Pročištění PC

[Longfinger82]

Dobrý den,

rád bych rovnež požádal o pomoc se "zaneřáděným" PC. Hlavně mám pocit, že mi na pozadí běží spousta zbytečných procesů, které zpomalují hlavně start počítače po restartu. Přikládám logy z FRST.

Děkuji.


======================================================================================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Longfinger82]

Už jsem tuto utilitku zkoušel pustit dřív, proto posílám log po prvním skenu a opravě (proto ten dřívější čas):




# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-04-2018
# Duration: 00:00:32
# OS: Windows 10 Pro
# Cleaned: 166
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Karel\AppData\Local\XService
Deleted C:\ProgramData\Quoteexs
Deleted C:\ProgramData\Logic Cramble
Deleted C:\ProgramData\Partner
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\Karel\AppData\Roaming\Microleaves
Deleted C:\Program Files (x86)\ShutdownTime
Deleted C:\ProgramData\BEF134CC-5227-0
Deleted C:\ProgramData\BEF134CC-1503-1
Deleted C:\Program Files (x86)\FastDataX
Deleted C:\Users\Karel\AppData\Roaming\Tencent
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Karel\AppData\Roaming\vShare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Deleted C:\Program Files (x86)\Free Ride Games
Deleted C:\Program Files (x86)\Maxiget
Deleted C:\Users\Karel\AppData\Local\Maxiget
Deleted C:\ProgramData\Quoteex
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Users\Karel\AppData\Local\CatalinaGroup
Deleted C:\Users\Karel\AppData\Local\slimware utilities inc
Deleted C:\Users\Karel\AppData\Roaming\Systweak
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

Deleted C:\Users\Karel\appdata\local\installationconfiguration.xml
Deleted C:\Users\Karel\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\System32\roboot64.exe
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\Users\Karel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Deleted C:\Users\Karel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKCU\Software\mtQuoteex
Deleted HKLM\Software\Wow6432Node\mtQuoteex
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\Qvoit.dll"
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BF33BDF-880D-473E-96F5-3A0A4960EA07}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BF33BDF-880D-473E-96F5-3A0A4960EA07}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{813345F7-1DB7-4DBB-BBC8-E319CF567F93}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{813345F7-1DB7-4DBB-BBC8-E319CF567F93}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F2C7824-016D-499F-8D9F-65DBE41E2651}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2C7824-016D-499F-8D9F-65DBE41E2651}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ShutdownTime
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ShutdownTime
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShutdownTime_is1
Deleted HKCU\Software\Microsoft\BigTime
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
Deleted HKCU\Software\FastDataX
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Sweetpacks Communicator
Deleted HKLM\Software\Microsoft\DMunversion
Deleted HKCU\Software\GotClip Downloader
Deleted HKCU\Software\powerpack
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Alexa Internet
Deleted HKCU\Software\Alexa Internet
Deleted HKCU\Software\MaxiGet
Deleted HKLM\Software\Wow6432Node\MaxiGet
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Deleted HKLM\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Deleted HKCU\Software\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C40C06-9B7B-4783-897E-C66422C06F24}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C40C06-9B7B-4783-897E-C66422C06F24}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03D43653-E0E5-4EAD-ADD5-D50624D8649F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03D43653-E0E5-4EAD-ADD5-D50624D8649F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78BD4981-33BF-4214-AA9B-9ABAB53EF2AF}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78BD4981-33BF-4214-AA9B-9ABAB53EF2AF}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.adsturn.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adsturn.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.adsturn.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adsturn.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.vshare.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vshare.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0BD5C4C-3922-4AD7-A5BE-965F9D4861A7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0BD5C4C-3922-4AD7-A5BE-965F9D4861A7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKCU\Software\Spark
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Deleted HKLM\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Deleted HKLM\Software\Wow6432Node\mystartsearchSoftware
Deleted HKCU\Environment|SNP
Deleted HKCU\Environment|SNF
Deleted HKCU\Software\CatalinaGroup
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKCU\Software\Softonic
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\SweetIM
Deleted HKCU\Software\SweetIM
Deleted HKLM\Software\Wow6432Node\SweetIM
Deleted HKLM\Software\Wow6432Node\systweak
Deleted HKCU\Software\MICROSOFT\wewewe
Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted HKLM\Software\Microsoft\PrIncub
Deleted HKLM\Software\Microsoft\MPrForShutT
Deleted HKLM\Software\Microsoft\PrAmNP
Deleted HKLM\Software\Microsoft\NSaveA
Deleted HKLM\Software\Microsoft\APreSam
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBC9B8-9A21-43EC-8269-BEA39A019F9B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBC9B8-9A21-43EC-8269-BEA39A019F9B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System\SystemChecks

***** [ Chromium (and derivatives) ] *****

Deleted Amazon for Chrome
Deleted Bazz Search SafeFinder
Deleted SweetIM for Facebook

***** [ Chromium URLs ] *****

Deleted http://www.mystartsearch.com/?type=hp&t ... H9807H9807
Deleted mystartsearch
Deleted mystartsearch
Deleted Slunečnice.cz
Deleted Slunečnice
Deleted WebSearch
Deleted http://www.mystartsearch.com/?type=hp&t ... H9807H9807
Deleted mystartsearch
Deleted mystartsearch
Deleted http://www.mystartsearch.com/?type=hp&t ... H9807H9807
Deleted mystartsearch
Deleted mystartsearch
Deleted http://www.mystartsearch.com/?type=hp&t ... H9807H9807
Deleted mystartsearch
Deleted mystartsearch
Deleted Softonic EN
Deleted Softonic EN
Deleted Softonic EN
Deleted Softonic EN
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [17048 octets] - [04/09/2018 18:41:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Dejte nový log FRST.

