno.net -> ads.pno.net
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\x10.com -> ads.x10.com
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\zendmedia.com -> ad1.zendmedia.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2019-01-15 09:25 - 000000029 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Maminka\Pictures\kvetiny---louka.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1006\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1011\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.38 - 213.46.172.39
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Připojení k místní síti: Rawether NDIS 6.X SPR Protocol Driver -> PCA_PCASP60 (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: HotspotShieldService => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: MsgPlusService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk => C:\Windows\pss\MiniEYE-MiniREAD Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Comp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Comp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiSkypeLauncher.lnk => C:\Windows\pss\MultiSkypeLauncher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Karlíček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KillSkypeHome.lnk => C:\Windows\pss\KillSkypeHome.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Karlíček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rizone Memory Booster.lnk => C:\Windows\pss\Rizone Memory Booster.lnk.Startup
MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IPLA! => C:\Program Files\ipla\ipla.exe /autorun
MSCONFIG\startupreg: Monitor => C:\Windows\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: NetWorx => "C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Unspecified\Měření Dat\networx_portable\32-bit\networx.exe" /auto
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "PAC7302_Monitor"
HKLM\...\StartupApproved\Run: => "AMP WinOFF"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.2.lnk"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\StartupApproved\Run: => "Windows Shutdown Assistant"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\StartupFolder: => "MagicDisc.lnk"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.2.lnk"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "IPLA!"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "Windows Shutdown Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A9E9F11-867A-4E9F-8768-1D7A39F279FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF6D9445-1866-4D4A-9E0D-6B38556161BB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0F409B8-F45C-46E1-AAA9-3D6C116E9BBC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2387F56B-24CA-4FD0-BB7D-16D725EEAD87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{999CCEE5-857E-4454-9A54-DDA81CC28C50}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{574CEA63-7834-4531-AC07-5B777D39CC9D}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{580C5090-673F-4E62-9BEB-168C0C23848A}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [TCP Query User{ABDB5E4B-1212-4A7A-81B7-26DCE6EF111E}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [UDP Query User{8F858FFD-C3BD-40F2-BEDF-53A8697C0F6A}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [TCP Query User{4D75812D-0862-445F-AC10-AC2424115898}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [{3A63E58D-AA26-41B4-9E9A-56897097B268}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{549F4456-7CBA-47B9-AA54-455BA78B95DB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6447B4DA-ACAE-40EA-97F6-B463F61A8247}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56E67DA8-B48C-47A1-B309-410571BEE014}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B85DD786-9B2E-4ACF-B2E9-BE1B0DA304E0}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64890CCB-D625-4B54-9949-69602A0CB391}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{05A0E037-5BA0-44CD-BEF0-050066EBE96F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F09F43A-8D2C-4970-9242-55650427D5D8}] => (Allow) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{625DBD9B-8E75-45EE-A9ED-0C562260CDD8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{882F6343-5DAA-4560-A507-5CF114C2B254}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{F349770A-7A39-4BEF-8914-1D2BBEB697F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{901CAC87-0BE8-4C5C-86F8-63AE06DC560D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{40648A97-2059-4D82-BF37-4205B0BDD86A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{E7E9E295-A096-43AD-968A-4332A3A3F89D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{0B3D532B-8E56-43C2-BAC7-295F5630F86C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{3C0D6B74-3C05-410C-95C5-03CFBC674011}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{BB4FADED-85BB-46B8-8940-E3DFD1815A26}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D1525FCF-D8BA-4DC4-9F95-92E3AEAECDBF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{F5470E43-F512-407A-84D6-6D01BECEA044}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{12F7C8F2-A6F1-4579-A5E9-CEB970789673}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{8B48D554-6C22-4EFF-975B-59A04E71A789}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{822EB9C7-85E0-41B8-AED3-9B40B2626BAC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{51CA044C-193E-41D0-9C46-4E7804B2A1CA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{3F80D350-9B1F-42BB-89CF-1A54CA8B8F6A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{723025DF-0C84-45F5-AE91-E94FD24D7C8B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{3D8A1CCB-A55C-4685-A200-A26053D9F468}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
FirewallRules: [{E34B1BE3-FB8C-4A27-A287-392B7168BD5C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{1520D7AA-0D4C-4E50-AC4E-425B18E52F41}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{DCA8AE96-0344-464F-A38E-0DC56E123C1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BE88B33F-BF56-42F8-86AB-AE79D26E33F9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{974E43E6-95E7-4B9F-A86B-03189EBBFF4B}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CFF0C41C-3CBC-40E7-982C-23B9AE0259BC}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{1159247B-CED3-4A5D-BD2E-74811AD8B092}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited) [File not signed]
FirewallRules: [{52B54E18-1227-43BD-8ADF-D0F25889D395}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited) [File not signed]
FirewallRules: [{B3AF624A-30D5-4011-8E18-08C78F4CA22F}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone, Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{0C52B372-F778-4263-81AC-C46D4879F913}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone, Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{3084890E-4497-4C24-A604-A024FFA906D7}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{0DCDC42C-40F7-4E02-967F-82E6A31C2FB4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{A7F9CC4F-8873-416D-A366-5E0AD9C4B0B1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6EFF662A-8D44-4C34-8F92-2CB82C7F0ECF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED90CF99-720E-4E48-B213-2EAAEAAEB39D}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DBBEF674-DBE7-488F-BC4B-1B28EED86312}] => (Allow) LPort=2869
FirewallRules: [{FF9AA83E-5B5D-4077-BB0E-617748CCD051}] => (Allow) LPort=1900
FirewallRules: [{2C98887C-CDBA-40D2-820B-571A3F6A80C0}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [{22BEF487-5EC0-43D3-9D7C-D1CA9BA6A4BA}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [{89E5C05E-26FC-4F1D-8F5C-2A433F2F7133}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{B5491A21-82F9-4BA0-9D77-65A25477F639}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{0DEC1C79-B980-48D2-AEC2-4F639049A575}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{90D9559A-BCA8-4FF7-B2F7-A9AF1CCCEF39}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{9E939255-810B-4A0A-86C5-C5F69E376B02}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\LiveUpdate.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{20747054-E407-45DF-8971-6DEA88B0A105}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\LiveUpdate.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{2FCE9208-0171-4F3B-B67F-1BDA2847067A}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{203ABDC0-AA94-44A7-A2D3-15711DEE98EC}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{7B242600-E4E7-48CE-97E2-AFBDB4933E9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6651C2B0-2B47-435F-8BA7-A3408A97D379}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{328DC7E3-85BE-4C90-BBB7-C41967F77423}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F2C7D99-26FD-44B5-A945-06E64D47C5F5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B3F41FF-7D68-4057-A893-273D3C6546C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F8E2438D-97F6-44AC-A172-74ED8B3256FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6FCB16A9-6116-4BA3-B7BC-03E97935AA3F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0DFD6AA2-E328-4D63-B538-C886AD9E085E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D112556E-8BA2-4802-AF02-1FB7230CB947}] => (Allow) C:\Program Files\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{71738135-C965-43ED-9946-A8844827C276}] => (Allow) C:\Program Files\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [TCP Query User{56A66C42-8433-4DC7-886F-1495D315A853}C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe] => (Block) C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe (Wirtualna Polska S.A. -> )
FirewallRules: [UDP Query User{FA5BC5F3-8EC2-4C57-857D-6931A285CEEF}C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe] => (Block) C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe (Wirtualna Polska S.A. -> )
FirewallRules: [TCP Query User{712C6C7B-155D-4D98-A8E0-D455B3CF13FE}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{F03146FF-7802-4EDE-AB77-BC8442EBE318}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [{24A86439-C589-4EEC-A0B7-E0C3948E0E14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: HP LaserJet Professional P 1102w
Description: HP LaserJet Professional P 1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2021 11:23:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/04/2021 11:23:27 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/04/2021 11:23:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/04/2021 11:23:26 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/29/2021 05:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: sppsvc.exe, verze: 10.0.19041.662, časové razítko: 0xd54126cd
Název chybujícího modulu: sppsvc.exe, verze: 10.0.19041.662, časové razítko: 0xd54126cd
Kód výjimky: 0xc0000602
Posun chyby: 0x0022b259
ID chybujícího procesu: 0x260c
Čas spuštění chybující aplikace: 0x01d73d09187cb194
Cesta k chybující aplikaci: C:\WINDOWS\system32\sppsvc.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\sppsvc.exe
ID zprávy: 81f931d8-ac34-43ee-a3f7-fc12e17cbdea
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/16/2021 09:33:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe, identifikátor PID: 2212, identifikátor PID ProfSvc: 1196.