[Longfinger82]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by Karel (administrator) on THINKPAD (04-09-2018 21:02:03)
Running from C:\Users\Karel\Desktop
Loaded Profiles: Karel (Available Profiles: Karel & winpostgr & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.228 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Users\Karel\Desktop\adwcleaner_7.2.3.1.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2018-03-13] (ESET)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2018-05-22] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2018-08-22] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4244744 2012-07-17] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-06-23] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-06-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [Dropbox Update] => C:\Users\Karel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2018-08-22] (Dropbox, Inc.)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-06-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [NoIPDUCv4] => C:\Program Files (x86)\No-IP\DUC40.exe [347648 2015-07-21] ()
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [Vectir] => C:\Program Files (x86)\Vectir\Vectir.exe /Startup
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3187384 2017-12-13] (Unified Intents AB)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [29450648 2018-08-03] (DearMob)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [utweb] => "C:\Users\Karel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [Hobbyist Software VLC Streamer] => "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\...\Run: [VMR Hub] => C:\Users\Karel\AppData\Local\VMRHub\app-0.1.0\VMRHub.exe
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177600 2016-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155976 2016-01-25] (NVIDIA Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url -> URL: file:///C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}\hostdl.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAppHelper.lnk [2018-08-20]
ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAppHelper.exe (No File)
Startup: C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghhrjdc.lnk [2018-08-22]
ShortcutTarget: cghhrjdc.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Degoo .lnk [2018-08-27]
ShortcutTarget: Degoo .lnk -> C:\Users\Karel\AppData\Local\Degoo\Degoo.exe (Degoo Backup AB)
Startup: C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Karel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uifssjit.lnk [2018-08-22]
ShortcutTarget: uifssjit.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{0e6c9265-3f70-43ec-989e-59eeb23b12d3}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3a25afb1-7df5-4502-9387-daf1c9b17432}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{4436e473-c78d-4109-8517-c60122580334}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6e8390e8-9cc1-4032-b509-5aebc2309760}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{84623631-aa13-4df6-b17c-74848d0038ae}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{e9594691-9f82-4f09-9e77-ee615806cccb}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtgiGbC3-tZ8MiIeZQ6M-e7NH4IpVutC9LQnMSEp9fSleDJang8szpp4YTdeydLGVj_Z0HkqAUTGvg8cW9moiWr2C8bbzdojpkkdwd1bsc8VXamNMNjGbShOU5ASZqqz14jkuXp7Yee5ZOpxFBsxABNLjmz&q={searchTerms}
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtgiGbC3-tZ8MiIeZQ6M-e7NH4IpVutC9LQnMSEp9fSleDJang8szpp4YTdeydLGVjzDu7noW6mKve5-xlODTf6at5gZWpri5uzvbgxWNfabM_iwsXUnFnBkB_S1kvm4Qiv2MrqgIXbKHW92igdkthCqmdY
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2185844643-1941637182-3919478290-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... NP_csCZ502
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-05-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-08-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2185844643-1941637182-3919478290-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2185844643-1941637182-3919478290-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-18] (Microsoft Corporation)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-2185844643-1941637182-3919478290-1001 -> is enabled.
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [not found]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-03] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-20] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2013-08-07] (AuthenTec, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-05-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2185844643-1941637182-3919478290-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Karel\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-30] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2185844643-1941637182-3919478290-1001: http://www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand= ... oogle.com/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default [2018-09-04]
CHR Extension: (Prezentace) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-22]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-08-18]
CHR Extension: (Dokumenty) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-22]
CHR Extension: (Disk Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06]
CHR Extension: (Duplicate File Finder, Cleaner for Drive) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkefnddmfngncidpmibnleniddiopejg [2018-06-22]
CHR Extension: (YouTube) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Ingress G+ Ident) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cemdjcbehkacgpiielmiakooedjkkphk [2015-06-02]
CHR Extension: (Pushbullet) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2018-08-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tampermonkey) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-19]
CHR Extension: (Dropbox for Gmail) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-05-20]
CHR Extension: (Grepolis Report Converter Revolution Tools) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eediamimojgbnjfaalcnlonenfdcogop [2018-08-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Utilitool Search) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbonghbhodglpkgolnlfenmbfnkaaill [2018-08-20]
CHR Extension: (AudioBox Micro Player) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfmlbdkencbfhbekcehpkgmianmlgfe [2018-08-07]
CHR Extension: (Tabulky) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-22]
CHR Extension: (Záložky na iCloudu) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-05-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (AdBlock) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-31]
CHR Extension: (Avast Online Security) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-29]
CHR Extension: (Drive Files to Dropbox™) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idamojobbhfpcbdnkekoinbmobhkjojk [2018-08-01]
CHR Extension: (Forecastfox) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2012-09-21]
CHR Extension: (FormApps Extension) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-15]
CHR Extension: (MIM Hunting Tool) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\imafdiamhfamjabofbmkmbmncadhjfjk [2018-06-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-09-03]
CHR Extension: (Hangouts Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2018-05-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-03-26]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2012-10-07]
CHR Extension: (Adaware Secure) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2018-09-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-31]
CHR Profile: C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-22]
CHR Profile: C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-04]
CHR Extension: (Prezentace Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-10]
CHR Extension: (Dokumenty Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10]
CHR Extension: (Disk Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-10]
CHR Extension: (YouTube) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-10]
CHR Extension: (Vyhledávání Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-10]
CHR Extension: (Tabulky Google) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-10]
CHR Extension: (Gmail) - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10]
CHR HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation)
S3 EHttpSrv; C:\Program Files\ESET\ESET Security\ehttpsrv.exe [55928 2018-03-13] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2009184 2018-03-13] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Security\eshasrv.exe [197240 2018-03-13] (ESET)
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S2 FirmwareService; C:\Users\Karel\AppData\Roaming\Tenorshare\Service\FirmwareService.exe [41880 2018-08-22] ()
S2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2000-01-01] (Intel Corporation)
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [774040 2018-05-23] (Lenovo.)
S2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-01] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-06-01] ()
S2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
S2 RemoteServerWin; C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3187384 2017-12-13] (Unified Intents AB)
S2 SAService; C:\WINDOWS\system32\SAsrv.exe [427224 2015-04-18] (Conexant Systems, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23920 2017-12-12] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-03] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_869da559d9f23739\driver\TPHKLOAD.exe [418048 2018-04-25] (Lenovo Group Limited)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 5U877; C:\WINDOWS\system32\DRIVERS\5U877.sys [216704 2012-03-28] (Ricoh co.,Ltd.) [File not signed]
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [88480 2012-10-03] ()
R3 cbfs3; C:\WINDOWS\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [135368 2018-03-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-06-01] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180056 2018-03-17] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [78208 2018-03-17] (ESET)
S3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [33320 2017-12-25] (ELAN Microelectronic Corp.)
S3 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 iaStorS; C:\WINDOWS\system32\drivers\iaStorS.sys [637360 2012-03-21] (Intel Corporation)
S3 ldiagio; C:\ProgramData\Lenovo\iMController\Plugins\LenovoHardwareScanPlugin\x64\LSCDiags\ldiagio.sys [39048 2018-01-16] (Lenovo Group Limited (R))
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [46400 2012-10-03] ()
R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
S3 mv64xx; C:\WINDOWS\system32\drivers\mv64xx.sys [333352 2011-04-11] (Marvell Semiconductor, Inc.)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-07-28] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [44232 2018-05-23] (Lenovo.)
S3 radpms; C:\WINDOWS\system32\DRIVERS\radpms.sys [30928 2017-01-10] (LogMeIn, Inc.)
R3 RCUVCAVS; C:\WINDOWS\system32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51296 2016-10-03] (Synaptics Incorporated)
R3 Tvti2c; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\WINDOWS\system32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2017-12-13] (Windows (R) Win 7 DDK provider)
R3 vectirhid; C:\WINDOWS\System32\drivers\vectirhid.sys [19184 2014-11-28] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
R3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-04 19:38 - 2018-09-04 19:38 - 000046667 _____ C:\Users\Karel\Desktop\Logy.zip
2018-09-04 19:21 - 2018-09-04 19:25 - 000111151 _____ C:\Users\Karel\Desktop\Addition.txt
2018-09-04 19:16 - 2018-09-04 21:02 - 000042340 _____ C:\Users\Karel\Desktop\FRST.txt
2018-09-04 19:15 - 2018-09-04 21:02 - 000000000 ____D C:\FRST
2018-09-04 19:14 - 2018-09-04 19:14 - 002413056 _____ (Farbar) C:\Users\Karel\Desktop\FRST64.exe
2018-09-04 18:40 - 2018-09-04 18:44 - 000000000 ____D C:\AdwCleaner
2018-09-04 18:40 - 2018-09-04 18:40 - 007571152 _____ (Malwarebytes) C:\Users\Karel\Desktop\adwcleaner_7.2.3.1.exe
2018-09-04 18:11 - 2018-09-04 18:07 - 000139145 _____ C:\Users\Karel\Desktop\iTunes Library.itl
2018-09-04 09:21 - 2018-09-04 18:46 - 000003700 _____ C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task
2018-09-04 09:01 - 2018-04-03 15:09 - 065106775 _____ C:\Users\Karel\Desktop\ROMEO 2.27.0.ipa
2018-09-04 06:31 - 2018-09-04 06:31 - 000000000 ____D C:\Program Files\Bonjour
2018-09-04 06:31 - 2018-09-04 06:31 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-08-30 01:31 - 2018-05-23 23:50 - 000855968 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
2018-08-30 01:31 - 2018-05-23 23:50 - 000774040 _____ (Lenovo.) C:\WINDOWS\system32\LPlatSvc.exe
2018-08-30 01:31 - 2018-05-23 23:50 - 000543648 _____ (Lenovo.) C:\WINDOWS\system32\tpinspm.dll
2018-08-30 01:31 - 2018-05-23 23:50 - 000104352 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmctl.exe
2018-08-30 01:31 - 2018-05-23 23:50 - 000044232 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\pmdrvs.sys
2018-08-28 21:50 - 2018-08-28 21:50 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-08-27 13:09 - 2018-09-04 18:54 - 000000000 ____D C:\Users\Karel\AppData\Local\Degoo
2018-08-27 13:09 - 2018-08-27 13:09 - 000001187 _____ C:\Users\Karel\Desktop\Degoo.lnk
2018-08-27 13:09 - 2018-08-27 13:09 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Degoo
2018-08-27 13:08 - 2018-08-27 13:08 - 001008328 _____ (Degoo Backup AB ) C:\Users\Karel\Desktop\DegooInstaller.exe
2018-08-25 04:46 - 2018-08-25 04:46 - 000000000 ____D C:\Users\Karel\AppData\Roaming\MPC-HC
2018-08-25 03:38 - 2018-08-25 03:51 - 000090335 _____ C:\Users\Karel\Desktop\dropbox_PORNO.m3u
2018-08-24 21:22 - 2018-08-25 03:55 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarsh Urs
2018-08-24 21:22 - 2018-08-25 03:55 - 000000000 ____D C:\Users\Karel\AppData\Local\VMRHub
2018-08-24 21:22 - 2018-08-24 21:22 - 000000000 ____D C:\Users\Karel\AppData\Local\Adarsh_Urs
2018-08-24 20:58 - 2018-08-24 20:58 - 000000444 __RSH C:\Users\Karel\ntuser.pol
2018-08-24 20:51 - 2018-07-11 06:52 - 001471384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-08-24 20:25 - 2018-08-24 20:25 - 000000000 ____D C:\Users\Karel\AppData\Local\__SHARED
2018-08-24 19:54 - 2018-08-24 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Browser
2018-08-24 19:00 - 2018-08-24 19:00 - 000000000 ____D C:\ProgramData\ALLPlayerRemote
2018-08-24 16:12 - 2018-08-24 19:54 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Hobbyist Software
2018-08-24 15:58 - 2018-08-24 21:41 - 000000000 ____D C:\Program Files (x86)\Hobbyist Software
2018-08-24 15:58 - 2018-08-24 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Setup Helper
2018-08-24 14:52 - 2018-08-24 14:58 - 000005009 _____ C:\Users\Karel\Desktop\PORNO.m3u
2018-08-24 13:09 - 2018-08-24 13:09 - 000033563 _____ C:\Users\Karel\Documents\Vyuctovani_2018_08-1361463124.pdf
2018-08-22 20:24 - 2018-08-22 20:24 - 000000000 _____ C:\WINDOWS\svchost.com
2018-08-22 19:34 - 2018-08-22 19:35 - 001166729 _____ C:\Users\Karel\Downloads\iTools 4395 Crack Full Torrent Universal here.zip
2018-08-22 19:33 - 2018-08-24 04:33 - 000000000 ____D C:\Program Files (x86)\AWS
2018-08-22 19:32 - 2018-08-22 20:34 - 000000000 _RSHD C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}
2018-08-22 19:32 - 2018-08-22 19:32 - 000951516 _____ C:\Users\Karel\Downloads\a645fea8-1e36-4ac3-bbbe-9634b31cd685.tmp
2018-08-22 19:32 - 2018-08-22 19:32 - 000003576 _____ C:\WINDOWS\System32\Tasks\WinUrl
2018-08-22 19:31 - 2018-08-22 19:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ztrpsitt
2018-08-22 19:30 - 2018-08-22 19:32 - 001413120 _____ C:\Users\Karel\AppData\Local\sham.db
2018-08-22 19:30 - 2018-08-22 19:30 - 007770624 _____ C:\Users\Karel\AppData\Local\agent.dat
2018-08-22 19:30 - 2018-08-22 19:30 - 002018354 _____ C:\Users\Karel\AppData\Local\Zimhatstock.tst
2018-08-22 19:30 - 2018-08-22 19:30 - 001895384 _____ C:\Users\Karel\AppData\Local\Zonin.bin
2018-08-22 19:30 - 2018-08-22 19:30 - 000278508 _____ C:\Users\Karel\AppData\Local\Zonex.tst
2018-08-22 19:30 - 2018-08-22 19:30 - 000140800 _____ C:\Users\Karel\AppData\Local\installer.dat
2018-08-22 19:30 - 2018-08-22 19:30 - 000126464 _____ C:\Users\Karel\AppData\Local\noah.dat
2018-08-22 19:30 - 2018-08-22 19:30 - 000070896 _____ C:\Users\Karel\AppData\Local\Config.xml
2018-08-22 19:30 - 2018-08-22 19:30 - 000005568 _____ C:\Users\Karel\AppData\Local\md.xml
2018-08-22 19:30 - 2018-08-22 19:30 - 000000000 _____ C:\Users\Karel\AppData\Roaming\46payTJIFsjQPW7.db
2018-08-21 17:40 - 2018-08-21 17:40 - 000001164 _____ C:\Users\Public\Desktop\iBackupBot for iPad iPhone.lnk
2018-08-21 17:26 - 2018-08-21 17:26 - 000000000 ____D C:\Program Files\VOW Software
2018-08-21 15:57 - 2018-08-21 15:57 - 000000000 ____D C:\WINDOWS\Panther
2018-08-21 15:43 - 2018-08-21 15:43 - 000000000 ____D C:\ProgramData\WsAppHelper
2018-08-21 15:41 - 2018-08-21 15:41 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-08-20 23:13 - 2018-08-20 23:13 - 000000000 ____D C:\Users\Karel\dmg2img
2018-08-20 18:16 - 2018-08-20 18:16 - 000000000 ____D C:\Users\Karel\AppData\Local\AdvinstAnalytics
2018-08-20 18:13 - 2018-08-20 18:13 - 000000000 __SHD C:\ProgramData\tebqqdpkmpunfbko
2018-08-20 18:13 - 2018-08-20 18:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
2018-08-20 18:12 - 2018-08-20 21:27 - 000000000 ____D C:\ProgramData\Blogger
2018-08-20 16:46 - 2018-08-22 21:22 - 000000000 ____D C:\Program Files (x86)\4uKey for Android
2018-08-20 15:14 - 2018-08-20 15:14 - 000003132 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-08-20 15:13 - 2018-08-20 15:13 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-08-20 15:03 - 2018-08-20 15:03 - 000000000 ____D C:\Users\Karel\.cache
2018-08-20 15:01 - 2018-08-20 15:01 - 000000000 ____D C:\ProgramData\TransferSupport
2018-08-20 14:58 - 2018-08-20 14:58 - 000000000 ____D C:\ProgramData\ProductFeatures
2018-08-20 14:55 - 2018-08-20 14:55 - 000000000 ____D C:\Program Files (x86)\WondershareUpdate
2018-08-20 14:54 - 2018-08-20 15:10 - 000000000 ____D C:\Users\Karel\Documents\Wondershare MediaServer
2018-08-20 14:54 - 2018-08-20 15:04 - 000000000 ____D C:\Wondershare Video Converter Ultimate
2018-08-20 14:54 - 2018-08-20 14:54 - 000000000 ____D C:\ProgramData\GraphicsType
2018-08-20 14:52 - 2018-08-22 21:25 - 000000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2018-08-20 14:52 - 2018-08-20 14:52 - 000000000 ____D C:\Users\Karel\AppData\Roaming\TransferSupport
2018-08-20 14:37 - 2018-08-20 14:37 - 000000000 ____D C:\ProgramData\PDFelement
2018-08-20 14:37 - 2015-04-14 18:09 - 000089600 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2018-08-20 14:36 - 2018-01-19 16:42 - 000048424 _____ (Wondershare) C:\WINDOWS\system32\Drivers\VirtualAudio.sys
2018-08-20 14:29 - 2018-08-20 14:29 - 000000002 _____ C:\Users\Karel\AppData\Roaming\20180820142925.dat
2018-08-20 14:29 - 2018-08-20 14:29 - 000000000 ____D C:\Users\Karel\AppData\Roaming\SECompress
2018-08-20 14:28 - 2018-08-20 14:29 - 000000000 ____D C:\Users\Karel\AppData\Roaming\se_tmp_win
2018-08-20 14:27 - 2018-08-20 14:27 - 000000000 ____D C:\Wondershare_DrFone_temp
2018-08-20 14:26 - 2018-08-20 14:26 - 000000002 _____ C:\Users\Karel\AppData\Roaming\20180820142614.dat
2018-08-20 13:38 - 2018-08-20 13:38 - 000000000 ____D C:\Users\Karel\AppData\Roaming\se_tmp
2018-08-20 13:38 - 2018-08-20 13:38 - 000000000 ____D C:\Users\Karel\AppData\Roaming\dataHYeraser
2018-08-20 13:29 - 2018-08-20 13:29 - 000000000 ____D C:\Program Files (x86)\iTunes
2018-08-20 13:11 - 2018-09-04 18:30 - 000000000 ____D C:\Program Files\iTunes
2018-08-20 13:09 - 2017-01-12 11:45 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2018-08-20 13:09 - 2017-01-12 11:45 - 000052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\Drivers\libusb0.sys
2018-08-20 08:43 - 2018-08-20 08:43 - 000000000 ____D C:\Users\Karel\AppData\Roaming\HMYGSetting
2018-08-20 08:39 - 2018-08-20 08:39 - 000000000 ____D C:\Users\Karel\AppData\Roaming\MobileBackupForeverIni
2018-08-20 08:33 - 2018-08-20 14:54 - 000000000 ____D C:\Users\Karel\AppData\Local\Wondershare
2018-08-20 00:34 - 2018-08-20 00:34 - 000001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper.lnk
2018-08-20 00:34 - 2018-08-20 00:34 - 000001192 _____ C:\Users\Public\Desktop\vShare Helper.lnk
2018-08-20 00:34 - 2018-08-20 00:34 - 000000000 ____D C:\Users\Karel\Documents\vShareUserData
2018-08-20 00:34 - 2018-08-20 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper
2018-08-19 23:57 - 2018-08-20 00:39 - 000000000 ____D C:\Program Files (x86)\vShare Helper
2018-08-19 23:46 - 2012-01-27 00:26 - 000000189 _____ C:\disabled.fix
2018-08-19 23:03 - 2018-08-19 23:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-08-19 23:00 - 2018-08-19 23:00 - 000001180 _____ C:\Users\Public\Desktop\iTools 4.lnk
2018-08-19 23:00 - 2018-08-19 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 4
2018-08-19 22:03 - 2018-08-22 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThinkSky
2018-08-19 22:03 - 2014-05-16 14:04 - 000254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2018-08-19 21:58 - 2018-08-19 21:58 - 000000000 ____D C:\Users\Karel\Downloads\iOS Apps
2018-08-19 21:58 - 2018-08-19 21:58 - 000000000 ____D C:\Users\Karel\Downloads\Android Apps
2018-08-19 21:05 - 2018-08-19 23:00 - 000000000 ____D C:\ProgramData\ThinkSky
2018-08-19 21:04 - 2018-08-19 22:59 - 000000000 ____D C:\Program Files (x86)\ThinkSky
2018-08-19 20:02 - 2018-08-19 20:02 - 000000000 ____D C:\Users\Karel\AppData\Roaming\redsn0w
2018-08-19 19:18 - 2018-08-22 21:15 - 000000000 ____D C:\Program Files (x86)\Tenorshare ReiBoot
2018-08-19 17:25 - 2018-08-19 21:23 - 000000000 ____D C:\Program Files (x86)\Inpage 2012 Version
2018-08-19 17:14 - 2018-08-19 17:14 - 000000000 ____D C:\Users\Karel\Downloads\Video
2018-08-19 17:14 - 2018-08-19 17:14 - 000000000 ____D C:\Users\Karel\Downloads\Compressed
2018-08-19 17:06 - 2018-08-19 17:06 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Downloaded Installations
2018-08-19 16:25 - 2018-08-22 21:26 - 000000000 ____D C:\Program Files (x86)\Tenorshare 4uKey
2018-08-19 16:25 - 2018-08-19 16:25 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Tenorshare
2018-08-19 15:05 - 2018-08-20 14:56 - 000000000 ____D C:\Users\Karel\Documents\Wondershare
2018-08-19 15:05 - 2018-08-19 15:05 - 000000000 ____D C:\Users\Karel\AppData\Roaming\HYXDevPsnList
2018-08-19 15:05 - 2018-08-19 15:05 - 000000000 ____D C:\Users\Karel\AppData\Roaming\dr.extra.config
2018-08-19 09:09 - 2018-09-04 19:17 - 000000000 ____D C:\Users\Karel\Desktop\nOVE PORNO uLOY TO 8998
2018-08-19 08:56 - 2017-04-27 17:05 - 000000427 _____ C:\WINDOWS\SysWOW64\Microsoft.VC80.CRT.manifest
2018-08-18 22:01 - 2018-08-22 21:19 - 000000000 ____D C:\Program Files (x86)\DC-Unlocker
2018-08-18 20:23 - 2018-08-18 20:23 - 000002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-18 20:23 - 2018-08-18 20:23 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-18 20:23 - 2018-08-18 20:23 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-18 20:23 - 2018-08-18 20:23 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-18 20:23 - 2018-08-18 20:23 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-18 20:23 - 2018-08-18 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-08-18 18:11 - 2018-08-18 18:11 - 000004880 _____ C:\ProgramData\dsxvyzyp.lyj
2018-08-18 18:11 - 2018-08-18 18:11 - 000000000 ____D C:\Users\Karel\AppData\Local\Paraben Corporation
2018-08-18 18:10 - 2018-08-18 18:10 - 000000000 ____D C:\Program Files (x86)\Paraben Corporation
2018-08-18 18:06 - 2018-08-18 18:06 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Dekart
2018-08-18 15:12 - 2018-08-18 15:12 - 000000000 ____D C:\Program Files\SAMSUNG
2018-08-18 15:11 - 2018-08-18 15:11 - 000000000 ____D C:\ProgramData\Samsung
2018-08-18 10:45 - 2018-08-18 10:44 - 000000953 _____ C:\Users\Karel\Desktop\Galaxy A5 (2017).lnk
2018-08-18 10:44 - 2018-08-18 10:44 - 000000953 _____ C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Galaxy A5 (2017).lnk
2018-08-18 01:48 - 2018-08-18 01:48 - 000000024 _____ C:\WINDOWS\GetFLV.ini
2018-08-18 01:47 - 2018-08-22 21:02 - 000000000 ____D C:\Program Files (x86)\GetFLV
2018-08-18 01:15 - 2018-08-24 11:12 - 000000000 ____D C:\Users\Karel\AppData\LocalLow\uTorrent
2018-08-18 01:14 - 2018-08-18 01:14 - 000000946 _____ C:\Users\Karel\Desktop\µTorrent.lnk
2018-08-18 01:14 - 2018-08-18 01:14 - 000000926 _____ C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-08-18 01:12 - 2018-09-04 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-08-18 01:12 - 2018-08-18 01:12 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Lavasoft
2018-08-18 01:12 - 2018-08-18 01:12 - 000000000 ____D C:\Users\Karel\AppData\Local\Lavasoft
2018-08-18 01:12 - 2018-08-18 01:12 - 000000000 ____D C:\ProgramData\Lavasoft
2018-08-18 01:12 - 2018-08-18 01:12 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-08-18 01:11 - 2018-08-18 01:11 - 000001915 _____ C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2018-08-17 20:40 - 2018-08-17 20:40 - 000000000 ____D C:\ProgramData\wsr
2018-08-17 20:33 - 2018-08-22 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-08-17 20:32 - 2018-08-22 21:25 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Wondershare
2018-08-17 20:31 - 2017-09-27 17:29 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2018-08-17 20:29 - 2018-08-22 21:27 - 000000000 ____D C:\ProgramData\Wondershare
2018-08-17 20:29 - 2018-08-22 21:27 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-08-17 20:28 - 2018-08-20 14:43 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-08-17 20:24 - 2018-08-17 20:24 - 000000000 ____D C:\Program Files (x86)\BEL
2018-08-14 22:30 - 2018-08-14 22:30 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-08-14 22:19 - 2018-08-03 10:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-14 22:19 - 2018-08-03 10:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-14 22:19 - 2018-08-03 10:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-14 22:19 - 2018-08-03 10:20 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-14 22:19 - 2018-08-03 09:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-14 22:19 - 2018-08-03 09:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-14 22:19 - 2018-08-03 05:47 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-08-14 22:19 - 2018-08-03 05:40 - 001221048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-14 22:19 - 2018-08-03 05:40 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-14 22:19 - 2018-08-03 05:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-14 22:19 - 2018-08-03 05:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-14 22:19 - 2018-08-03 05:39 - 009091480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-14 22:19 - 2018-08-03 05:39 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-08-14 22:19 - 2018-08-03 05:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-08-14 22:19 - 2018-08-03 05:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-14 22:19 - 2018-08-03 05:39 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-14 22:19 - 2018-08-03 05:39 - 000170936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-14 22:19 - 2018-08-03 05:38 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-14 22:19 - 2018-08-03 05:38 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-08-14 22:19 - 2018-08-03 05:38 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-14 22:19 - 2018-08-03 05:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-08-14 22:19 - 2018-08-03 05:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-08-14 22:19 - 2018-08-03 05:25 - 006568784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-08-14 22:19 - 2018-08-03 05:25 - 002255008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-14 22:19 - 2018-08-03 05:25 - 001131064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-08-14 22:19 - 2018-08-03 05:25 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-14 22:19 - 2018-08-03 05:23 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-14 22:19 - 2018-08-03 05:18 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-14 22:19 - 2018-08-03 05:18 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-14 22:19 - 2018-08-03 05:17 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-14 22:19 - 2018-08-03 05:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-08-14 22:19 - 2018-08-03 05:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-08-14 22:19 - 2018-08-03 05:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-14 22:19 - 2018-08-03 05:13 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-14 22:19 - 2018-08-03 05:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-08-14 22:19 - 2018-08-03 05:13 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-08-14 22:19 - 2018-08-03 05:13 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-14 22:19 - 2018-08-03 05:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-14 22:19 - 2018-08-03 05:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-14 22:19 - 2018-08-03 05:11 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-14 22:19 - 2018-08-03 05:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-14 22:19 - 2018-08-03 05:11 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-08-14 22:19 - 2018-08-03 05:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-14 22:19 - 2018-08-03 05:11 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-14 22:19 - 2018-08-03 05:10 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-14 22:19 - 2018-08-03 05:09 - 005776896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-14 22:19 - 2018-08-03 05:09 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-14 22:19 - 2018-08-03 05:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-14 22:19 - 2018-08-03 05:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-08-14 22:19 - 2018-08-03 05:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-14 22:19 - 2018-08-03 05:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-14 22:19 - 2018-08-03 05:08 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-14 22:19 - 2018-08-03 05:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-14 22:19 - 2018-08-03 05:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-14 22:19 - 2018-08-03 05:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-14 22:19 - 2018-08-03 05:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-14 22:19 - 2018-08-03 05:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-14 22:19 - 2018-08-03 05:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-14 22:19 - 2018-08-03 05:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-14 22:19 - 2018-08-03 05:06 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-14 22:19 - 2018-08-03 05:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-14 22:19 - 2018-08-03 05:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-14 22:19 - 2018-08-03 05:06 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-14 22:19 - 2018-08-03 05:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-14 22:19 - 2018-08-03 05:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-14 22:18 - 2018-08-03 10:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-14 22:18 - 2018-08-03 10:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-14 22:18 - 2018-08-03 10:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-14 22:18 - 2018-08-03 10:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-14 22:18 - 2018-08-03 10:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-14 22:18 - 2018-08-03 10:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-14 22:18 - 2018-08-03 10:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-08-14 22:18 - 2018-08-03 10:21 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-14 22:18 - 2018-08-03 10:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-08-14 22:18 - 2018-08-03 10:21 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2018-08-14 22:18 - 2018-08-03 10:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-14 22:18 - 2018-08-03 10:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2018-08-14 22:18 - 2018-08-03 10:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-14 22:18 - 2018-08-03 09:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-14 22:18 - 2018-08-03 09:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-14 22:18 - 2018-08-03 09:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-14 22:18 - 2018-08-03 09:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-14 22:18 - 2018-08-03 09:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-14 22:18 - 2018-08-03 09:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-08-14 22:18 - 2018-08-03 09:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-14 22:18 - 2018-08-03 09:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-14 22:18 - 2018-08-03 09:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-14 22:18 - 2018-08-03 07:41 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-14 22:18 - 2018-08-03 06:49 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-14 22:18 - 2018-08-03 05:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-14 22:18 - 2018-08-03 05:46 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-14 22:18 - 2018-08-03 05:46 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-14 22:18 - 2018-08-03 05:41 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-14 22:18 - 2018-08-03 05:41 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-08-14 22:18 - 2018-08-03 05:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-14 22:18 - 2018-08-03 05:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-14 22:18 - 2018-08-03 05:40 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-14 22:18 - 2018-08-03 05:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-14 22:18 - 2018-08-03 05:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-14 22:18 - 2018-08-03 05:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-14 22:18 - 2018-08-03 05:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-14 22:18 - 2018-08-03 05:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-14 22:18 - 2018-08-03 05:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-14 22:18 - 2018-08-03 05:38 - 001945792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-14 22:18 - 2018-08-03 05:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-14 22:18 - 2018-08-03 05:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-14 22:18 - 2018-08-03 05:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-08-14 22:18 - 2018-08-03 05:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-08-14 22:18 - 2018-08-03 05:38 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-08-14 22:18 - 2018-08-03 05:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-08-14 22:18 - 2018-08-03 05:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-14 22:18 - 2018-08-03 05:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-14 22:18 - 2018-08-03 05:25 - 001622296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-14 22:18 - 2018-08-03 05:25 - 000583120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-08-14 22:18 - 2018-08-03 05:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-14 22:18 - 2018-08-03 05:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-14 22:18 - 2018-08-03 05:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-14 22:18 - 2018-08-03 05:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-14 22:18 - 2018-08-03 05:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-14 22:18 - 2018-08-03 05:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-08-14 22:18 - 2018-08-03 05:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-14 22:18 - 2018-08-03 05:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-08-14 22:18 - 2018-08-03 05:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-08-14 22:18 - 2018-08-03 05:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-08-14 22:18 - 2018-08-03 05:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-14 22:18 - 2018-08-03 05:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-14 22:18 - 2018-08-03 05:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-08-14 22:18 - 2018-08-03 05:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-14 22:18 - 2018-08-03 05:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-14 22:18 - 2018-08-03 05:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-14 22:18 - 2018-08-03 05:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-08-14 22:18 - 2018-08-03 05:09 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-14 22:18 - 2018-08-03 05:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-08-14 22:18 - 2018-08-03 05:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-08-14 22:18 - 2018-08-03 05:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-08-14 22:18 - 2018-08-03 05:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-14 22:18 - 2018-08-03 05:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-08-14 22:18 - 2018-08-03 05:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-08-14 22:18 - 2018-08-03 05:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-08-14 22:18 - 2018-08-03 05:07 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-14 22:18 - 2018-08-03 05:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-08-14 22:18 - 2018-08-03 05:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-14 22:18 - 2018-08-03 05:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-08-14 22:18 - 2018-08-03 05:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-08-14 22:18 - 2018-08-03 03:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-14 01:33 - 2018-08-14 01:41 - 000000000 ____D C:\Users\Karel\Cisco Active Advisor Scanner
2018-08-14 00:08 - 2018-08-14 00:08 - 000000400 _____ C:\Users\Karel\user_data.txt
2018-08-14 00:07 - 2018-08-14 00:18 - 000000000 ____D C:\Users\Karel\Cisco Active Advisor Desktop Scanner
2018-08-14 00:07 - 2018-08-14 00:07 - 000000000 ____D C:\Users\Karel\AppData\Local\Downloaded Installations
2018-08-13 23:40 - 2018-08-22 21:11 - 000000000 ____D C:\Users\Karel\.networkassistant
2018-08-13 23:38 - 2018-08-22 21:00 - 000000000 ____D C:\Program Files (x86)\Cisco Systems
2018-08-13 23:38 - 2018-08-13 23:38 - 000002588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Cisco Network Assistant.lnk
2018-08-13 23:38 - 2018-08-13 23:38 - 000002582 _____ C:\Users\Public\Desktop\Cisco Network Assistant.lnk
2018-08-13 23:38 - 2018-08-13 23:38 - 000001958 _____ C:\WINDOWS\vpd.properties
2018-08-13 23:38 - 2018-08-13 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Network Assistant
2018-08-13 23:38 - 2018-03-28 07:05 - 000182272 ____N (Sun Microsystems©) C:\WINDOWS\SysWOW64\JavaAccessBridge.DLL
2018-08-13 23:38 - 2018-03-28 07:05 - 000100864 ____N (Sun Microsystems©) C:\WINDOWS\SysWOW64\WindowsAccessBridge.DLL
2018-08-13 23:38 - 2018-03-28 07:05 - 000034816 ____N (Sun Microsystems©) C:\WINDOWS\SysWOW64\JAWTAccessBridge.DLL
2018-08-13 17:51 - 2018-08-13 17:58 - 000000000 ____D C:\Users\Karel\Desktop\porno telefon
2018-08-13 02:36 - 2018-08-13 02:41 - 000000000 ____D C:\Users\Karel\Desktop\foto iphone 4 cernz
2018-08-07 03:11 - 2018-08-24 23:28 - 000000000 ____D C:\Users\Karel\.audiobox.fm desktop
2018-08-07 03:11 - 2018-08-24 23:27 - 000001267 _____ C:\Users\Public\Desktop\AudioBox.fm Desktop.lnk
2018-08-07 03:11 - 2018-08-24 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioBox.fm Desktop
2018-08-07 03:11 - 2018-08-24 23:27 - 000000000 ____D C:\Program Files (x86)\AudioBox.fm Desktop
2018-08-07 03:11 - 2018-08-07 03:11 - 000000000 ____D C:\Users\Karel\.swt
2018-08-07 00:25 - 2018-08-07 00:31 - 000000000 ____D C:\Users\Karel\AppData\Roaming\ScreenCloud Player
2018-08-06 15:44 - 2018-08-06 15:44 - 000001178 _____ C:\Users\Public\Desktop\5KPlayer.lnk
2018-08-06 15:44 - 2018-08-06 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5KPlayer
2018-08-06 15:43 - 2018-09-04 18:54 - 000000000 ____D C:\Users\Karel\AppData\Roaming\5KPlayer
2018-08-06 15:43 - 2018-08-06 15:43 - 000000000 ____D C:\Program Files (x86)\DearMob
2018-08-06 15:28 - 2018-08-06 15:28 - 000000000 ____D C:\Users\Karel\Documents\AirPlayer
2018-08-05 00:44 - 2018-08-05 00:44 - 000000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2018-08-05 00:44 - 2018-08-05 00:44 - 000000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2018-08-05 00:44 - 2018-08-05 00:44 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2018-08-05 00:44 - 2018-08-05 00:44 - 000000000 ____D C:\Users\Default User\AppData\Local\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-04 21:01 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-04 19:58 - 2012-09-23 01:55 - 000000000 ____D C:\Users\Karel\AppData\Local\CrashDumps
2018-09-04 19:02 - 2018-05-29 18:39 - 000003656 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2018-09-04 18:57 - 2016-07-28 23:00 - 000000000 ___RD C:\Users\Karel\OneDrive
2018-09-04 18:56 - 2018-05-20 18:47 - 000000000 ___RD C:\Users\Karel\iCloudDrive
2018-09-04 18:48 - 2016-07-29 08:24 - 000000000 __SHD C:\Users\Karel\IntelGraphicsProfiles
2018-09-04 18:48 - 2016-01-06 20:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-09-04 18:47 - 2012-09-21 19:36 - 000000000 ____D C:\Users\Karel\AppData\LocalLow\AuthenTec
2018-09-04 18:46 - 2018-05-22 01:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-04 18:46 - 2016-08-06 09:53 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-04 18:45 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-09-04 18:44 - 2012-08-29 21:45 - 000002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-04 17:50 - 2018-05-22 00:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-04 09:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-04 09:30 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-04 09:26 - 2018-08-04 14:48 - 000000000 ____D C:\ProgramData\Unified Remote
2018-09-04 07:20 - 2018-04-05 03:20 - 000000000 ____D C:\Users\Karel\AppData\Roaming\iMazing
2018-09-04 06:32 - 2012-11-24 22:49 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-09-04 06:19 - 2018-05-20 18:40 - 000000000 ____D C:\Users\Karel\AppData\Local\F062B853-E865-47A0-923E-3A857808CE97.aplzod
2018-09-04 06:19 - 2012-11-24 22:52 - 000000000 ____D C:\Users\Karel\AppData\Local\Apple Computer
2018-09-04 06:04 - 2018-04-05 03:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2018-09-04 05:58 - 2012-09-22 22:40 - 000000000 ____D C:\Users\Karel\AppData\Roaming\vlc
2018-09-04 02:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-09-04 00:59 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-03 22:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-02 22:29 - 2014-07-17 23:17 - 000000000 ____D C:\Users\Karel\AppData\Local\ElevatedDiagnostics
2018-09-02 22:14 - 2018-05-20 18:12 - 000001115 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-09-02 21:30 - 2018-05-13 21:49 - 000000000 ___HD C:\OneDriveTemp
2018-08-29 21:13 - 2018-05-27 15:29 - 000000000 ____D C:\Users\Karel\Desktop\Nová složka
2018-08-29 21:12 - 2018-06-29 23:59 - 000000000 ____D C:\Users\Karel\Desktop\STAHOVALA JSEM JA SAMA DNESKA DOPOLEDNE BYLA JSEM SAMA A PAK HODNE UKLIZELA NO TO JSEM CELA JA dANIELA hARABALOVA
2018-08-29 21:11 - 2018-06-08 02:20 - 000000000 ____D C:\Users\Karel\Desktop\Nová složka (2)
2018-08-28 21:50 - 2013-09-26 20:32 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Dropbox
2018-08-28 09:41 - 2018-05-25 19:18 - 000000000 ____D C:\Users\Karel\AppData\Local\D3DSCache
2018-08-27 02:59 - 2012-10-01 00:28 - 000007615 _____ C:\Users\Karel\AppData\Local\Resmon.ResmonCfg
2018-08-25 16:44 - 2012-11-24 22:52 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Apple Computer
2018-08-25 06:24 - 2018-06-13 02:17 - 000000000 ____D C:\ProgramData\Packages
2018-08-25 06:24 - 2016-07-28 22:47 - 000000000 ____D C:\Users\Karel\AppData\Local\Publishers
2018-08-25 04:10 - 2018-02-17 10:13 - 000000000 ____D C:\Users\Karel\AppData\Local\PlaceholderTileLogoFolder
2018-08-25 04:10 - 2017-12-28 23:08 - 000000000 ____D C:\Users\Karel\AppData\Local\Packages
2018-08-24 21:22 - 2015-12-04 22:40 - 000000000 ____D C:\Users\Karel\AppData\Local\SquirrelTemp
2018-08-24 20:58 - 2018-05-22 00:38 - 000000000 ____D C:\Users\Karel
2018-08-24 20:51 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-24 11:12 - 2014-03-01 01:30 - 000000000 ____D C:\Users\Karel\AppData\Roaming\uTorrent
2018-08-22 21:22 - 2014-12-06 23:54 - 000000000 ____D C:\Users\Karel\.android
2018-08-22 20:39 - 2018-05-22 00:22 - 000459112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-22 20:25 - 2018-05-22 00:38 - 000000000 ____D C:\Users\winpostgr
2018-08-22 20:25 - 2018-05-22 00:38 - 000000000 ____D C:\Users\DefaultAppPool
2018-08-22 20:23 - 2016-11-04 21:39 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2185844643-1941637182-3919478290-1001UA1d236d3389fb72d.job
2018-08-22 20:23 - 2016-11-04 21:39 - 000000884 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2185844643-1941637182-3919478290-1001Core1d236d3385fe7e5.job
2018-08-22 19:36 - 2012-09-23 03:02 - 006246328 _____ (Absolute Software Corp.) C:\Users\Karel\AppData\Roaming\LoJackSetup.exe
2018-08-22 19:32 - 2016-07-25 02:51 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Mozilla
2018-08-22 18:06 - 2018-05-22 01:32 - 000004086 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2185844643-1941637182-3919478290-1001UA1d236d3389fb72d
2018-08-22 18:06 - 2018-05-22 01:32 - 000003710 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2185844643-1941637182-3919478290-1001Core1d236d3385fe7e5
2018-08-21 17:26 - 2014-11-03 03:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOWSoft iPod Software
2018-08-20 19:19 - 2016-07-29 01:23 - 000000000 ____D C:\Users\Karel\AppData\Local\Comms
2018-08-20 18:34 - 2018-05-22 00:38 - 000000000 ____D C:\Users\Karel\AppData\Local\Microsoft Help
2018-08-20 18:13 - 2018-04-12 01:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-08-20 17:04 - 2014-12-07 02:17 - 000000000 ____D C:\Users\Karel\.VirtualBox
2018-08-20 16:51 - 2012-08-29 21:29 - 000000000 ____D C:\Program Files\DIFX
2018-08-20 08:01 - 2018-06-01 15:58 - 000000000 ____D C:\Users\Karel\AppData\Local\Deployment
2018-08-19 14:48 - 2018-05-22 00:33 - 001960186 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-19 14:48 - 2018-04-12 17:51 - 000810654 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-19 14:48 - 2018-04-12 17:51 - 000187360 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-18 20:25 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-08-18 20:25 - 2014-05-15 03:13 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-08-18 20:22 - 2012-09-23 02:18 - 000000000 ____D C:\Program Files\Microsoft Office
2018-08-17 23:09 - 2015-12-02 02:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-17 19:46 - 2016-05-12 15:07 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2018-08-17 19:04 - 2017-12-28 23:50 - 000000000 ___RD C:\Users\Karel\3D Objects
2018-08-17 19:04 - 2016-04-27 09:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-17 18:58 - 2018-04-12 17:52 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-17 18:58 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-08-17 18:51 - 2012-11-10 00:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-08-14 22:38 - 2013-08-03 03:03 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-14 22:30 - 2012-09-22 01:02 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-14 22:27 - 2009-07-14 04:34 - 000000478 _____ C:\WINDOWS\win.ini
2018-08-14 00:39 - 2014-12-07 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-14 00:27 - 2018-05-20 23:50 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-08-13 20:29 - 2012-09-21 19:37 - 000000000 ____D C:\Users\Karel\AppData\Local\AuthenTec
2018-08-13 17:58 - 2018-06-22 13:36 - 000000000 ____D C:\Users\Karel\Desktop\neco malo pro me a hlavne inspirace na vecer
2018-08-12 00:17 - 2012-09-21 19:47 - 000000000 ____D C:\Users\Karel\AppData\Local\Adobe
2018-08-11 13:15 - 2018-04-12 01:38 - 000000000 __RSD C:\WINDOWS\media
2018-08-11 13:14 - 2012-08-29 21:42 - 000000000 ____D C:\Program Files (x86)\ThinkPad
2018-08-11 13:12 - 2015-06-22 23:14 - 000000000 ____D C:\Users\Karel\AppData\Local\Dropbox
2018-08-11 11:15 - 2013-09-26 20:37 - 000000000 ___RD C:\Users\Karel\Documents\Dropbox
2018-08-10 02:12 - 2018-05-22 01:32 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2185844643-1941637182-3919478290-1001
2018-08-10 02:12 - 2018-05-22 00:38 - 000002441 _____ C:\Users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-07 03:10 - 2012-10-11 20:20 - 000000000 ____D C:\Users\Karel\Downloads\Install
2018-08-06 20:29 - 2018-08-03 13:03 - 000000000 ____D C:\Program Files (x86)\mbpowertools
2018-08-06 17:19 - 2018-07-20 06:24 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-06 17:19 - 2018-07-20 06:24 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-06 13:08 - 2013-09-13 11:54 - 000000000 ____D C:\Users\Karel\Documents\Soubory aplikace Outlook
2018-08-05 15:47 - 2015-12-04 22:33 - 000000000 ____D C:\Users\Karel\AppData\Roaming\Telegram Desktop
2018-08-05 00:49 - 2018-04-12 17:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-08-05 00:49 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-08-05 00:49 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-08-05 00:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

==================== Files in the root of some directories =======

2012-09-21 19:37 - 2012-09-21 19:37 - 000090624 _____ () C:\Users\Public\AlexaNSISPlugin.4764.dll
2012-09-21 19:34 - 2012-09-21 19:34 - 004096000 _____ () C:\Program Files (x86)\GUT3562.tmp
2015-12-04 20:30 - 2015-12-04 20:30 - 006420480 _____ () C:\Program Files (x86)\GUT4AA7.tmp
2018-08-20 14:26 - 2018-08-20 14:26 - 000000002 _____ () C:\Users\Karel\AppData\Roaming\20180820142614.dat
2018-08-20 14:29 - 2018-08-20 14:29 - 000000002 _____ () C:\Users\Karel\AppData\Roaming\20180820142925.dat
2018-08-22 19:30 - 2018-08-22 19:30 - 000000000 _____ () C:\Users\Karel\AppData\Roaming\46payTJIFsjQPW7.db
2012-09-21 19:37 - 2012-09-23 03:24 - 000007689 _____ () C:\Users\Karel\AppData\Roaming\AbsoluteReminder.xml
2012-09-23 03:02 - 2018-08-22 19:36 - 006246328 _____ (Absolute Software Corp.) C:\Users\Karel\AppData\Roaming\LoJackSetup.exe
2012-10-08 18:36 - 2012-10-08 18:37 - 000033280 ___SH () C:\Users\Karel\AppData\Roaming\Thumbs.db
2012-09-23 14:08 - 2012-09-23 14:08 - 000024297 _____ () C:\Users\Karel\AppData\Roaming\UserTile.png
2012-09-22 15:30 - 2014-03-01 03:12 - 000000600 _____ () C:\Users\Karel\AppData\Roaming\winscp.rnd
2014-05-07 19:43 - 2014-05-29 20:40 - 000000346 ___SH () C:\Users\Karel\AppData\Local\70149b02515b3bb20dd492.47983420
2018-08-22 19:30 - 2018-08-22 19:30 - 007770624 _____ () C:\Users\Karel\AppData\Local\agent.dat
2018-08-22 19:30 - 2018-08-22 19:30 - 000070896 _____ () C:\Users\Karel\AppData\Local\Config.xml
2018-08-22 19:30 - 2018-08-22 19:30 - 000140800 _____ () C:\Users\Karel\AppData\Local\installer.dat
2018-08-22 19:30 - 2018-08-22 19:30 - 000005568 _____ () C:\Users\Karel\AppData\Local\md.xml
2018-08-22 19:30 - 2018-08-22 19:30 - 000126464 _____ () C:\Users\Karel\AppData\Local\noah.dat
2012-10-01 00:28 - 2018-08-27 02:59 - 000007615 _____ () C:\Users\Karel\AppData\Local\Resmon.ResmonCfg
2018-08-22 19:30 - 2018-08-22 19:32 - 001413120 _____ () C:\Users\Karel\AppData\Local\sham.db
2018-08-22 19:31 - 2018-08-22 19:31 - 000032038 _____ () C:\Users\Karel\AppData\Local\uninstall_temp.ico
2018-08-22 19:30 - 2018-08-22 19:30 - 002018354 _____ () C:\Users\Karel\AppData\Local\Zimhatstock.tst
2018-08-22 19:30 - 2018-08-22 19:30 - 000278508 _____ () C:\Users\Karel\AppData\Local\Zonex.tst
2018-08-22 19:30 - 2018-08-22 19:30 - 001895384 _____ () C:\Users\Karel\AppData\Local\Zonin.bin

Some files in TEMP:
====================
2018-09-02 22:13 - 2018-09-02 22:14 - 040210008 _____ () C:\Users\Karel\AppData\Local\Temp\vlc-3.0.4-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 00:21

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url -> URL: file:///C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}\hostdl.exe
ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAppHelper.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... ABNLjmz&q={searchTerms}
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... gdkthCqmdY
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-2185844643-1941637182-3919478290-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [not found]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF Plugin HKU\S-1-5-21-2185844643-1941637182-3919478290-1001: http://www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]
U3 idsvc; no ImagePath
C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}
C:\Users\Karel\Downloads\a645fea8-1e36-4ac3-bbbe-9634b31cd685.tmp
C:\Users\Karel\AppData\Roaming\46payTJIFsjQPW7.db
C:\ProgramData\tebqqdpkmpunfbko
C:\Users\Karel\AppData\Roaming\20180820142925.dat
C:\Users\Karel\AppData\Roaming\dataHYeraser
C:\ProgramData\dsxvyzyp.lyj
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Karel\AppData\Local\F062B853-E865-47A0-923E-3A857808CE97.aplzod
C:\Program Files (x86)\GUT3562.tmp
C:\Program Files (x86)\GUT4AA7.tmp
C:\Users\Karel\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\Karel\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
Task: {0A6BBE0E-BE8A-4A70-BD95-7444B2A0E41C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0D647976-8F72-4785-9A3B-DEF3DCE9AEA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0EFABF9B-F836-44AC-86A8-80A4F397A4A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {13280129-65A6-499A-8DA5-273351560F49} - System32\Tasks\{71B16D64-FAA8-4A92-B0C9-55196ACF13F2} => C:\Windows\system32\pcalua.exe -a E:\setup\rsrc\Autorun.exe -d E:\
Task: {1345C819-0C27-40C9-B6ED-49804BAAF157} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1827C4A4-EEAE-4BA6-A3BA-2072F3E9F79E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {42B3E928-9C5C-40A3-9171-55D092C28DC9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {643192C5-9A5A-4FFD-BD0F-80A23F31AF3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {649CD9D6-E0E6-4DB0-BF63-BEDE6AF09338} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {64F9F5C2-9FC9-47CB-913E-0E0FD54320CF} - System32\Tasks\WinUrl => C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}\hostdl.exe <==== ATTENTION
Task: {66B7D393-7FF2-46FD-A2E0-98F4FE800886} - \Lenovo\SimpleTap\Start SimpleTap for THINKPAD.Karel -> No File <==== ATTENTION
Task: {6FEF6F30-B172-482F-A5E9-B4870A1C0903} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7AA0D34C-13E6-4CF6-97D1-15FE45896D09} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {989E8979-C98C-45A4-969D-F206F977418B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A4945886-CB31-4D79-97BC-18D94509FAB8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {A8AE7967-CD6A-4219-9556-2B6FA00EC0C9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AC39C5C1-78E4-4FF2-9791-7E8138C93492} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D2EEEE3E-AFB7-44B6-8ACA-FF941E6739A1} - System32\Tasks\{AF7B85A1-5228-4B1F-A4B9-30D484731607} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\iMobie\PhoneClean\PhoneClean.exe" -d "C:\Program Files (x86)\iMobie\PhoneClean"
Task: {D307D7F1-5EE3-460C-8FFE-1ADA722728EB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D470F914-6C39-46C8-9E3A-129FC42A57D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D9958A88-B085-4593-8787-3960CCC4A24A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F6D072E0-3EEB-4D69-BB42-F3325B7E5E57} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FDDC6688-0B17-4944-BDC2-C12B9B3C158F} - \PMTask -> No File <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Longfinger82]

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by Karel (04-09-2018 22:32:33) Run:1
Running from C:\Users\Karel\Desktop
Loaded Profiles: Karel (Available Profiles: Karel & winpostgr & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url -> URL: file:///C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}\hostdl.exe
ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAppHelper.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... ABNLjmz&q={searchTerms}
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... gdkthCqmdY
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-2185844643-1941637182-3919478290-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [not found]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF Plugin HKU\S-1-5-21-2185844643-1941637182-3919478290-1001: http://www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]
U3 idsvc; no ImagePath
C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}
C:\Users\Karel\Downloads\a645fea8-1e36-4ac3-bbbe-9634b31cd685.tmp
C:\Users\Karel\AppData\Roaming\46payTJIFsjQPW7.db
C:\ProgramData\tebqqdpkmpunfbko
C:\Users\Karel\AppData\Roaming\20180820142925.dat
C:\Users\Karel\AppData\Roaming\dataHYeraser
C:\ProgramData\dsxvyzyp.lyj
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Karel\AppData\Local\F062B853-E865-47A0-923E-3A857808CE97.aplzod
C:\Program Files (x86)\GUT3562.tmp
C:\Program Files (x86)\GUT4AA7.tmp
C:\Users\Karel\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\Karel\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
Task: {0A6BBE0E-BE8A-4A70-BD95-7444B2A0E41C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0D647976-8F72-4785-9A3B-DEF3DCE9AEA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0EFABF9B-F836-44AC-86A8-80A4F397A4A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {13280129-65A6-499A-8DA5-273351560F49} - System32\Tasks\{71B16D64-FAA8-4A92-B0C9-55196ACF13F2} => C:\Windows\system32\pcalua.exe -a E:\setup\rsrc\Autorun.exe -d E:\
Task: {1345C819-0C27-40C9-B6ED-49804BAAF157} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1827C4A4-EEAE-4BA6-A3BA-2072F3E9F79E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {42B3E928-9C5C-40A3-9171-55D092C28DC9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {643192C5-9A5A-4FFD-BD0F-80A23F31AF3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {649CD9D6-E0E6-4DB0-BF63-BEDE6AF09338} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {64F9F5C2-9FC9-47CB-913E-0E0FD54320CF} - System32\Tasks\WinUrl => C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6}\hostdl.exe <==== ATTENTION
Task: {66B7D393-7FF2-46FD-A2E0-98F4FE800886} - \Lenovo\SimpleTap\Start SimpleTap for THINKPAD.Karel -> No File <==== ATTENTION
Task: {6FEF6F30-B172-482F-A5E9-B4870A1C0903} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7AA0D34C-13E6-4CF6-97D1-15FE45896D09} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {989E8979-C98C-45A4-969D-F206F977418B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A4945886-CB31-4D79-97BC-18D94509FAB8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {A8AE7967-CD6A-4219-9556-2B6FA00EC0C9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AC39C5C1-78E4-4FF2-9791-7E8138C93492} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D2EEEE3E-AFB7-44B6-8ACA-FF941E6739A1} - System32\Tasks\{AF7B85A1-5228-4B1F-A4B9-30D484731607} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\iMobie\PhoneClean\PhoneClean.exe" -d "C:\Program Files (x86)\iMobie\PhoneClean"
Task: {D307D7F1-5EE3-460C-8FFE-1ADA722728EB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D470F914-6C39-46C8-9E3A-129FC42A57D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D9958A88-B085-4593-8787-3960CCC4A24A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F6D072E0-3EEB-4D69-BB42-F3325B7E5E57} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FDDC6688-0B17-4944-BDC2-C12B9B3C158F} - \PMTask -> No File <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url => moved successfully
"C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAppHelper.exe" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => invalid subkey removed.
"HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\VIP5X@verisign.com" => removed successfully
HKU\S-1-5-21-2185844643-1941637182-3919478290-1001\Software\MozillaPlugins\http://www.exent.com/GameTreatWidget => not found
"C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll" => not found
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully
idsvc => service removed successfully
C:\ProgramData\{c66b8cb9-2944-5837-f0b2-1b9ecbf309d6} => moved successfully
C:\Users\Karel\Downloads\a645fea8-1e36-4ac3-bbbe-9634b31cd685.tmp => moved successfully
C:\Users\Karel\AppData\Roaming\46payTJIFsjQPW7.db => moved successfully
C:\ProgramData\tebqqdpkmpunfbko => moved successfully
C:\Users\Karel\AppData\Roaming\20180820142925.dat => moved successfully
C:\Users\Karel\AppData\Roaming\dataHYeraser => moved successfully
C:\ProgramData\dsxvyzyp.lyj => moved successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
C:\Users\Karel\AppData\Local\F062B853-E865-47A0-923E-3A857808CE97.aplzod => moved successfully
C:\Program Files (x86)\GUT3562.tmp => moved successfully
C:\Program Files (x86)\GUT4AA7.tmp => moved successfully
C:\Users\Karel\AppData\Local\70149b02515b3bb20dd492.47983420 => moved successfully
C:\Users\Karel\AppData\Local\Temp => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => removed successfully
"HKLM\Software\Classes\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => removed successfully
"HKLM\Software\Classes\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => removed successfully
"HKLM\Software\Classes\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => removed successfully
"HKLM\Software\Classes\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SugarSync" => removed successfully
"HKLM\Software\Classes\CLSID\{305BC11B-5175-492B-B569-866547FCDA40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A6BBE0E-BE8A-4A70-BD95-7444B2A0E41C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A6BBE0E-BE8A-4A70-BD95-7444B2A0E41C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D647976-8F72-4785-9A3B-DEF3DCE9AEA0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D647976-8F72-4785-9A3B-DEF3DCE9AEA0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EFABF9B-F836-44AC-86A8-80A4F397A4A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EFABF9B-F836-44AC-86A8-80A4F397A4A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13280129-65A6-499A-8DA5-273351560F49}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13280129-65A6-499A-8DA5-273351560F49}" => removed successfully
C:\WINDOWS\System32\Tasks\{71B16D64-FAA8-4A92-B0C9-55196ACF13F2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{71B16D64-FAA8-4A92-B0C9-55196ACF13F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1345C819-0C27-40C9-B6ED-49804BAAF157}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1345C819-0C27-40C9-B6ED-49804BAAF157}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1827C4A4-EEAE-4BA6-A3BA-2072F3E9F79E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1827C4A4-EEAE-4BA6-A3BA-2072F3E9F79E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B3E928-9C5C-40A3-9171-55D092C28DC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B3E928-9C5C-40A3-9171-55D092C28DC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{643192C5-9A5A-4FFD-BD0F-80A23F31AF3E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{643192C5-9A5A-4FFD-BD0F-80A23F31AF3E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{649CD9D6-E0E6-4DB0-BF63-BEDE6AF09338}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{649CD9D6-E0E6-4DB0-BF63-BEDE6AF09338}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64F9F5C2-9FC9-47CB-913E-0E0FD54320CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64F9F5C2-9FC9-47CB-913E-0E0FD54320CF}" => removed successfully
C:\WINDOWS\System32\Tasks\WinUrl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinUrl" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66B7D393-7FF2-46FD-A2E0-98F4FE800886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66B7D393-7FF2-46FD-A2E0-98F4FE800886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\SimpleTap\Start SimpleTap for THINKPAD.Karel" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FEF6F30-B172-482F-A5E9-B4870A1C0903}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FEF6F30-B172-482F-A5E9-B4870A1C0903}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AA0D34C-13E6-4CF6-97D1-15FE45896D09}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AA0D34C-13E6-4CF6-97D1-15FE45896D09}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{989E8979-C98C-45A4-969D-F206F977418B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{989E8979-C98C-45A4-969D-F206F977418B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4945886-CB31-4D79-97BC-18D94509FAB8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4945886-CB31-4D79-97BC-18D94509FAB8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8AE7967-CD6A-4219-9556-2B6FA00EC0C9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8AE7967-CD6A-4219-9556-2B6FA00EC0C9}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC39C5C1-78E4-4FF2-9791-7E8138C93492}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC39C5C1-78E4-4FF2-9791-7E8138C93492}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2EEEE3E-AFB7-44B6-8ACA-FF941E6739A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2EEEE3E-AFB7-44B6-8ACA-FF941E6739A1}" => removed successfully
C:\WINDOWS\System32\Tasks\{AF7B85A1-5228-4B1F-A4B9-30D484731607} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF7B85A1-5228-4B1F-A4B9-30D484731607}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D307D7F1-5EE3-460C-8FFE-1ADA722728EB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D307D7F1-5EE3-460C-8FFE-1ADA722728EB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D470F914-6C39-46C8-9E3A-129FC42A57D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D470F914-6C39-46C8-9E3A-129FC42A57D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9958A88-B085-4593-8787-3960CCC4A24A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9958A88-B085-4593-8787-3960CCC4A24A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D072E0-3EEB-4D69-BB42-F3325B7E5E57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D072E0-3EEB-4D69-BB42-F3325B7E5E57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDDC6688-0B17-4944-BDC2-C12B9B3C158F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDC6688-0B17-4944-BDC2-C12B9B3C158F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PMTask => not found

=========== EmptyTemp: ==========

BITS transfer queue => 11296768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 146364181 B
Java, Flash, Steam htmlcache => 8870646 B
Windows/system/drivers => 1531087 B
Edge => 32553168 B
Chrome => 655848310 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 3144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 916 B
LocalService => 59022 B
LocalService => 0 B
NetworkService => 31722 B
NetworkService => 0 B
Karel => 15794362 B
winpostgr => 3144 B
DefaultAppPool => 1152 B

RecycleBin => 15768508405 B
EmptyTemp: => 15.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:37:50 ====

[Rudy]

Smazáno. Nastala nějaká změna?