Error: (04/15/2021 10:29:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/15/2021 10:29:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (05/04/2021 01:03:47 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 01:03:18 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 12:35:21 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 12:34:51 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 12:34:22 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 12:20:56 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 12:20:28 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 11:52:12 AM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca


Windows Defender:
================

Date: 2021-05-05 09:37:55
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.B!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Maminka\Downloads\FRST.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: MAIN-HOME-PC\Maminka
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.337.608.0, AS: 1.337.608.0, NIS: 1.337.608.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-04 12:59:07
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/InstallCore
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Program Files\JDownloader\JDownloaderD3D.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.337.572.0, AS: 1.337.572.0, NIS: 1.337.572.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-04 11:55:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A90ECA61-D652-4D9A-A69F-30C2541A6A13}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: MAIN-HOME-PC\Maminka

Date: 2021-05-04 11:45:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.441.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

Date: 2021-05-04 11:45:25
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.337.572.0
Předchozí verze bezpečnostních informací: 1.335.441.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-04 11:45:25
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.337.572.0
Předchozí verze bezpečnostních informací: 1.335.441.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-04 11:45:25
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18000.5
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-04-08 11:11:58
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.313.93.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16900.4
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

CodeIntegrity:
===============
Date: 2021-05-04 11:08:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Users\Maminka\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V4.3 10/21/2009
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD G31TM-P21 (MS-7529)
Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 3318.24 MB
Available physical RAM: 1080.14 MB
Total Virtual: 6646.24 MB
Available Virtual: 3887.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:150.68 GB) (Free:10.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DKT-LP-1W3.1_DES) (CDROM) (Total:3.89 GB) (Free:0 GB) UDF
Drive e: (Linux Mint) (Fixed) (Total:50.72 GB) (Free:47.3 GB) NTFS
Drive f: (Moje Soubory) (Fixed) (Total:263.92 GB) (Free:261.76 GB) NTFS

\\?\Volume{2dff3591-0000-0000-0000-905474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2DFF3591)
Partition 1: (Active) - (Size=150.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=314.6 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#13 Příspěvek od Rudy »

Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#14 Příspěvek od SGC »

OK, udělám to zítra, dnes už to nestihnu. Zítra to tady na 100% vložím. 😃

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113893
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#15 Příspěvek od Rudy »

OK. Budu tu i zítra. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět